Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade django from 3.2.15 to 3.2.16 #49

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
3d8be52
Bump pyyaml from 5.3.1 to 5.4 in /requirements
dependabot[bot] Apr 15, 2021
a7cb880
Bump django-debug-toolbar from 3.2 to 3.2.1 in /requirements
dependabot[bot] Apr 16, 2021
9b3a04c
Merge pull request #10 from 47-studio-org/dependabot/pip/requirements…
MarcelRaschke Apr 21, 2021
db9d5fc
Merge pull request #6 from 47-studio-org/dependabot/pip/requirements/…
MarcelRaschke Apr 21, 2021
4280c50
Bump django from 2.2.17 to 2.2.21 in /requirements
dependabot[bot] Jun 5, 2021
17d28fd
Merge pull request #12 from 47-studio-org/dependabot/pip/requirements…
MarcelRaschke Jun 6, 2021
39f30a3
fix: requirements/pip.txt to reduce vulnerabilities
snyk-bot May 19, 2022
b9873c6
Merge pull request #35 from 47-studio-org/snyk-fix-75c34ac32df8234be3…
MarcelRaschke May 24, 2022
bfd1517
Bump moment from 2.24.0 to 2.29.4
dependabot[bot] Jul 8, 2022
003257d
fix: requirements/pip.txt to reduce vulnerabilities
snyk-bot Aug 3, 2022
788d9e3
Merge pull request #42 from 47-studio-org/snyk-fix-b73655db8f5250862d…
MarcelRaschke Aug 12, 2022
d01bfbc
fix: package.json & .snyk to reduce vulnerabilities
snyk-bot Aug 19, 2022
ca4dfc1
fix: requirements/docker.txt to reduce vulnerabilities
snyk-bot Sep 22, 2022
121bbbf
Merge pull request #44 from 47-studio-org/snyk-fix-f8807f4b177458c8e2…
MarcelRaschke Sep 22, 2022
f2ef4e3
Merge pull request #41 from 47-studio-org/dependabot/npm_and_yarn/mom…
MarcelRaschke Sep 22, 2022
9c8bbad
Merge pull request #43 from 47-studio-org/snyk-fix-a148f7858861240c88…
MarcelRaschke Sep 22, 2022
a6a005c
Bump shell-quote from 1.7.2 to 1.7.3
dependabot[bot] Sep 22, 2022
929b876
Merge pull request #39 from 47-studio-org/dependabot/npm_and_yarn/she…
MarcelRaschke Sep 22, 2022
d6bcd57
fix: package.json & .snyk to reduce vulnerabilities
snyk-bot Sep 22, 2022
0a24faf
Merge pull request #45 from 47-studio-org/snyk-fix-4b2d284c43a8045f9d…
MarcelRaschke Sep 22, 2022
0ec65fb
fix: requirements/pip.txt to reduce vulnerabilities
snyk-bot Oct 22, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions .snyk
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0
ignore: {}
# patches apply the minimum changes required to fix a vulnerability
patch:
'npm:hawk:20160119':
- debowerify > bower > request > hawk:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > bower-registry-client > request > hawk:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > insight > request > hawk:
patched: '2022-08-19T09:04:48.172Z'
'npm:http-signature:20150122':
- debowerify > bower > request > http-signature:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > bower-registry-client > request > http-signature:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > insight > request > http-signature:
patched: '2022-08-19T09:04:48.172Z'
SNYK-JS-LODASH-567746:
- gulp-eslint > eslint > lodash:
patched: '2022-08-19T09:04:48.172Z'
- gulp-eslint > eslint > inquirer > lodash:
patched: '2022-08-19T09:04:48.172Z'
- gulp-eslint > eslint > table > lodash:
patched: '2022-08-19T09:04:48.172Z'
'npm:mime:20170907':
- less > mime:
patched: '2022-08-19T09:04:48.172Z'
- gulp-less > less > mime:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > request > form-data > mime:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > insight > request > form-data > mime:
patched: '2022-08-19T09:04:48.172Z'
'npm:minimatch:20160620':
- debowerify > bower > glob > minimatch:
patched: '2022-08-19T09:04:48.172Z'
- gulp > vinyl-fs > glob-stream > minimatch:
patched: '2022-08-19T09:04:48.172Z'
- gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch:
patched: '2022-08-19T09:04:48.172Z'
- gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch:
patched: '2022-08-19T09:04:48.172Z'
'npm:request:20160119':
- debowerify > bower > bower-registry-client > request:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > request:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > insight > request:
patched: '2022-08-19T09:04:48.172Z'
'npm:semver:20150403':
- debowerify > bower > semver:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > update-notifier > semver-diff > semver:
patched: '2022-08-19T09:04:48.172Z'
- eslint-plugin-import > read-pkg-up > read-pkg > normalize-package-data > semver:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > update-notifier > latest-version > package-json > registry-url > npmconf > semver:
patched: '2022-08-19T09:04:48.172Z'
- gulp > gulp-cli > yargs > read-pkg-up > read-pkg > normalize-package-data > semver:
patched: '2022-09-22T18:40:33.690Z'
'npm:shell-quote:20160621':
- debowerify > bower > shell-quote:
patched: '2022-08-19T09:04:48.172Z'
'npm:tunnel-agent:20170305':
- debowerify > bower > request > tunnel-agent:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > bower-registry-client > request > tunnel-agent:
patched: '2022-08-19T09:04:48.172Z'
- debowerify > bower > insight > request > tunnel-agent:
patched: '2022-08-19T09:04:48.172Z'
'npm:uglify-js:20151024':
- debowerify > bower > handlebars > uglify-js:
patched: '2022-08-19T09:04:48.172Z'
5,367 changes: 2,494 additions & 2,873 deletions package-lock.json

