Safety CI > cookiecutter/cookiecutter-django

pyup-update-psycopg-3.2.7-to-3.2.8

5 months ago

f0439b5b

Update psycopg from 3.2.7 to 3.2.8

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

update/pre-commit-autoupdate

5 months, 1 week ago

5b47db15

Auto-update pre-commit hooks

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

master

5 months, 1 week ago

27e15941

Release 2025.05.09

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-ruff-0.11.8-to-0.11.9

5 months, 1 week ago

8a26f5b5

Align versions

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-ruff-0.11.8-to-0.11.9

5 months, 1 week ago

0b7c6f44

Update ruff from 0.11.8 to 0.11.9

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-hiredis-3.1.0-to-3.1.1

5 months, 1 week ago

e75c8b85

Update hiredis from 3.1.0 to 3.1.1

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-hiredis-3.1.0-to-3.1.1

5 months, 1 week ago

5ad0eb7b

Update hiredis from 3.1.0 to 3.1.1

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-redis-5.3.0-to-6.0.0

5 months, 1 week ago

bcedc538

Update redis from 5.3.0 to 6.0.0

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

master

5 months, 1 week ago

c1cded52

Update django-debug-toolbar from 5.1.0 to 5.2.0 (#5816)

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

master

5 months, 1 week ago

4c14f22f

Update django-allauth from 65.7.0 to 65.8.0 (#5830)

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

master

5 months, 1 week ago

be4ad111

Update django from 5.1.8 to 5.1.9 (#5828)

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.27.11

5 months, 1 week ago

155bae8e

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.25.0 to 2.27.11. --- updated-dependencies: - depen

django 5.1.8 and django-stubs 5.1.3 have known security vulnerabilities.

Package	Installed	Affected	Info
django	5.1.8	>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22	show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
django	5.1.8	<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9	show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
django	5.1.8	>=4.2a1,<4.2.25 , >=5.1a1,<5.1.13 , >=5.2a1,<5.2.7	show Affected versions of the Django package are vulnerable to SQL Injection due to insufficient neutralization of user-controlled column alias names provided via dictionary expansion. The QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods accept **kwargs whose keys are used as column aliases, and on MySQL and MariaDB, those identifiers are not safely quoted, permitting crafted input to be incorporated into the generated SQL.
django	5.1.8	>=4.2a1,<4.2.25 , >=5.1a1,<5.1.13 , >=5.2a1,<5.2.7	show Affected versions of the Django package are vulnerable to Path Traversal due to improper validation of archive member paths during extraction. The django.utils.archive.extract() function—used by the startapp --template and startproject --template commands—checked path prefixes instead of using canonicalised paths, allowing archive entries whose names share a prefix with the destination to resolve outside the intended directory.
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-django-allauth-65.7.0-to-65.8.0

5 months, 1 week ago

40a6640e

Update django-allauth from 65.7.0 to 65.8.0

django 5.1.8 and django-stubs 5.1.3 have known security vulnerabilities.

Package	Installed	Affected	Info
django	5.1.8	>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22	show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
django	5.1.8	<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9	show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
django	5.1.8	>=4.2a1,<4.2.25 , >=5.1a1,<5.1.13 , >=5.2a1,<5.2.7	show Affected versions of the Django package are vulnerable to SQL Injection due to insufficient neutralization of user-controlled column alias names provided via dictionary expansion. The QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods accept **kwargs whose keys are used as column aliases, and on MySQL and MariaDB, those identifiers are not safely quoted, permitting crafted input to be incorporated into the generated SQL.
django	5.1.8	>=4.2a1,<4.2.25 , >=5.1a1,<5.1.13 , >=5.2a1,<5.2.7	show Affected versions of the Django package are vulnerable to Path Traversal due to improper validation of archive member paths during extraction. The django.utils.archive.extract() function—used by the startapp --template and startproject --template commands—checked path prefixes instead of using canonicalised paths, allowing archive entries whose names share a prefix with the destination to resolve outside the intended directory.
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.27.10

5 months, 1 week ago

02be91a8

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.25.0 to 2.27.10. --- updated-dependencies: - depen

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

pyup-update-django-5.1.8-to-5.1.9

5 months, 1 week ago

30dc9156

Update django from 5.1.8 to 5.1.9

django-stubs 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
django-stubs	5.1.3	<5.2.0	show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.

Package

Installed

Affected

Info

django-stubs

5.1.3

<5.2.0

show

Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks.