Safety CI > cookiecutter/cookiecutter-django

update/pre-commit-autoupdate

5 months, 2 weeks ago

b30a8fe8

Auto-update pre-commit hooks

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

987bee45

Release 2024.06.14

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

80674b01

Update FUNDING.yml

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/local/node/node-22-bookworm-slim

5 months, 2 weeks ago

7e646903

Bump node in /{{cookiecutter.project_slug}}/compose/local/node Bumps node from 20-bookworm-slim to

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

03e68e89

Bump python in /{{cookiecutter.project_slug}}/compose/local/docs Bumps python from 3.12.3-slim-book

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

ed0857f7

Bump python in /{{cookiecutter.project_slug}}/compose/production/django Bumps python from 3.12.3-sl

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

c11d5519

Bump python in /{{cookiecutter.project_slug}}/compose/local/django Bumps python from 3.12.3-slim-bo

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

453ea25b

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.16.6 to 2.16.8. --- updated-dependencies: - depend

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

bde8236e

Update ruff from 0.4.8 to 0.4.9

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-ruff-0.4.8-to-0.4.9

5 months, 2 weeks ago

39af11c9

Update ruff from 0.4.8 to 0.4.9

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-ruff-0.4.8-to-0.4.9

5 months, 2 weeks ago

bc439f80

Update ruff from 0.4.8 to 0.4.9

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.16.8

5 months, 2 weeks ago

264560e5

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.16.6 to 2.16.8. --- updated-dependencies: - depend

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

4b94cde8

Release 2024.06.13

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

a0ae1945

Update redis from 5.0.5 to 5.0.6 (#5137)

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-redis-5.0.5-to-5.0.6

5 months, 2 weeks ago

6285d383

Update redis from 5.0.5 to 5.0.6

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.