Skip to content

Bump django-filter from 24.2 to 24.3#10675

Merged
mtesauro merged 1 commit intodevfrom
dependabot/pip/dev/django-filter-24.3
Aug 5, 2024
Merged

Bump django-filter from 24.2 to 24.3#10675
mtesauro merged 1 commit intodevfrom
dependabot/pip/dev/django-filter-24.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Aug 5, 2024

Bumps django-filter from 24.2 to 24.3.

Changelog

Sourced from django-filter's changelog.

Version 24.3 (2024-08-02)

  • Adds official support for Django 5.1.

  • Allow using dictionaries for grouped choices on Django 5.0+.

    Thanks to Sævar Öfjörð Magnússon.

  • Adds unknown_field_behavior FilterSet option to allowing warning and ignore behaviours for unknown field types during FilterSet generation.

    Thanks to Loes.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump django-filter from 24.2 to 24.3
bdc3b0d 
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 24.2 to 24.3.
- [Release notes](https://github.com/carltongibson/django-filter/releases)
- [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst)
- [Commits](carltongibson/django-filter@24.2...24.3)

---
updated-dependencies:
- dependency-name: django-filter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 5, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Aug 5, 2024
edited
Loading

DryRun Security Summary

The pull request updates the django-filter library from version 24.2 to 24.3, a minor version update that typically includes bug fixes or small feature additions, and it is important to review the release notes and thoroughly test the application to ensure the updated dependency does not introduce any security vulnerabilities or unintended behavior.

Expand for full summary

Summary:

The changes in this pull request are primarily related to updating the version of the django-filter library from 24.2 to 24.3 in the requirements.txt file. This is a minor version update, which typically indicates bug fixes or small feature additions without significant changes to the underlying functionality.

From an application security perspective, there are no major concerns raised by this specific change. Version updates for dependencies are generally a good practice to address known vulnerabilities and improve the overall security posture of the application. However, it's important to review the release notes or change logs for the updated django-filter version to ensure there are no security-related fixes or changes that may impact the application's security. Additionally, it's recommended to have a comprehensive testing strategy in place to validate that the updated dependency does not introduce any regressions or unintended behavior in the application.

Files Changed:

  • requirements.txt: The changes in this file update the version of the django-filter library from 24.2 to 24.3. This is a minor version update, and there are no immediate security concerns. However, it's crucial to review the release notes and thoroughly test the application to ensure the updated dependency does not introduce any security vulnerabilities or unintended behavior.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Aug 5, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 0996975 into dev Aug 5, 2024
@dependabot dependabot Bot deleted the dependabot/pip/dev/django-filter-24.3 branch August 5, 2024 16:10
dogboat pushed a commit to dogboat/django-DefectDojo that referenced this pull request Aug 8, 2024
@dependabot @dogboat
Bump django-filter from 24.2 to 24.3 (DefectDojo#10675)
e0f42ef 
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 24.2 to 24.3.
- [Release notes](https://github.com/carltongibson/django-filter/releases)
- [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst)
- [Commits](carltongibson/django-filter@24.2...24.3)

---
updated-dependencies:
- dependency-name: django-filter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

+1 more reviewer

@cneill cneill cneill approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cneill @mtesauro