[Snyk] Security upgrade django from 3.2.25 to 4.2.20 #89

adamlaska · 2025-03-06T19:47:41Z

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

requirements.txt

⚠️

Warning

xml2rfc 3.25.0 requires platformdirs, which is not installed.
xml2rfc 3.25.0 requires configargparse, which is not installed.
xml2rfc 3.25.0 requires google-i18n-address, which is not installed.
xml2rfc 3.25.0 requires intervaltree, which is not installed.
xml2rfc 3.25.0 requires jinja2, which is not installed.
xml2rfc 3.25.0 requires pycountry, which is not installed.
WebTest 3.0.2 requires waitress, which is not installed.
scout-apm 2.26.1 has requirement urllib3[secure]<2; python_version >= "3.5", but you have urllib3 2.0.7.
celery 5.3.0 requires kombu, which is not installed.

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408

google-cla · 2025-03-06T19:47:48Z

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

socket-security · 2025-03-06T19:48:58Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	None	`0`	5.93 kB	sindresorhus
npm/[email protected]	None	`0`	4.41 kB	hughsk
npm/[email protected]	None	`0`	3.54 kB	sindresorhus
npm/[email protected]	None	`0`	13.3 kB	rvagg
npm/[email protected]	None	`0`	29.3 kB	oss-bot
npm/[email protected]	filesystem	`0`	37.5 kB	coreyfarrell
npm/[email protected]	None	`0`	291 kB	oss-bot
npm/[email protected]	None	`0`	1.3 MB	sschadwick
npm/[email protected]	None	`0`	1.32 MB	timmywil
npm/[email protected]	None	`0`	27.4 kB	carhartl
npm/[email protected]	None	`0`	438 kB	yaozilong
npm/[email protected]	None	`0`	45.8 kB	andyperlitch
npm/[email protected]	None	`0`	10.4 kB	isaacs
npm/[email protected]	None	`0`	26.1 kB	kriszyp
npm/[email protected]	None	`0`	12.7 kB	isaacs
npm/[email protected]	None	`0`	229 kB	jordanbtucker
npm/[email protected]	filesystem	`0`	19.8 kB	ryanzim
npm/[email protected]	None	`0`	31.4 kB	bahamat
npm/[email protected]	None	`0`	19.4 kB	bahmutov
npm/[email protected]	None	`0`	5.39 kB	eventualbuddha
npm/[email protected]	None	`0`	943 kB	javve
npm/[email protected]	environment	`0`	168 kB	cenk1cenk2
npm/[email protected]	environment, filesystem, unsafe	`0`	2.32 MB	kriszyp
npm/[email protected]	None	`0`	10.2 kB	jdalton
npm/[email protected]	None	`0`	4.58 kB	sindresorhus
npm/[email protected]	None	`0`	7.58 kB	sindresorhus
npm/[email protected]	None	`0`	68.7 kB	isaacs
npm/[email protected]	None	`0`	3.9 MB	icambron
npm/[email protected]	None	`0`	373 kB	antfu
npm/[email protected]	environment, network	`0`	59 kB	nlf
npm/[email protected]	None	`0`	4.31 kB	stevemao
npm/[email protected]	None	`0`	206 kB	dougwilson
npm/[email protected]	None	`0`	18.3 kB	dougwilson
npm/[email protected]	environment, filesystem	`0`	51.7 kB	broofa
npm/[email protected]	None	`0`	4.46 kB	sindresorhus
npm/[email protected]	None	`0`	4.87 kB	isaacs
npm/[email protected]	environment, network	`0`	46.2 kB	nlf
npm/[email protected]	None	`0`	3.77 kB	isaacs
npm/[email protected]	None	`0`	7 kB	isaacs
npm/[email protected]	None	`0`	124 kB	isaacs
npm/[email protected]	None	`0`	3.67 MB	ichernev
npm/[email protected]	None	`0`	4.23 MB	ichernev
npm/[email protected]	None	`0`	14.6 kB	kriszyp
