chore(deps): update dependency django to v4.2.11 [security] #239

Merged

renovate[bot] merged 1 commit from renovate/pypi-django-vulnerability into main

2024-03-22 00:40:35 +00:00

renovate[bot] commented

2024-03-18 22:42:52 +00:00

(Migrated from github.com)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
django (source, changelog)	`==4.2.10` -> `==4.2.11`

GitHub Vulnerability Alerts

CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

Release Notes

django/django (django)

`v4.2.11`

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [django](https://www.djangoproject.com/) ([source](https://togithub.com/django/django), [changelog](https://togithub.com/django/django/tree/master/docs/releases)) | `==4.2.10` -> `==4.2.11` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/django/4.2.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/django/4.2.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/django/4.2.10/4.2.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/django/4.2.10/4.2.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-27351](https://nvd.nist.gov/vuln/detail/CVE-2024-27351) In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. --- ### Release Notes <details> <summary>django/django (django)</summary> ### [`v4.2.11`](https://togithub.com/django/django/compare/4.2.10...4.2.11) [Compare Source](https://togithub.com/django/django/compare/4.2.10...4.2.11) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/mcataford/rotini).

mcataford (Migrated from github.com) reviewed 2024-03-18 22:42:52 +00:00

This repo is archived. You cannot comment on pull requests.

No reviewers

mcataford