[Snyk] Security upgrade django from 1.9.13 to 4.2.16 #55
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…atures/json/angularjs/dotnet-tour-of-heroes/Microsoft.AspNetCore.Mvc-1.0.4 Bump Microsoft.AspNetCore.Mvc
…AzureSqlHibernateSample/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-IONETTY-5953332 - https://snyk.io/vuln/SNYK-JAVA-IONETTY-1083991 - https://snyk.io/vuln/SNYK-JAVA-IONETTY-1317097
….Final Snyk has created this PR to upgrade org.hibernate:hibernate-core from 5.3.20.Final to 5.6.15.Final. See this package in maven: org.hibernate:hibernate-core See this project in Snyk: https://app.snyk.io/org/geekswagg/project/5c72522b-a303-4690-9000-5ea2f4c155e7?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade com.azure:azure-security-keyvault-keys from 4.0.0 to 4.8.4. See this package in maven: com.azure:azure-security-keyvault-keys See this project in Snyk: https://app.snyk.io/org/geekswagg/project/5c72522b-a303-4690-9000-5ea2f4c155e7?utm_source=github&utm_medium=referral&page=upgrade-pr
…4.8.3 Snyk has created this PR to upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.8.3. See this package in maven: com.azure:azure-security-keyvault-secrets See this project in Snyk: https://app.snyk.io/org/geekswagg/project/5c72522b-a303-4690-9000-5ea2f4c155e7?utm_source=github&utm_medium=referral&page=upgrade-pr
…4.1.jre8 Snyk has created this PR to upgrade com.microsoft.sqlserver:mssql-jdbc from 7.0.0.jre8 to 7.4.1.jre8. See this package in maven: com.microsoft.sqlserver:mssql-jdbc See this project in Snyk: https://app.snyk.io/org/geekswagg/project/5c72522b-a303-4690-9000-5ea2f4c155e7?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade org.javassist:javassist from 3.23.1-GA to 3.30.2-GA. See this package in maven: org.javassist:javassist See this project in Snyk: https://app.snyk.io/org/geekswagg/project/5c72522b-a303-4690-9000-5ea2f4c155e7?utm_source=github&utm_medium=referral&page=upgrade-pr
… vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
…erfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-BASH-542609
… vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646
…erfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-BASH-542609
…on to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-7444580 - https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-7444617
…script/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
…88290ffb8c8ca70 [Snyk] Fix for 7 vulnerabilities
…2b4d669f95d36d3 [Snyk] Security upgrade bootstrap from 4.6.2 to 5.0.0
…87a40499232089f [Snyk] Security upgrade ubuntu from 16.04 to xenial-20210416
…script/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
Bumps the maven group with 1 update in the /samples/tutorials/AzureSqlGettingStartedSamples/java/Unix-based/AzureSqlColumnstoreSample directory: [com.azure:azure-identity](https://github.com/Azure/azure-sdk-for-java). Bumps the maven group with 1 update in the /samples/tutorials/AzureSqlGettingStartedSamples/java/Unix-based/AzureSqlSample directory: [com.azure:azure-identity](https://github.com/Azure/azure-sdk-for-java). Bumps the maven group with 1 update in the /samples/tutorials/AzureSqlGettingStartedSamples/java/Windows/AzureSqlColumnstoreSample directory: [com.azure:azure-identity](https://github.com/Azure/azure-sdk-for-java). Bumps the maven group with 1 update in the /samples/tutorials/AzureSqlGettingStartedSamples/java/Windows/AzureSqlHibernateSample directory: [com.azure:azure-identity](https://github.com/Azure/azure-sdk-for-java). Bumps the maven group with 1 update in the /samples/tutorials/AzureSqlGettingStartedSamples/java/Windows/AzureSqlSample directory: [com.azure:azure-identity](https://github.com/Azure/azure-sdk-for-java). Updates `com.azure:azure-identity` from 1.0.4 to 1.12.2 - [Release notes](https://github.com/Azure/azure-sdk-for-java/releases) - [Commits](Azure/azure-sdk-for-java@azure-sdk-bom_1.0.4...azure-identity_1.12.2) Updates `com.azure:azure-identity` from 1.0.4 to 1.12.2 - [Release notes](https://github.com/Azure/azure-sdk-for-java/releases) - [Commits](Azure/azure-sdk-for-java@azure-sdk-bom_1.0.4...azure-identity_1.12.2) Updates `com.azure:azure-identity` from 1.0.4 to 1.12.2 - [Release notes](https://github.com/Azure/azure-sdk-for-java/releases) - [Commits](Azure/azure-sdk-for-java@azure-sdk-bom_1.0.4...azure-identity_1.12.2) Updates `com.azure:azure-identity` from 1.0.4 to 1.12.2 - [Release notes](https://github.com/Azure/azure-sdk-for-java/releases) - [Commits](Azure/azure-sdk-for-java@azure-sdk-bom_1.0.4...azure-identity_1.12.2) Updates `com.azure:azure-identity` from 1.0.4 to 1.12.2 - [Release notes](https://github.com/Azure/azure-sdk-for-java/releases) - [Commits](Azure/azure-sdk-for-java@azure-sdk-bom_1.0.4...azure-identity_1.12.2) --- updated-dependencies: - dependency-name: com.azure:azure-identity dependency-type: direct:production dependency-group: maven - dependency-name: com.azure:azure-identity dependency-type: direct:production dependency-group: maven - dependency-name: com.azure:azure-identity dependency-type: direct:production dependency-group: maven - dependency-name: com.azure:azure-identity dependency-type: direct:production dependency-group: maven - dependency-name: com.azure:azure-identity dependency-type: direct:production dependency-group: maven ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the nuget group with 1 update in the /samples/features/security/always-encrypted-with-secure-enclaves/sample-application/AlwaysEncryptedConsole directory: Azure.Identity. Bumps the nuget group with 1 update in the /samples/features/security/always-encrypted-with-secure-enclaves/source/ContosoHR directory: Azure.Identity. Updates `Azure.Identity` from 1.11.0 to 1.11.4 Updates `Azure.Identity` from 1.11.0 to 1.11.4 --- updated-dependencies: - dependency-name: Azure.Identity dependency-type: direct:production dependency-group: nuget - dependency-name: Azure.Identity dependency-type: direct:production dependency-group: nuget ... Signed-off-by: dependabot[bot] <support@github.com>
…a3fcc4892d3522a [Snyk] Fix for 2 vulnerabilities
Bumps the npm_and_yarn group with 2 updates in the /samples/databases/wide-world-importers/wwi-app/wwwroot/lib/bootstrap directory: [grunt](https://github.com/gruntjs/grunt) and [shelljs](https://github.com/shelljs/shelljs). Bumps the npm_and_yarn group with 1 update in the /samples/databases/wide-world-importers/wwi-app/wwwroot/lib/q directory: [grunt](https://github.com/gruntjs/grunt). Bumps the npm_and_yarn group with 11 updates in the /samples/databases/wide-world-importers/wwi-app/wwwroot/lib/webcomponentsjs directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `5.5.1` | `6.12.6` | | [eslint](https://github.com/eslint/eslint) | `4.13.1` | `9.7.0` | | [atob](https://github.com/coolaj86/node-browser-compat) | `1.1.3` | `2.1.2` | | [css](https://github.com/reworkcss/css) | `2.2.1` | `2.2.4` | | [bl](https://github.com/rvagg/bl) | `0.9.5` | `1.2.3` | | [vinyl-buffer](https://github.com/hughsk/vinyl-buffer) | `1.0.0` | `1.0.1` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.8` | | [mkdirp](https://github.com/isaacs/node-mkdirp) | `0.5.1` | `0.5.6` | | [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` | | [randomatic](https://github.com/jonschlinkert/randomatic) | `1.1.7` | `3.1.1` | | [fill-range](https://github.com/jonschlinkert/fill-range) | `2.2.3` | `2.2.4` | Updates `grunt` from 1.0.4 to 1.6.1 - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/main/CHANGELOG) - [Commits](gruntjs/grunt@v1.0.4...v1.6.1) Updates `shelljs` from 0.7.8 to 0.8.5 - [Release notes](https://github.com/shelljs/shelljs/releases) - [Changelog](https://github.com/shelljs/shelljs/blob/master/CHANGELOG.md) - [Commits](shelljs/shelljs@v0.7.8...v0.8.5) Updates `grunt` from 0.4.5 to 1.6.1 - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/main/CHANGELOG) - [Commits](gruntjs/grunt@v1.0.4...v1.6.1) Updates `ajv` from 5.5.1 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v5.5.1...v6.12.6) Updates `eslint` from 4.13.1 to 9.7.