Skip to content

Commit

Permalink
fix(deps): bump django from 4.2.16 to 4.2.17 (#117)
Browse files Browse the repository at this point in the history 
Bumps [django](https://github.com/django/django) from 4.2.16 to 4.2.17.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/django/django/commit/1f0356ff2af11a5fa71fb07b4627e10edd170438"><code>1f0356f</code></a>
[4.2.x] Bumped version for 4.2.17 release.</li>
<li><a
href="https://github.com/django/django/commit/7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5"><code>7376bcb</code></a>
[4.2.x] Fixed CVE-2024-53908 -- Prevented SQL injections in direct
HasKeyLook...</li>
<li><a
href="https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b"><code>790eb05</code></a>
[4.2.x] Fixed CVE-2024-53907 -- Mitigated potential DoS in
strip_tags().</li>
<li><a
href="https://github.com/django/django/commit/f663277a4c22ef96cbdebfd0ed76155b9d37b4f8"><code>f663277</code></a>
[4.2.x] Refs CVE-2024-11168 -- Updated vendored _urlsplit() to properly
valid...</li>
<li><a
href="https://github.com/django/django/commit/0acff0fd1f5ad09367aacb51b2b68699c6ce7929"><code>0acff0f</code></a>
[4.2.x] Added stub release notes and release date for 4.2.17.</li>
<li><a
href="https://github.com/django/django/commit/b381b19854f32c9ff03e6bd98865ddffbb7e7082"><code>b381b19</code></a>
[4.2.x] Fixed docs build on Sphinx 8.1+.</li>
<li><a
href="https://github.com/django/django/commit/ea4a1fb61e0bc6a4294a0123b82183da947e5efb"><code>ea4a1fb</code></a>
[4.2.x] Refs <a
href="https://redirect.github.com/django/django/issues/35844">#35844</a>
-- Expanded compatibility for expected error messages in ...</li>
<li><a
href="https://github.com/django/django/commit/345a6652e6a15febbf4f68351dcea5dd674ea324"><code>345a665</code></a>
[4.2.x] Added GitHub Action workflow to test all Python versions listed
in th...</li>
<li><a
href="https://github.com/django/django/commit/52116774549e27ac5d1ba9423e2fe61c5503a4a4"><code>5211677</code></a>
[4.2.x] Added CVE-2024-45230 and CVE-2024-45231 to security
archive.</li>
<li><a
href="https://github.com/django/django/commit/8f6c36234deef30fad171f80d130eb7c296df526"><code>8f6c362</code></a>
[4.2.x] Post-release version bump.</li>
<li>See full diff in <a
href="https://github.com/django/django/compare/4.2.16...4.2.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=django&package-manager=pip&previous-version=4.2.16&new-version=4.2.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
  • Loading branch information
@akalipetis
akalipetis authored Dec 10, 2024
2 parents 03fbaef + 84eb283 commit 3fdc8c2
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 3 deletions.
15 changes: 15 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: CI

permissions:
contents: write
pull-requests: write

on:
pull_request:
push:
Expand Down Expand Up @@ -31,3 +35,14 @@ jobs:
cache: yarn
- run: yarn
- run: yarn lint

dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
needs: [test-python, test-js]
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
steps:
- run: gh pr review --approve "$PR_URL"
- run: gh pr merge --auto --merge "$PR_URL"
6 changes: 3 additions & 3 deletions poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3fdc8c2

Please sign in to comment.