[Snyk] Security upgrade django from 1.2 to 4.2.26#41
Conversation
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13836728 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13837025
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # GAE packages should match the "libraries" section of app.yaml | ||
| django==1.2 | ||
| django==4.2.26 | ||
| jinja2==2.6 |
There was a problem hiding this comment.
Bumping django to 4.2.26 assumes a Python ≥3.8 runtime, while the project still targets the legacy App Engine Python runtime (app.yaml declares runtime: python and the surrounding pinned packages are Python‑2–only). On the existing Python 2 dev/CI setup pip install -r requirements.txt will now fail with “Django 4.2 requires Python >=3.8”, preventing the application from installing dependencies or running. Unless the entire stack is ported to Python 3 alongside this change, this upgrade is a build‑blocking regression.
Useful? React with 👍 / 👎.
2 participants
Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 SQL Injection