[Security] Bump django from 4.1.5 to 4.1.6
Bumps django from 4.1.5 to 4.1.6. This update includes a security fix.
Vulnerabilities fixed
Django contains Uncontrolled Resource Consumption via cached header In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
Patched versions: 4.1.6 Affected versions: >= 4.1a1, < 4.1.6
Commits
-
f4909f7[4.1.x] Bumped version for 4.1.6 release. -
9d7bd5a[4.1.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Ac... -
d3edac6[4.1.x] Bumped versions in pre-commit and npm configurations. -
a5a36da[4.1.x] Fixed E501 flake8 error. -
f586c12[4.1.x] Fixed #34180 -- Added note about resetting language in test tear-downs. -
26b7a25[4.1.x] Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueCons... -
bc48c7d[4.1.x] Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17. -
bb59ef7[4.1.x] Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17. -
c1bf918[4.1.x] Corrected passenv value for tox 4.0.6+. -
2a32d39[4.1.x] Fixed #34242 -- Doc'd that primary key is set to None when deleting o... - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebasewill rebase this MR -
$dependabot recreatewill recreate this MR rewriting all the manual changes and resolving conflicts