fix(deps): vuln Django (major → 6.0.4) [python/django/django-realworld/django-realworld-example-app]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• python/django/django-realworld/django-realworld-example-app (pip)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
Django	1.10.5	6.0.4	major	Direct	8 CRITICAL, 7 HIGH, 17 MODERATE

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (15 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
Django	GHSA-hmr4-m2h5-33qx	CRITICAL	SQL injection in Django	1.10.5	1.11.28
Django	CVE-2025-64459	CRITICAL	-	1.10.5	-
Django	GHSA-frmv-pr5f-9mcr	CRITICAL	Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.	1.10.5	5.2.8
Django	PYSEC-2020-35	CRITICAL	-	1.10.5	eb31d845323618d688ad429479c6dda973056136
Django	CVE-2020-7471	CRITICAL	-	1.10.5	-
Django	GHSA-vfq6-hq5r-27r6	CRITICAL	Django Potential account hijack via password reset form	1.10.5	1.11.27
Django	CVE-2019-19844	critical	-	1.10.5	-
Django	PYSEC-2019-16	critical	-	1.10.5	1.11.27
Django	CVE-2025-57833	HIGH	-	1.10.5	-
Django	PYSEC-2022-245	HIGH	-	1.10.5	3.2.15
Django	CVE-2022-36359	HIGH	-	1.10.5	-
Django	GHSA-8x94-hmjh-97hq	HIGH	Django vulnerable to Reflected File Download attack	1.10.5	3.2.15
Django	GHSA-6w2r-r2m5-xq5w	HIGH	Django is subject to SQL injection through its column aliases	1.10.5	4.2.24
Django	GHSA-qw25-v68c-qjf3	HIGH	Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows	1.10.5	5.2.8
Django	CVE-2025-64458	HIGH	-	1.10.5	-

ℹ️ Other Vulnerabilities (17)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
Django	CVE-2017-7233	MODERATE	-	1.10.5	-
Django	GHSA-7xr5-9hcq-chf9	MODERATE	Django Improper Output Neutralization for Logs vulnerability	1.10.5	5.2.2
Django	PYSEC-2017-9	MODERATE	-	1.10.5	1.10.7
Django	GHSA-37hp-765x-j95x	MODERATE	Django open redirect and possible XSS attack via user-supplied numeric redirect URLs	1.10.5	1.10.7
Django	CVE-2024-45231	MODERATE	-	1.10.5	-
Django	GHSA-rrqc-c2jx-6jgv	MODERATE	Django allows enumeration of user e-mail addresses	1.10.5	5.1.1
Django	PYSEC-2017-44	MODERATE	-	1.10.5	1.10.8
Django	CVE-2017-12794	MODERATE	-	1.10.5	-
Django	GHSA-9r8w-6x8c-6jr9	MODERATE	Django vulnerable to XSS on 500 pages	1.10.5	1.10.8
Django	GHSA-68w8-qjq3-2gfm	MODERATE	Path Traversal in Django	1.10.5	2.2.24
Django	CVE-2025-48432	MODERATE	-	1.10.5	-
Django	PYSEC-2025-47	MODERATE	-	1.10.5	5.2.2
Django	GHSA-h4hv-m4h4-mhwg	MODERATE	Django open redirect	1.10.5	1.10.7
Django	CVE-2017-7234	MODERATE	-	1.10.5	-
Django	PYSEC-2017-10	MODERATE	-	1.10.5	1.10.7
Django	PYSEC-2021-98	MODERATE	-	1.10.5	2.2.24
Django	CVE-2021-33203	MODERATE	-	1.10.5	-

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System