Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency django to v4.0.4 [security] #7824

Merged
merged 2 commits into from
Apr 26, 2022
Merged

chore(deps): update dependency django to v4.0.4 [security] #7824

merged 2 commits into from
Apr 26, 2022

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Apr 22, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Django (source, changelog) ==4.0.3 -> ==4.0.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

Release Notes

django/django

v4.0.4

Compare Source

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate-bot renovate-bot requested review from a team as code owners April 22, 2022 22:11
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 22, 2022
@product-auto-label product-auto-label bot added the samples Issues that are directly related to samples. label Apr 22, 2022
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 22, 2022
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 25, 2022
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 25, 2022
@leahecole leahecole merged commit 4059716 into GoogleCloudPlatform:main Apr 26, 2022
@renovate-bot renovate-bot deleted the renovate/pypi-Django-vulnerability branch April 26, 2022 20:43
@quteharry19 quteharry19 mentioned this pull request May 24, 2022
Closed
leahecole added a commit that referenced this pull request May 25, 2022
@renovate-bot @leahecole
chore(deps): update dependency django to v4.0.4 [security] (#7824)
7186805 
Co-authored-by: Leah E. Cole <6719667+leahecole@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leahecole leahecole leahecole approved these changes

Assignees

@nicain nicain

Labels
samples Issues that are directly related to samples.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@renovate-bot @leahecole @nicain @kokoro-team