Safety CI > cookiecutter/cookiecutter-django

master

5 months, 2 weeks ago

Update django-crispy-forms from 2.1 to 2.2 (#5143)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

5 months, 2 weeks ago

401ffd0e

Update start-flower in flower to wait until all celery workers are online (#5012) Flower needs to s

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

5 months, 2 weeks ago

c3335e66

Update Contributors

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

5 months, 2 weeks ago

bcd44374

Merge pull request #5102 from Mogost/secure-prefix Enhancing the security of cookies

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

5 months, 2 weeks ago

f9a4d864

Update sentry-sdk from 2.5.0 to 2.5.1 (#5142)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-update-django-crispy-forms-2.1-to-2.2

5 months, 2 weeks ago

88f0b907

Update django-crispy-forms from 2.1 to 2.2

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

5 months, 2 weeks ago

c4f7b09c

Auto-update pre-commit hooks (#5140) Co-authored-by: browniebroke <861044+browniebroke@users.norepl

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

5 months, 2 weeks ago

f6b9fa37

Update django-allauth from 0.63.2 to 0.63.3 (#5111)

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-update-sentry-sdk-2.5.0-to-2.5.1

5 months, 2 weeks ago

577b41b8

Update sentry-sdk from 2.5.0 to 2.5.1

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-django-crispy-forms-2.1-to-2.2

5 months, 2 weeks ago

1af0ffcd

Update django-crispy-forms from 2.1 to 2.2

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

update/pre-commit-autoupdate

5 months, 2 weeks ago

b30a8fe8

Auto-update pre-commit hooks

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

987bee45

Release 2024.06.14

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

80674b01

Update FUNDING.yml

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/local/node/node-22-bookworm-slim

5 months, 2 weeks ago

7e646903

Bump node in /{{cookiecutter.project_slug}}/compose/local/node Bumps node from 20-bookworm-slim to

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

03e68e89

Bump python in /{{cookiecutter.project_slug}}/compose/local/docs Bumps python from 3.12.3-slim-book

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.