Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability Django >=3.0.0, <3.1.9 #537

Closed
whitej6 opened this issue Jun 5, 2021 · 3 comments · Fixed by #538
Closed

Security Vulnerability Django >=3.0.0, <3.1.9 #537

whitej6 opened this issue Jun 5, 2021 · 3 comments · Fixed by #538
Assignees
@jathanism
Labels
impact: high High severity bugs causing system wide impact type: bug Something isn't working as expected

Comments

@whitej6
Copy link
Contributor

whitej6 commented Jun 5, 2021

Environment

  • Python version: all
  • Nautobot version: develop

Steps to Reproduce

  1. GHSA-rxjp-mfm9-w4wr

Expected Behavior

Bump minimum version to 3.1.9 of django package

Observed Behavior
@jathanism
Copy link
Contributor

We already have Django 3.1.11 pinned, so we're okay, but all the same we should update the minimum supported Django version.

@jathanism jathanism added impact: high High severity bugs causing system wide impact type: bug Something isn't working as expected labels Jun 7, 2021
@jathanism jathanism self-assigned this Jun 7, 2021
jathanism added a commit to jathanism/nautobot that referenced this issue Jun 7, 2021
@jathanism
Fix nautobot#537 - Update minimum Django version to 3.1.12.
cf0b273
@jathanism jathanism mentioned this issue Jun 7, 2021
Merged
@glennmatthews
Copy link
Contributor

We already have Django 3.1.11 pinned, so we're okay, but all the same we should update the minimum supported Django version.

Just a friendly reminder that the pinned version in poetry.lock applies to the development environment (and, I think, to our Docker build), but the looser constraint in pyproject.toml is the only thing that matters when doing a pip install nautobot. :-)

@jathanism
Copy link
Contributor

We already have Django 3.1.11 pinned, so we're okay, but all the same we should update the minimum supported Django version.

Just a friendly reminder that the pinned version in poetry.lock applies to the development environment (and, I think, to our Docker build), but the looser constraint in pyproject.toml is the only thing that matters when doing a pip install nautobot. :-)

Yep.

jathanism added a commit that referenced this issue Jun 7, 2021
@jathanism
Fix #537 - Update minimum Django version to 3.1.12. (#538)
97c51a8
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 6, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jathanism jathanism

Labels
impact: high High severity bugs causing system wide impact type: bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #537 - Update minimum Django version to 3.1.12. jathanism/nautobot
3 participants
@jathanism @glennmatthews @whitej6