Safety CI > cookiecutter/cookiecutter-django

pyup-update-sentry-sdk-2.51.0-to-2.52.0

2 months ago

29bf7d41

Update sentry-sdk from 2.51.0 to 2.52.0

No dependencies with known security vulnerabilities.

main

2 months ago

9133c6d7

Update ruff to 0.15.0 (#6319) * Update ruff from 0.14.14 to 0.15.0 * Align versions --------- Co

No dependencies with known security vulnerabilities.

pyup-update-ruff-0.14.14-to-0.15.0

2 months ago

2aaa9dbc

Align versions

No dependencies with known security vulnerabilities.

main

2 months ago

4593f343

Update gunicorn to 25.0.1 (#6313) Update gunicorn from 25.0.0 to 25.0.1

No dependencies with known security vulnerabilities.

pyup-update-ruff-0.14.14-to-0.15.0

2 months ago

7c117b80

Update ruff from 0.14.14 to 0.15.0

No dependencies with known security vulnerabilities.

main

2 months ago

7de18668

Update djangorestframework-stubs to 3.16.8 (#6317) Update djangorestframework-stubs from 3.16.7 to

No dependencies with known security vulnerabilities.

main

2 months ago

8512dafe

Update coverage to 7.13.3 (#6315) Update coverage from 7.13.2 to 7.13.3

No dependencies with known security vulnerabilities.

main

2 months ago

e9664f8b

Update django to 5.2.11 (#6314) Update django from 5.2.10 to 5.2.11

No dependencies with known security vulnerabilities.

update/pre-commit-autoupdate

2 months ago

92b8f306

Auto-update pre-commit hooks

django 5.2.10 has known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of column aliases containing periods in QuerySet.order_by() when combined with FilteredRelation. The QuerySet.order_by() method fails to properly sanitize column aliases that contain periods when the same alias is used in FilteredRelation via dictionary expansion. https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of control characters in column aliases within FilteredRelation. The FilteredRelation class fails to properly sanitize column aliases containing control characters when used with QuerySet methods annotate(), aggregate(), extra(), values(), values_list(), and alias() via dictionary expansion (**kwargs).
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper sanitization of band index parameters in PostGIS raster lookups. The raster lookup functionality in Django's GIS module fails to properly validate or escape untrusted data used as a band index when performing spatial queries against PostGIS databases.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to inefficient string concatenation when processing duplicate HTTP headers in ASGI mode. The ASGIRequest class combines repeated headers using repeated string concatenation, resulting in super-linear (quadratic) time complexity when processing requests with many duplicate headers.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to quadratic time complexity during HTML parsing in text truncation methods. The django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True), as well as the truncatechars_html and truncatewords_html template filters, exhibit quadratic time complexity when processing inputs containing a large number of unmatched HTML end tags.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Information Disclosure (Timing Attack) due to non-constant-time comparison in the mod_wsgi authentication handler. The django.contrib.auth.handlers.modwsgi.check_password() function does not perform user existence checks in constant time, allowing response timing differences to reveal whether usernames exist.

pyup-update-djangorestframework-stubs-3.16.7-to-3.16.8

2 months ago

35ab292e

Update djangorestframework-stubs from 3.16.7 to 3.16.8

django 5.2.10 has known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of column aliases containing periods in QuerySet.order_by() when combined with FilteredRelation. The QuerySet.order_by() method fails to properly sanitize column aliases that contain periods when the same alias is used in FilteredRelation via dictionary expansion. https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of control characters in column aliases within FilteredRelation. The FilteredRelation class fails to properly sanitize column aliases containing control characters when used with QuerySet methods annotate(), aggregate(), extra(), values(), values_list(), and alias() via dictionary expansion (**kwargs).
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper sanitization of band index parameters in PostGIS raster lookups. The raster lookup functionality in Django's GIS module fails to properly validate or escape untrusted data used as a band index when performing spatial queries against PostGIS databases.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to inefficient string concatenation when processing duplicate HTTP headers in ASGI mode. The ASGIRequest class combines repeated headers using repeated string concatenation, resulting in super-linear (quadratic) time complexity when processing requests with many duplicate headers.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to quadratic time complexity during HTML parsing in text truncation methods. The django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True), as well as the truncatechars_html and truncatewords_html template filters, exhibit quadratic time complexity when processing inputs containing a large number of unmatched HTML end tags.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Information Disclosure (Timing Attack) due to non-constant-time comparison in the mod_wsgi authentication handler. The django.contrib.auth.handlers.modwsgi.check_password() function does not perform user existence checks in constant time, allowing response timing differences to reveal whether usernames exist.

