fix(deps): vuln Django (major → 6.0.4) [pkg/dependency/parser/python/pip/testdata]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• pkg/dependency/parser/python/pip/testdata (pip)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
Django	2.3.4	6.0.4	major	Direct	3 CRITICAL, 9 HIGH, 5 MEDIUM

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (12 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
Django	GHSA-frmv-pr5f-9mcr	CRITICAL	Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.	2.3.4	5.2.8
Django	CVE-2025-64459	CRITICAL	-	2.3.4	-
Django	PYSEC-2025-108	CRITICAL	-	2.3.4	4.2.26
Django	PYSEC-2025-107	HIGH	-	2.3.4	4.2.26
Django	CVE-2025-57833	HIGH	-	2.3.4	-
Django	CVE-2022-36359	HIGH	-	2.3.4	-
Django	GHSA-qw25-v68c-qjf3	HIGH	Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows	2.3.4	5.2.8
Django	CVE-2025-64458	HIGH	-	2.3.4	-
Django	GHSA-8x94-hmjh-97hq	HIGH	Django vulnerable to Reflected File Download attack	2.3.4	3.2.15
Django	GHSA-6w2r-r2m5-xq5w	HIGH	Django is subject to SQL injection through its column aliases	2.3.4	4.2.24
Django	PYSEC-2022-245	HIGH	-	2.3.4	3.2.15
Django	PYSEC-2025-105	HIGH	-	2.3.4	4.2.24

ℹ️ Other Vulnerabilities (5)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
Django	GHSA-rrqc-c2jx-6jgv	MODERATE	Django allows enumeration of user e-mail addresses	2.3.4	5.1.1
Django	CVE-2024-45231	MODERATE	-	2.3.4	-
Django	GHSA-7xr5-9hcq-chf9	MODERATE	Django Improper Output Neutralization for Logs vulnerability	2.3.4	5.2.2
Django	CVE-2025-48432	MODERATE	-	2.3.4	-
Django	PYSEC-2025-47	MODERATE	-	2.3.4	5.2.2

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment
• Approve and merge this PR

---

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

[datadog-prod-us1-5]

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

Test | Integration Test     

Test | Test (macos-latest)     

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 330db37 | Docs | Datadog PR Page | Give us feedback!}