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v4.13.1...v9.7.0) Updates `atob` from 1.1.3 to 2.1.2 - [Commits](https://github.com/coolaj86/node-browser-compat/commits) Updates `css` from 2.2.1 to 2.2.4 - [Changelog](https://github.com/reworkcss/css/blob/master/History.md) - [Commits](reworkcss/css@v2.2.1...v2.2.4) Updates `bl` from 0.9.5 to 1.2.3 - [Release notes](https://github.com/rvagg/bl/releases) - [Changelog](https://github.com/rvagg/bl/blob/master/CHANGELOG.md) - [Commits](rvagg/bl@v0.9.5...v1.2.3) Updates `vinyl-buffer` from 1.0.0 to 1.0.1 - [Commits](hughsk/vinyl-buffer@v1.0.0...v1.0.1) Updates `minimist` from 1.2.0 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.0...v1.2.8) Updates `mkdirp` from 0.5.1 to 0.5.6 - [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md) - [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6) Updates `ini` from 1.3.4 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.4...v1.3.8) Updates `js-yaml` from 3.10.0 to 4.1.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.10.0...4.1.0) Updates `randomatic` from 1.1.7 to 3.1.1 - [Release notes](https://github.com/jonschlinkert/randomatic/releases) - [Commits](jonschlinkert/randomatic@1.1.7...3.1.1) Updates `fill-range` from 2.2.3 to 2.2.4 - [Release notes](https://github.com/jonschlinkert/fill-range/releases) - [Commits](https://github.com/jonschlinkert/fill-range/commits) --- updated-dependencies: - dependency-name: grunt dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: shelljs dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: grunt dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eslint dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: atob dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: css dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bl dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vinyl-buffer dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mkdirp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: randomatic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fill-range dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…script/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
…f5bb5879c08d37 [Snyk] Security upgrade ubuntu from 16.04 to xenial-20201014
…61be99b4d04df2fda4 [Snyk] Upgrade org.hibernate:hibernate-core from 5.3.20.Final to 5.6.15.Final
…fcb56e1a9f93c5feb1 [Snyk] Upgrade com.azure:azure-security-keyvault-keys from 4.0.0 to 4.8.4
…ba1e8b8a4148037074 [Snyk] Upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.8.3
…04f58bb3c474ab258e [Snyk] Upgrade com.microsoft.sqlserver:mssql-jdbc from 7.0.0.jre8 to 7.4.1.jre8
…c00c1a40381eee6 [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.6.0
…script/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
…07a824514f31742 [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.6.0
…d5ce61d5abe4894 [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.6.0
…6705da55621a1da [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.6.0
…6cd5fc4864275af [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.0.1 to 4.6.0
…440d56c394c30a7 [Snyk] Security upgrade django from 1.9.13 to 4.2.15
…b7721d3422e1868 [Snyk] Fix for 1 vulnerabilities
… vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-559326
…reSqlSample/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538
…AzureSqlHibernateSample/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538
…9ec8cd55234d20b [Snyk] Fix for 1 vulnerabilities
…d9d5f2d2a077084 [Snyk] Fix for 1 vulnerabilities
…56bbd298879cd27 [Snyk] Fix for 1 vulnerabilities
…976f03bb7aacc3a [Snyk] Fix for 1 vulnerabilities
…eatures/security/always-encrypted-with-secure-enclaves/src/ContosoClinic/nuget-ed2060a1e9 build(deps): bump the nuget group across 2 directories with 1 update
…d821390b12d50b6 [Snyk] Security upgrade setuptools from 40.5.0 to 65.5.1
…1873085413beda8 [Snyk] Security upgrade django from 1.9.13 to 3.2.14
…10fe8a6b8646674 [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.8.3 to 4.8.6
…134f8c279062f4e [Snyk] Security upgrade com.azure:azure-security-keyvault-secrets from 4.8.3 to 4.8.6
… vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
samples/development-frameworks/django/requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS)