Safety CI > imAsparky/django-cookiecutter

Docs | Support

imAsparky/django-cookiecutter

Requirements Safety CI

pyup-update-coverage-7.6.8-to-7.6.9

6 months, 2 weeks ago

a3e7542b

Update coverage from 7.6.8 to 7.6.9

Django 5.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
Django	5.1.3	>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22	show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Django	5.1.3	>=5.0,<5.0.14 , >=5.1,<5.1.8	show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Django	5.1.3	>=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21	show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
Django	5.1.3	<4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4	show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue.
Django	5.1.3	<4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4	show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities.
Django	5.1.3	<4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5	show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly.

pyup-update-django-5.1.3-to-5.1.4

6 months, 3 weeks ago

a1758e59

Update django from 5.1.3 to 5.1.4

No dependencies with known security vulnerabilities.

pyup-update-pytest-8.3.3-to-8.3.4

6 months, 3 weeks ago

7140c641

Update pytest from 8.3.3 to 8.3.4

No dependencies with known security vulnerabilities.

pyup-update-pytest-8.3.3-to-8.3.4

6 months, 3 weeks ago

780eb8ed

Update pytest from 8.3.3 to 8.3.4

No dependencies with known security vulnerabilities.

main

6 months, 4 weeks ago

4fb66b2d

fix(pyup): Update myst-parser to 4.0.0 (#790) * Update myst-parser from 3.0.1 to 4.0.0 * Update

No dependencies with known security vulnerabilities.

pyup-update-myst-parser-3.0.1-to-4.0.0

6 months, 4 weeks ago

8a6a7b81

Merge branch 'main' into pyup-update-myst-parser-3.0.1-to-4.0.0

No dependencies with known security vulnerabilities.

main

6 months, 4 weeks ago

026a0aea

fix(pyup): Update furo to 2024.8.6 (#794) * Update furo from 2024.5.6 to 2024.8.6 * Update furo

No dependencies with known security vulnerabilities.

pyup-update-furo-2024.5.6-to-2024.8.6

6 months, 4 weeks ago

bc9cca70

Merge branch 'main' into pyup-update-furo-2024.5.6-to-2024.8.6

No dependencies with known security vulnerabilities.

main

6 months, 4 weeks ago

95eb5e75

Update pytest-django from 4.8.0 to 4.9.0 (#800) Co-authored-by: mark sevelj <31756570+imAsparky@use

No dependencies with known security vulnerabilities.

pyup-update-pytest-django-4.8.0-to-4.9.0

6 months, 4 weeks ago

64fadba5

Merge branch 'main' into pyup-update-pytest-django-4.8.0-to-4.9.0

No dependencies with known security vulnerabilities.

main

6 months, 4 weeks ago

d722dd4a

fix(pyup): Update pytest to 8.3.3 (#802) * Update pytest from 8.2.2 to 8.3.3 * Update pytest fr

No dependencies with known security vulnerabilities.

pyup-update-pytest-8.2.2-to-8.3.3

6 months, 4 weeks ago

06013e58

Merge branch 'main' into pyup-update-pytest-8.2.2-to-8.3.3

No dependencies with known security vulnerabilities.

main

6 months, 4 weeks ago

e5ed2243

fix(pyup): Update pre-commit to 4.0.1 (#814) * Update pre-commit from 3.7.1 to 4.0.1 * Update p

No dependencies with known security vulnerabilities.

pyup-update-pre-commit-3.7.1-to-4.0.1

6 months, 4 weeks ago

91c8089e

Merge branch 'main' into pyup-update-pre-commit-3.7.1-to-4.0.1

No dependencies with known security vulnerabilities.

main

6 months, 4 weeks ago

efe8bc1c

Update django-browser-reload from 1.13.0 to 1.16.0 (#819) Co-authored-by: mark sevelj <31756570+imA

No dependencies with known security vulnerabilities.

older