npm/[email protected]	environment, eval, unsafe	`0`	306 kB	kriszyp
npm/[email protected]	None	`0`	6.34 kB	mikolalysenko
npm/[email protected]	environment	`0`	23.8 MB	07akioni
npm/[email protected]	None	`0`	21.6 kB	ai
npm/[email protected]	None	`0`	27.4 kB	dougwilson
npm/[email protected] ➜ 4.3.0	None	`0`	384 kB	nicknaso
npm/[email protected]	environment, filesystem, unsafe	`0`	13.3 kB	kriszyp
npm/[email protected]	environment, filesystem	`0`	12.8 kB	mafintosh
npm/[email protected]	environment, shell	`0`	1.98 MB	rvagg
npm/[email protected]	environment	`0`	8.13 kB	sindresorhus
npm/[email protected]	None	`0`	17.1 kB	lukekarrys
npm/[email protected]	None	`0`	2.84 kB	zertosh
npm/[email protected]	unsafe	`0`	13.7 kB	dougwilson
npm/[email protected]	None	`0`	6.17 kB	sindresorhus
npm/[email protected]	None	`0`	48.5 kB	kriszyp
npm/[email protected]	environment	`0`	3.38 kB	jprichardson
npm/[email protected]	None	`0`	8.69 kB	sindresorhus
npm/[email protected]	None	`0`	5.41 kB	sindresorhus
npm/[email protected]	None	`0`	108 kB	blakeembrey
npm/[email protected]	None	`0`	6.01 kB	superjoe
npm/[email protected]	None	`0`	11.3 kB	meryn
npm/[email protected]	environment	`0`	5.66 kB	alexeyraspopov
npm/[email protected]	None	`0`	6.02 kB	sindresorhus
npm/[email protected]	None	`0`	5.98 kB	seb.l.
npm/[email protected]	environment	`0`	382 kB	posva
npm/[email protected]	environment, filesystem	`0`	186 kB	ai
npm/[email protected]	None	`0`	908 kB	jdecroock
npm/[email protected]	None	`0`	11.5 kB	sindresorhus
npm/[email protected]	None	`0`	3.04 kB	iarna
npm/[email protected]	None	`0`	15.6 kB	achingbrain
npm/[email protected]	environment	`0`	24.2 kB	rob-w
npm/[email protected]	None	`0`	433 kB	lupomontero
npm/[email protected]	filesystem	`0`	7.78 kB	mafintosh
npm/[email protected]	None	`0`	126 kB	ljharb
npm/[email protected]	None	`0`	17.6 kB	jessetane
npm/[email protected]	None	`0`	8.46 kB	dougwilson
npm/[email protected]	filesystem	`0`	20.5 kB	paulmillr
npm/[email protected]	None	`0`	23 kB	satazor
npm/[email protected]	filesystem	`0`	12.1 kB	troygoode
npm/[email protected]	None	`0`	2.82 kB	sindresorhus
npm/[email protected]	None	`0`	32.2 kB	tim-kos
npm/[email protected]	None	`0`	24 kB	davidmarkclements
npm/[email protected]	None	`0`	298 kB	mourner
npm/[email protected]	filesystem	`0`	24.2 kB	mbostock
npm/[email protected]	None	`0`	4.48 MB	blesh
npm/[email protected]	None	`0`	42.3 kB	chalker
npm/[email protected]	None	`0`	4.49 MB	sassbot
npm/[email protected]	None	`0`	70.7 kB	07akioni
npm/[email protected]	None	`0`	169 kB	apalfrey
npm/[email protected]	None	`0`	846 kB	kevin-brown
npm/[email protected]	None	`0`	61.6 kB	isaacs
npm/[email protected]	filesystem, network	`0`	50.1 kB	dougwilson
npm/[email protected]	None	`0`	4.03 kB	wesleytodd
npm/[email protected]	None	`0`	6.2 kB	sindresorhus
npm/[email protected]	None	`0`	138 kB	joshglazebrook
npm/[email protected]	network	`0`	27.4 kB	kikobeats
npm/[email protected]	network	`0`	152 kB	joshglazebrook
npm/[email protected]	None	`0`	551 kB	owenm
npm/[email protected]	None	`0`	148 kB	7rulnik
npm/[email protected]	None	`0`	31.8 kB	rich_harris
npm/[email protected]	None	`0`	231 kB	bahamat
