From 5ce9b7cdb2325edd64a6d29b1bfc32e6b088aeac Mon Sep 17 00:00:00 2001
From: thebaptiste <jean-baptiste.veslin@meteo.fr>
Date: Mon, 13 Apr 2026 16:53:22 +0000
Subject: [PATCH] feat: bump django lower limit to 4.2.30 (CVEs)

---
 .../python3_virtualenv_sources/requirements-to-freeze.txt  | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/adm/templates/plugins/python3_django/{{cookiecutter.name}}/python3_virtualenv_sources/requirements-to-freeze.txt b/adm/templates/plugins/python3_django/{{cookiecutter.name}}/python3_virtualenv_sources/requirements-to-freeze.txt
index 14e729f..5c10cef 100644
--- a/adm/templates/plugins/python3_django/{{cookiecutter.name}}/python3_virtualenv_sources/requirements-to-freeze.txt
+++ b/adm/templates/plugins/python3_django/{{cookiecutter.name}}/python3_virtualenv_sources/requirements-to-freeze.txt
@@ -2,9 +2,10 @@
 # see https://pip.readthedocs.io/en/1.1/requirements.html
 #django >= 5 requires sqlite >= 3.27 (not available on rocky 8)
 #   (but ok on rocky 9 or rocky 10)
-#django4 should be >= 4.2.29
+#django4 should be >= 4.2.30
 #to fix CVE-2024-53907, CVE-2024-53908, CVE-2025-26699, CVE-2025-27556
 #CVE-2025-57833, CVE-2025-57833, CVE-2025-64458, CVE-2025-64459,
 #CVE-2025-64460, CVE-2025-13372, CVE-2026-1207, CVE-2026-1287,
-#CVE-2026-1312, CVE-2026-25673 and CVE-2026-25674
-django>=4.2.29,<5
+#CVE-2026-1312, CVE-2026-25673, CVE-2026-25674, CVE-2026-3902, CVE-2026-33034,
+#CVE-2026-33033, CVE-2026-4292 and CVE-2026-4277
+django>=4.2.30,<5