Skip to content

fix(deps): vuln django (major → 6.0.4) [pkg/dependency/parser/python/pip/testdata]#50

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/pip/testdata/1-1781534086
Draft

fix(deps): vuln django (major → 6.0.4) [pkg/dependency/parser/python/pip/testdata]#50
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/pip/testdata/1-1781534086

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Summary: Critical-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

  • pkg/dependency/parser/python/pip/testdata (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
django 4.0.1 6.0.4 major Direct 15 CRITICAL, 24 HIGH, 8 MEDIUM

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (39 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
django PYSEC-2022-191 critical - 4.0.1 4.0.4
django PYSEC-2025-108 CRITICAL - 4.0.1 4.2.26
django CVE-2025-64459 CRITICAL - 4.0.1 -
django GHSA-frmv-pr5f-9mcr CRITICAL Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. 4.0.1 5.2.8
django PYSEC-2023-61 CRITICAL - 4.0.1 3.2.19
django CVE-2023-31047 CRITICAL - 4.0.1 -
django PYSEC-2022-190 critical - 4.0.1 4.0.4
django CVE-2022-28346 critical - 4.0.1 -
django GHSA-2gwj-7jmv-h26r CRITICAL SQL Injection in Django 4.0.1 2.2.28
django GHSA-r3xc-prgr-mg9p CRITICAL Django bypasses validation when using one form field to upload multiple files 4.0.1 3.2.19
django GHSA-p64x-8rxx-wf6q CRITICAL Django Trunc() and Extract() database functions vulnerable to SQL Injection 4.0.1 3.2.14
django CVE-2022-34265 critical - 4.0.1 -
django PYSEC-2022-213 critical - 4.0.1 3.2.14
django GHSA-w24h-v9qh-8gxj CRITICAL SQL Injection in Django 4.0.1 2.2.28
django CVE-2022-28347 critical - 4.0.1 -
django CVE-2022-36359 high - 4.0.1 -
django GHSA-6w2r-r2m5-xq5w HIGH Django is subject to SQL injection through its column aliases 4.0.1 4.2.24
django GHSA-q2jf-h9jm-m7p4 HIGH Django contains Uncontrolled Resource Consumption via cached header 4.0.1 3.2.17
django PYSEC-2023-12 high - 4.0.1 3.2.17
django GHSA-2hrw-hx67-34x6 HIGH Resource exhaustion in Django 4.0.1 3.2.18
django CVE-2023-24580 high - 4.0.1 -
django PYSEC-2022-245 high - 4.0.1 3.2.15
django GHSA-qw25-v68c-qjf3 HIGH Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows 4.0.1 5.2.8
django GHSA-8x94-hmjh-97hq HIGH Django vulnerable to Reflected File Download attack 4.0.1 3.2.15
django GHSA-6cw3-g6wv-c2xv HIGH Infinite Loop in Django 4.0.1 2.2.27
django CVE-2022-23833 high - 4.0.1 -
django PYSEC-2022-20 high - 4.0.1 2.2.27
django PYSEC-2023-13 high - 4.0.1 3.2.18
django CVE-2025-64458 HIGH - 4.0.1 -
django PYSEC-2025-107 HIGH - 4.0.1 4.2.26
django CVE-2023-23969 high - 4.0.1 -
django CVE-2025-57833 HIGH - 4.0.1 -
django PYSEC-2025-105 HIGH - 4.0.1 4.2.24
django GHSA-qrw5-5h28-6cmg HIGH Django denial-of-service vulnerability in internationalized URLs 4.0.1 3.2.16
django PYSEC-2022-304 HIGH - 4.0.1 5b6b257fa7ec37ff27965358800c67e2dd11c924
django CVE-2022-41323 HIGH - 4.0.1 -
django PYSEC-2023-100 high - 4.0.1 4.2.3
django GHSA-jh3w-4vvf-mjgr HIGH Django has regular expression denial of service vulnerability in EmailValidator/URLValidator 4.0.1 3.2.20
django CVE-2023-36053 high - 4.0.1 -
ℹ️ Other Vulnerabilities (8)
Package CVE Severity Summary Unsafe Version Fixed In
django GHSA-95rw-fx8r-36v6 MODERATE Cross-site Scripting in Django 4.0.1 2.2.27
django PYSEC-2022-19 MODERATE - 4.0.1 2.2.27
django CVE-2022-22818 MODERATE - 4.0.1 -
django PYSEC-2025-47 MODERATE - 4.0.1 5.2.2
django CVE-2025-48432 MODERATE - 4.0.1 -
django GHSA-7xr5-9hcq-chf9 MODERATE Django Improper Output Neutralization for Logs vulnerability 4.0.1 5.2.2
django GHSA-rrqc-c2jx-6jgv MODERATE Django allows enumeration of user e-mail addresses 4.0.1 5.1.1
django CVE-2024-45231 MODERATE - 4.0.1 -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
django 4.0.1 Apr 1, 2023 6.0.4 pkg/dependency/parser/python/pip/testdata/requirements_compatible.txt

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-datadog-prod-us1

datadog-datadog-prod-us1 Bot commented Jun 15, 2026
edited by datadog-datadog-prod-us1-2 Bot
Loading

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

Test | Integration Test   View in Datadog   GitHub Actions

Test | Test (macos-latest)   View in Datadog   GitHub Actions

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: be07f9a | Docs | Datadog PR Page | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-critical-severity adms-dependency-update adms-fixes-eol adms-high-severity adms-major-update adms-medium-severity adms-mode-all-vulns adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants