Skip to content

build(deps): bump django from 5.1.15 to 6.0.5 in /backend#3355

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/backend/django-6.0.5
Closed

build(deps): bump django from 5.1.15 to 6.0.5 in /backend#3355
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/backend/django-6.0.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps django from 5.1.15 to 6.0.5.

Commits
  • 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
  • 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
  • 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
  • ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
  • 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
  • f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
  • 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
  • 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
  • 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
  • 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the backend Code review backend label May 11, 2026
@dependabot dependabot Bot mentioned this pull request May 11, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/django-6.0.5 branch from d90cf60 to e63c170 Compare June 1, 2026 10:11
@dependabot
build(deps): bump django from 5.1.15 to 6.0.5 in /backend
9259fd6 
Bumps [django](https://github.com/django/django) from 5.1.15 to 6.0.5.
- [Commits](django/django@5.1.15...6.0.5)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 6.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/django-6.0.5 branch from e63c170 to 9259fd6 Compare June 1, 2026 10:13
@marco-c

marco-c commented Jun 1, 2026

Copy link
Copy Markdown
Collaborator

@La0 do you think we can safely merge this?

@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3419.

@dependabot dependabot Bot closed this Jun 8, 2026
@dependabot dependabot Bot deleted the dependabot/pip/backend/django-6.0.5 branch June 8, 2026 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend Code review backend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marco-c