studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deps): upgrade Django 5.2.12 and joserfc 1.6.3 to patch CVEs
Some checks failed
Update crowdin sources / install-dependencies (push) Has been cancelled
Details
Update crowdin sources / synchronize-with-crowdin (push) Has been cancelled
Details
Docker Hub Workflow / trivy-scan (push) Has been cancelled
Details
Docker Hub Workflow / build-and-push-backend (push) Has been cancelled
Details
Docker Hub Workflow / build-and-push-frontend (push) Has been cancelled
Details
Docker Hub Workflow / notify-argocd (push) Has been cancelled
Details
People Workflow / dependencies (push) Has been cancelled
Details
People Workflow / lint-git (push) Has been cancelled
Details
People Workflow / check-changelog (push) Has been cancelled
Details
People Workflow / lint-changelog (push) Has been cancelled
Details
People Workflow / build-front (push) Has been cancelled
Details
People Workflow / test-front (push) Has been cancelled
Details
People Workflow / lint-front (push) Has been cancelled
Details
People Workflow / test-e2e (1, 4) (push) Has been cancelled
Details
People Workflow / test-e2e (2, 4) (push) Has been cancelled
Details
People Workflow / test-e2e (3, 4) (push) Has been cancelled
Details
People Workflow / test-e2e (4, 4) (push) Has been cancelled
Details
People Workflow / tests-e2e-feedback (push) Has been cancelled
Details
People Workflow / lint-back (push) Has been cancelled
Details
People Workflow / test-back (push) Has been cancelled
Details
Release Chart / release (push) Has been cancelled
Details

Browse Source 
- Django 5.2.11 → 5.2.12: fixes CVE-2026-25673 (DoS via slow URL
  normalization, HIGH)
- joserfc 1.6.1 → 1.6.3: fixes CVE-2026-27932 (HIGH)
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-06 14:18:25 +00:00
parent a90b71422b
commit 9d5e5d10b7
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/pyproject.toml
View File

@@ -43,7 +43,7 @@ dependencies = [
"django-timezone-field>=5.1", "django-timezone-field>=5.1",
"django-treebeard==4.8.0", "django-treebeard==4.8.0",
"django-zxcvbn-password-validator==1.5.3", "django-zxcvbn-password-validator==1.5.3",
"django==5.2.11", "django==5.2.12",
"djangorestframework==3.16.1", "djangorestframework==3.16.1",
"dockerflow==2026.1.26", "dockerflow==2026.1.26",
"drf_spectacular==0.29.0", "drf_spectacular==0.29.0",
@@ -53,7 +53,7 @@ dependencies = [
"flower==2.0.1", "flower==2.0.1",
"gunicorn==25.0.3", "gunicorn==25.0.3",
"jaraco.context>=6.1.0", "jaraco.context>=6.1.0",
"joserfc==1.6.1", "joserfc==1.6.3",
"jsonschema==4.26.0", "jsonschema==4.26.0",
"mozilla-django-oidc==5.0.2", "mozilla-django-oidc==5.0.2",
"nested-multipart-parser==1.6.0", "nested-multipart-parser==1.6.0",

