Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade django and sqlparse to pickup CVE fixes #15534

Closed
wants to merge 2 commits into from
Closed

Upgrade django and sqlparse to pickup CVE fixes #15534

wants to merge 2 commits into from

Conversation

tznamena
Copy link

SUMMARY

Upgade django and sqlparse to pickup latest fixes for CVEs.

django:
CVE-2024-45230
CVE-2024-42005
CVE-2024-41991
CVE-2024-41990
CVE-2024-41989
CVE-2024-39614
CVE-2024-39330
CVE-2024-39329
CVE-2024-38875
CVE-2024-27351

sqlparse:
CVE-2024-4340

ISSUE TYPE
  • Bug, Docs Fix or other nominal change
COMPONENT NAME
  • Other
AWX VERSION
awx: 0.1.dev34181+gf5d4f44.d20240916
ADDITIONAL INFORMATION

The file requirements.txt has been generated and some of the dependencies have been removed. Their corresponding license files were removed as well to make the test pass.

@github-actions github-actions bot added dependencies Pull requests that update a dependency file community labels Sep 16, 2024
@tznamena tznamena force-pushed the UpgradeDjangoSqlparseCVEs branch from f5d4f44 to 11765ae Compare September 17, 2024 13:57
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@tznamena
Copy link
Author

Closing this PR as it turned out that the plan for dependencies will be to unpin them at some point.

@tznamena tznamena closed this Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
community dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tznamena