Large diffs are not rendered by default.

20 changes: 12 additions & 8 deletions package.json
Original file line number Diff line number Diff line change
@@ -7,13 +7,16 @@
"build": "gulp build",
"dev": "gulp dev",
"lint": "gulp lint",
"vendor": "gulp vendor"
"vendor": "gulp vendor",
"prepublish": "npm run snyk-protect",
"snyk-protect": "snyk-protect"
},
"dependencies": {
"bowser": "^1.9.3",
"cssfilter": "0.0.8",
"github-changelog": "git+https://github.com/agjohnson/github-changelog.git",
"npm": "^6.1.0"
"npm": "^6.1.0",
"@snyk/protect": "latest"
},
"devDependencies": {
"bower": "^1.8.4",
@@ -23,15 +26,15 @@
"eslint-config-airbnb-base": "^11.2.0",
"eslint-plugin-import": "^2.2.0",
"event-stream": "^3.3.1",
"gulp": "^3.9.1",
"gulp-eslint": "^3.0.1",
"gulp-less": "^3.0.3",
"gulp": "^4.0.0",
"gulp-eslint": "^5.0.0",
"gulp-less": "^5.0.0",
"gulp-rename": "^1.2.2",
"gulp-run": "^1.6.6",
"gulp-uglify": "^3.0.0",
"gulp-util": "^3.0.3",
"gulp-watch": "^4.3.3",
"less": "^2.7.3",
"gulp-watch": "^5.0.0",
"less": "^3.0.2",
"vinyl-buffer": "^1.0.1",
"vinyl-source-stream": "^2.0.0"
},
@@ -45,5 +48,6 @@
"keywords": [
"docs",
"documentation"
]
],
"snyk": true
}
2 changes: 1 addition & 1 deletion requirements/docker.txt
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@ psycopg2-binary==2.8.6
django-redis-cache==2.1.3 # pyup: ignore

# For resizing images
pillow==8.0.1
pillow==9.0.1

# local debugging tools
watchdog==0.10.4
6 changes: 3 additions & 3 deletions requirements/pip.txt
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
pip==20.3.1
virtualenv==20.2.2

django==2.2.17 # pyup: <2.3
django==3.2.16 # pyup: <2.3
django-extensions==3.1.0
django_polymorphic==3.0.0
django-autoslug==1.9.8
@@ -27,7 +27,7 @@ jsonfield==3.1.0
requests==2.25.0
requests-toolbelt==0.9.1
slumber==0.7.1
pyyaml==5.3.1
pyyaml==5.4
Pygments==2.7.3

# Basic tools
@@ -108,7 +108,7 @@ user-agents==2.2.0
git+https://github.com/jschneier/django-storages@d0f027c98a877f75615cfc42b4d51c038fa41bf6#egg=django-storages[azure]==1.9.1

# Required only in development and linting
django-debug-toolbar==3.2
django-debug-toolbar==3.2.1

# For enabling content-security-policy
django-csp==3.7