16
src/backend/uv.lock generated
View File

@@ -375,16 +375,16 @@ wheels = [
[[package]] [[package]]
name = "django" name = "django"
version = "5.2.11" version = "5.2.12"
source = { registry = "https://pypi.org/simple" } source = { registry = "https://pypi.org/simple" }
dependencies = [ dependencies = [
{ name = "asgiref" }, { name = "asgiref" },
{ name = "sqlparse" }, { name = "sqlparse" },
{ name = "tzdata", marker = "sys_platform == 'win32'" }, { name = "tzdata", marker = "sys_platform == 'win32'" },
] ]
sdist = { url = "https://files.pythonhosted.org/packages/17/f2/3e57ef696b95067e05ae206171e47a8e53b9c84eec56198671ef9eaa51a6/django-5.2.11.tar.gz", hash = "sha256:7f2d292ad8b9ee35e405d965fbbad293758b858c34bbf7f3df551aeeac6f02d3", size = 10885017, upload-time = "2026-02-03T13:52:50.554Z" } sdist = { url = "https://files.pythonhosted.org/packages/bd/55/b9445fc0695b03746f355c05b2eecc54c34e05198c686f4fc4406b722b52/django-5.2.12.tar.gz", hash = "sha256:6b809af7165c73eff5ce1c87fdae75d4da6520d6667f86401ecf55b681eb1eeb", size = 10860574, upload-time = "2026-03-03T13:56:05.509Z" }
wheels = [ wheels = [
{ url = "https://files.pythonhosted.org/packages/91/a7/2b112ab430575bf3135b8304ac372248500d99c352f777485f53fdb9537e/django-5.2.11-py3-none-any.whl", hash = "sha256:e7130df33ada9ab5e5e929bc19346a20fe383f5454acb2cc004508f242ee92c0", size = 8291375, upload-time = "2026-02-03T13:52:42.47Z" }, { url = "https://files.pythonhosted.org/packages/4e/32/4b144e125678efccf5d5b61581de1c4088d6b0286e46096e3b8de0d556c8/django-5.2.12-py3-none-any.whl", hash = "sha256:4853482f395c3a151937f6991272540fcbf531464f254a347bf7c89f53c8cff7", size = 8310245, upload-time = "2026-03-03T13:56:01.174Z" },
] ]
[[package]] [[package]]
@@ -856,14 +856,14 @@ wheels = [
[[package]] [[package]]
name = "joserfc" name = "joserfc"
version = "1.6.1" version = "1.6.3"
source = { registry = "https://pypi.org/simple" } source = { registry = "https://pypi.org/simple" }
dependencies = [ dependencies = [
{ name = "cryptography" }, { name = "cryptography" },
] ]
sdist = { url = "https://files.pythonhosted.org/packages/c7/3d/82375487dcc2bcdf136a68e1a8543165feccbbc8833dfc451f87a5f83b81/joserfc-1.6.1.tar.gz", hash = "sha256:7759a14d732d93503317468c0dd258510c4f64b30759cf42e96016c97b38c4b7", size = 226277, upload-time = "2025-12-30T08:45:07.289Z" } sdist = { url = "https://files.pythonhosted.org/packages/ce/90/b8cc8635c4ce2e5e8104bf26ef147f6e599478f6329107283cdc53aae97f/joserfc-1.6.3.tar.gz", hash = "sha256:c00c2830db969b836cba197e830e738dd9dda0955f1794e55d3c636f17f5c9a6", size = 229090, upload-time = "2026-02-25T15:33:38.167Z" }
wheels = [ wheels = [
{ url = "https://files.pythonhosted.org/packages/a1/01/9674cc6d478406ae61d910cb16ca8b5699a8a9e6a2019987ebe5a5957d1d/joserfc-1.6.1-py3-none-any.whl", hash = "sha256:74d158c9d56be54c710cdcb2a0741372254b682ad2101a0f72e5bd0e925695f0", size = 70349, upload-time = "2025-12-30T08:45:05.573Z" }, { url = "https://files.pythonhosted.org/packages/12/4f/124b3301067b752f44f292f0b9a74e837dd75ff863ee39500a082fc4c733/joserfc-1.6.3-py3-none-any.whl", hash = "sha256:6beab3635358cbc565cb94fb4c53d0557e6d10a15b933e2134939351590bda9a", size = 70465, upload-time = "2026-02-25T15:33:36.997Z" },
] ]
[[package]] [[package]]
@@ -1085,7 +1085,7 @@ requires-dist = [
{ name = "boto3", specifier = "==1.42.44" }, { name = "boto3", specifier = "==1.42.44" },
{ name = "brotli", specifier = "==1.2.0" }, { name = "brotli", specifier = "==1.2.0" },
{ name = "celery", extras = ["redis"], specifier = "==5.6.2" }, { name = "celery", extras = ["redis"], specifier = "==5.6.2" },
{ name = "django", specifier = "==5.2.11" }, { name = "django", specifier = "==5.2.12" },
{ name = "django-celery-beat", specifier = "==2.8.1" }, { name = "django-celery-beat", specifier = "==2.8.1" },
{ name = "django-celery-results", specifier = "==2.6.0" }, { name = "django-celery-results", specifier = "==2.6.0" },
{ name = "django-configurations", specifier = "==2.5.1" }, { name = "django-configurations", specifier = "==2.5.1" },
@@ -1113,7 +1113,7 @@ requires-dist = [
{ name = "ipdb", marker = "extra == 'dev'", specifier = "==0.13.13" }, { name = "ipdb", marker = "extra == 'dev'", specifier = "==0.13.13" },
{ name = "ipython", marker = "extra == 'dev'", specifier = "==9.10.0" }, { name = "ipython", marker = "extra == 'dev'", specifier = "==9.10.0" },
{ name = "jaraco-context", specifier = ">=6.1.0" }, { name = "jaraco-context", specifier = ">=6.1.0" },
{ name = "joserfc", specifier = "==1.6.1" }, { name = "joserfc", specifier = "==1.6.3" },
{ name = "jq", marker = "extra == 'dev'", specifier = "==1.11.0" }, { name = "jq", marker = "extra == 'dev'", specifier = "==1.11.0" },
{ name = "jsonschema", specifier = "==4.26.0" }, { name = "jsonschema", specifier = "==4.26.0" },
{ name = "mozilla-django-oidc", specifier = "==5.0.2" }, { name = "mozilla-django-oidc", specifier = "==5.0.2" },