npm/[email protected]	None	`0`	37.5 kB	nlf
npm/[email protected]	None	`0`	12.1 kB	dougwilson
npm/[email protected]	None	`0`	9.31 kB	nwoltman
npm/[email protected]	None	`0`	3.05 kB	sindresorhus
npm/[email protected]	None	`0`	23.6 kB	coreyfarrell
npm/[email protected]	None	`0`	4.49 kB	dominicbarnes
npm/[email protected]	None	`0`	12.5 kB	dominictarr
npm/[email protected]	filesystem	`0`	52.9 kB	raszi
npm/[email protected]	None	`0`	4.68 kB	dougwilson
npm/[email protected]	network	`0`	86.6 kB	jstash
npm/[email protected]	environment	`0`	93.1 kB	07akioni
npm/[email protected]	None	`0`	50 kB	typescript-bot
npm/[email protected]	environment, network	`0`	16.7 kB	mikeal
npm/[email protected]	None	`0`	119 kB	sindresorhus
npm/[email protected]	None	`0`	41.4 kB	iarna
npm/[email protected]	None	`0`	2.68 kB	zkat
npm/[email protected]	None	`0`	4.64 kB	ryanzim
npm/[email protected]	None	`0`	3.01 kB	sindresorhus
npm/[email protected]	None	`0`	62.2 kB	piotrwitek
npm/[email protected]	filesystem, unsafe	`0`	44.6 kB	oss-bot
npm/[email protected]	None	`0`	18.4 kB	07akioni
npm/[email protected]	None	`0`	35.8 kB	dap
npm/[email protected]	environment	`0`	52.8 kB	07akioni
npm/[email protected]	filesystem	`0`	20.5 kB	antfu
npm/[email protected]	environment	`0`	795 kB	posva
npm/[email protected]	environment, eval	`0`	2.58 MB	yyx990803
npm/[email protected]	None	`0`	225 kB	07akioni
npm/[email protected]	None	`0`	28.2 kB	kriszyp
npm/[email protected]	None	`0`	10.6 kB	sindresorhus
npm/[email protected]	environment, network	`0`	135 kB	lpinca
npm/[email protected]	None	`0`	40.6 kB	jungomi
npm/[email protected]	filesystem	`0`	23.4 kB	oss-bot
npm/[email protected] ➜ 2.1.1	None	`0`	649 kB	eemeli
npm/[email protected]	environment, filesystem	`+1`	411 kB	oss-bot
npm/[email protected]	filesystem	`0`	66.2 kB	thejoshwolfe
npm/[email protected]	None	`0`	3.46 MB	wheels

View full report↗︎

socket-security · 2025-03-06T19:49:00Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Obfuscated code	npm/[email protected]	Confidence: 0.98 Location: Package overview	`package.json` `yarn.lock`	⚠︎

View full report↗︎

Next steps

What is obfuscated code?

Obfuscated files are intentionally packed to hide their behavior. This could be a sign of malware.

Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]

fix: requirements.txt to reduce vulnerabilities

5598f21

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408

prmerger-automator bot added the do-not-merge label Mar 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade django from 3.2.25 to 4.2.20 #89

[Snyk] Security upgrade django from 3.2.25 to 4.2.20 #89

adamlaska commented Mar 6, 2025

google-cla bot commented Mar 6, 2025

socket-security bot commented Mar 6, 2025

socket-security bot commented Mar 6, 2025

[Snyk] Security upgrade django from 3.2.25 to 4.2.20 #89

Are you sure you want to change the base?

[Snyk] Security upgrade django from 3.2.25 to 4.2.20 #89

Conversation

adamlaska commented Mar 6, 2025

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

google-cla bot commented Mar 6, 2025

socket-security bot commented Mar 6, 2025

socket-security bot commented Mar 6, 2025

Next steps