feat: bump django lower limit to 4.2.30 (CVEs) (#710)

thebaptiste · web-flow · commit 89d7717be69c · 2026-04-14T09:15:33.000+02:00
diff --git a/adm/templates/plugins/python3_django/{{cookiecutter.name}}/python3_virtualenv_sources/requirements-to-freeze.txt b/adm/templates/plugins/python3_django/{{cookiecutter.name}}/python3_virtualenv_sources/requirements-to-freeze.txt
@@ -2,9 +2,10 @@
 # see https://pip.readthedocs.io/en/1.1/requirements.html
 #django >= 5 requires sqlite >= 3.27 (not available on rocky 8)
 #   (but ok on rocky 9 or rocky 10)
-#django4 should be >= 4.2.29
+#django4 should be >= 4.2.30
 #to fix CVE-2024-53907, CVE-2024-53908, CVE-2025-26699, CVE-2025-27556
 #CVE-2025-57833, CVE-2025-57833, CVE-2025-64458, CVE-2025-64459,
 #CVE-2025-64460, CVE-2025-13372, CVE-2026-1207, CVE-2026-1287,
-#CVE-2026-1312, CVE-2026-25673 and CVE-2026-25674
-django>=4.2.29,<5
+#CVE-2026-1312, CVE-2026-25673, CVE-2026-25674, CVE-2026-3902, CVE-2026-33034,
+#CVE-2026-33033, CVE-2026-4292 and CVE-2026-4277
+django>=4.2.30,<5
