From b7d9674d2aebbd2480cfd18c98d6e87801e81ecc Mon Sep 17 00:00:00 2001 From: Krishna Suravarapu <36037520+KrishnaSuravarapu@users.noreply.github.com> Date: Tue, 14 Jul 2026 19:14:15 +0530 Subject: [PATCH 1/3] security(deps): bump Django 4.2.25 -> 4.2.30 for SQLi fix (F-011) Django 4.2.25 is below the 4.2.26 fix for the QuerySet annotate/aggregate _connector SQL injection (CVE-2025-64459 / GHSA-frmv-pr5f-9mcr, CVSS 9.8, CTO-4859). Bump to the latest 4.2 LTS patch (4.2.30). Same LTS line already green on the 3.12-3.14 matrix; full requirements resolve verified locally. Co-Authored-By: Claude Opus 4.8 (1M context) --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index beae8199..718ffffc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ cryptography==49.0.0 decorator==4.4.2 defusedxml==0.7.1 Deprecated==1.2.10 -Django==4.2.25 +Django==4.2.30 django-ajax-datatable==4.4.4 django-filter==22.1 django-mysql==4.7.1 From 8ac360040a7d67f6c626bc7f0859140d6f2000f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jun 2026 15:10:55 +0000 Subject: [PATCH 2/3] build(deps-dev): bump js-yaml from 4.1.0 to 4.3.0 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.3.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.3.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.3.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] (cherry picked from commit b493e896e8eca1b73fa507558db21f6aeca61d8d) --- package-lock.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 8a929444..328552cf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -960,8 +960,20 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "4.1.0", + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.3.0.tgz", + "integrity": "sha512-1td788aAnnZ5qs7V2QIRl1owjtYpbKt749Y3xauqQgwIIGF/xXWz1wMTEBx5O3LK3lXLVuqXPdPxj2BoFHaW9Q==", "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/puzrin" + }, + { + "type": "github", + "url": "https://github.com/sponsors/nodeca" + } + ], "license": "MIT", "dependencies": { "argparse": "^2.0.1" From 5c8c037de2266b9e57ecc57b2d742e89c7e85f60 Mon Sep 17 00:00:00 2001 From: Krishna Suravarapu <36037520+KrishnaSuravarapu@users.noreply.github.com> Date: Tue, 14 Jul 2026 19:48:05 +0530 Subject: [PATCH 3/3] chore(deps): consolidate open Dependabot dependency bumps into this PR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fold the remaining open dependency PRs into one: idna 3.7->3.15 (#303), Jinja2 3.1.4->3.1.6 (#266), Markdown 3.3.3->3.8.1 (#284), Pygments 2.15.0->2.20.0 (#290), PyNaCl 1.5.0->1.6.2 (#279), requests 2.32.3->2.33.0 (#288), soupsieve 2.0.1->2.8.4 (#310), sqlparse 0.5.1->0.5.4 (#291), js-yaml 4.1.0->4.3.0 (#309, package-lock.json). Django 4.2.30 (#292) already in this PR. EXCLUDED: social-auth-app-django 5.6.0 (#274) requires Django>=5.1; incompatible with the Django 4.2 LTS line — needs a separate Django 5.x migration. Full requirements resolve verified locally on Python 3.12. Co-Authored-By: Claude Opus 4.8 (1M context) --- requirements.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/requirements.txt b/requirements.txt index 718ffffc..540d93e7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,14 +31,14 @@ gunicorn==23.0.0 gitpython==3.1.50 httplib2==0.19.0 hvac==0.10.5 -idna==3.7 +idna==3.15 influxdb==5.3.1 ipaddress==1.0.23 ipython-genutils==0.2.0 jedi==0.17.2 -Jinja2==3.1.4 +Jinja2==3.1.6 jmespath==0.10.0 -Markdown==3.3.3 +Markdown==3.8.1 MarkupSafe==2.1.5 msgpack==1.2.1 ndg-httpsclient==0.5.1 @@ -59,10 +59,10 @@ pyasn1-modules==0.4.2 pycparser==2.20 pyflakes==3.4.0 PyGithub==1.56 -Pygments==2.15.0 +Pygments==2.20.0 PyJWT==2.13.0 PyMySQL==1.1.1 -PyNaCl==1.5.0 +PyNaCl==1.6.2 pyOpenSSL==26.3.0 pyparsing==2.4.7 python-dateutil==2.8.1 @@ -72,7 +72,7 @@ pytz==2021.3 pyvim==3.0.2 pyvmomi==7.0.1 PyYAML==6.0.2 -requests==2.32.3 +requests==2.33.0 requests-oauthlib==1.3.0 rsa==4.7 scandir==1.10.0 @@ -80,8 +80,8 @@ simplegeneric==0.8.1 six==1.15.0 social-auth-app-django==5.4.1 social-auth-core==4.5.4 -soupsieve==2.0.1 -sqlparse==0.5.1 +soupsieve==2.8.4 +sqlparse==0.5.4 traitlets==5.0.5 uritemplate==3.0.1 urllib3==2.7.0