Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency django [security] #8255

Merged
merged 2 commits into from
Aug 12, 2022
Merged

chore(deps): update dependency django [security] #8255

merged 2 commits into from
Aug 12, 2022

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Aug 11, 2022
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Django (source, changelog) ==3.2.14 -> ==3.2.15 age adoption passing confidence
Django (source, changelog) ==4.0.6 -> ==4.0.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, click this checkbox. ⚠ Warning: custom changes will be lost.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate-bot renovate-bot requested review from glasnt and a team as code owners August 11, 2022 17:12
@product-auto-label product-auto-label bot added the samples Issues that are directly related to samples. label Aug 11, 2022
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 11, 2022
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 11, 2022
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 11, 2022
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 11, 2022
@parthea parthea merged commit de30e94 into GoogleCloudPlatform:main Aug 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glasnt glasnt glasnt approved these changes

@parthea parthea parthea approved these changes

Assignees

@kurtisvg kurtisvg

Labels
samples Issues that are directly related to samples.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@renovate-bot @glasnt @parthea @kokoro-team @kurtisvg