pyup-update-ruff-0.14.14-to-0.15.0

2 months ago

04b08069

Align versions

django 5.2.10 has known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of column aliases containing periods in QuerySet.order_by() when combined with FilteredRelation. The QuerySet.order_by() method fails to properly sanitize column aliases that contain periods when the same alias is used in FilteredRelation via dictionary expansion. https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of control characters in column aliases within FilteredRelation. The FilteredRelation class fails to properly sanitize column aliases containing control characters when used with QuerySet methods annotate(), aggregate(), extra(), values(), values_list(), and alias() via dictionary expansion (**kwargs).
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper sanitization of band index parameters in PostGIS raster lookups. The raster lookup functionality in Django's GIS module fails to properly validate or escape untrusted data used as a band index when performing spatial queries against PostGIS databases.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to inefficient string concatenation when processing duplicate HTTP headers in ASGI mode. The ASGIRequest class combines repeated headers using repeated string concatenation, resulting in super-linear (quadratic) time complexity when processing requests with many duplicate headers.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to quadratic time complexity during HTML parsing in text truncation methods. The django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True), as well as the truncatechars_html and truncatewords_html template filters, exhibit quadratic time complexity when processing inputs containing a large number of unmatched HTML end tags.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Information Disclosure (Timing Attack) due to non-constant-time comparison in the mod_wsgi authentication handler. The django.contrib.auth.handlers.modwsgi.check_password() function does not perform user existence checks in constant time, allowing response timing differences to reveal whether usernames exist.

pyup-update-ruff-0.14.14-to-0.15.0

2 months ago

0457170f

Update ruff from 0.14.14 to 0.15.0

django 5.2.10 has known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of column aliases containing periods in QuerySet.order_by() when combined with FilteredRelation. The QuerySet.order_by() method fails to properly sanitize column aliases that contain periods when the same alias is used in FilteredRelation via dictionary expansion. https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of control characters in column aliases within FilteredRelation. The FilteredRelation class fails to properly sanitize column aliases containing control characters when used with QuerySet methods annotate(), aggregate(), extra(), values(), values_list(), and alias() via dictionary expansion (**kwargs).
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper sanitization of band index parameters in PostGIS raster lookups. The raster lookup functionality in Django's GIS module fails to properly validate or escape untrusted data used as a band index when performing spatial queries against PostGIS databases.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to inefficient string concatenation when processing duplicate HTTP headers in ASGI mode. The ASGIRequest class combines repeated headers using repeated string concatenation, resulting in super-linear (quadratic) time complexity when processing requests with many duplicate headers.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to quadratic time complexity during HTML parsing in text truncation methods. The django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True), as well as the truncatechars_html and truncatewords_html template filters, exhibit quadratic time complexity when processing inputs containing a large number of unmatched HTML end tags.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Information Disclosure (Timing Attack) due to non-constant-time comparison in the mod_wsgi authentication handler. The django.contrib.auth.handlers.modwsgi.check_password() function does not perform user existence checks in constant time, allowing response timing differences to reveal whether usernames exist.

pyup-update-coverage-7.13.2-to-7.13.3

2 months ago

8aefc3e6

Update coverage from 7.13.2 to 7.13.3

django 5.2.10 has known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of column aliases containing periods in QuerySet.order_by() when combined with FilteredRelation. The QuerySet.order_by() method fails to properly sanitize column aliases that contain periods when the same alias is used in FilteredRelation via dictionary expansion. https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper handling of control characters in column aliases within FilteredRelation. The FilteredRelation class fails to properly sanitize column aliases containing control characters when used with QuerySet methods annotate(), aggregate(), extra(), values(), values_list(), and alias() via dictionary expansion (**kwargs).
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to SQL Injection due to improper sanitization of band index parameters in PostGIS raster lookups. The raster lookup functionality in Django's GIS module fails to properly validate or escape untrusted data used as a band index when performing spatial queries against PostGIS databases.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to inefficient string concatenation when processing duplicate HTTP headers in ASGI mode. The ASGIRequest class combines repeated headers using repeated string concatenation, resulting in super-linear (quadratic) time complexity when processing requests with many duplicate headers.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to quadratic time complexity during HTML parsing in text truncation methods. The django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True), as well as the truncatechars_html and truncatewords_html template filters, exhibit quadratic time complexity when processing inputs containing a large number of unmatched HTML end tags.
django	5.2.10	<4.2.28 , >=5.2a1,<5.2.11 , >=6.0a1,<6.0.2	show Affected versions of the Django package are vulnerable to Information Disclosure (Timing Attack) due to non-constant-time comparison in the mod_wsgi authentication handler. The django.contrib.auth.handlers.modwsgi.check_password() function does not perform user existence checks in constant time, allowing response timing differences to reveal whether usernames exist.

pyup-update-django-5.2.10-to-5.2.11

2 months ago

0e6d18da

Update django from 5.2.10 to 5.2.11

No dependencies with known security vulnerabilities.

main

2 months, 1 week ago

8cd940b4

Release 2026.02.02

No dependencies with known security vulnerabilities.