Upgrade Django to fix CVE-2025-59682 and CVE-2025-59681 (#1772)

hasys · web-flow · commit 40754ef0967d · 2025-10-06T11:44:01.000+02:00
* Upgrade Django to fix CVE-2025-59682 and CVE-2025-59681 * Upgrade pip to address pip-audit issues * Ignore GHSA-4xh5-x5gv-qwph until pip 25.3 released
diff --git a/.github/workflows/pip_audit.yml b/.github/workflows/pip_audit.yml
@@ -65,3 +65,6 @@ jobs:
             GHSA-pq67-6m6q-mj2v
             # We don't use urllib3 from Node.js
             GHSA-48p4-8xcf-vxj5
+            # pip 25.3 is not released yet
+            # See: https://github.com/advisories/GHSA-4xh5-x5gv-qwph
+            GHSA-4xh5-x5gv-qwph
diff --git a/pyproject.toml b/pyproject.toml
@@ -14,7 +14,7 @@ dependencies = [
   'ansible-lint~=24.2.2',
   'boto3~=1.26.84',
   'daphne~=4.1.2',
-  'Django~=4.2.18',
+  'Django~=4.2.25',
   'django-deprecate-fields~=0.1.1',
   'django-extensions~=3.2.1',
   'django-health-check~=3.17.0',
diff --git a/requirements-aarch64.txt b/requirements-aarch64.txt
@@ -106,7 +106,7 @@ diff-match-patch==20230430
     # via django-import-export
 distro==1.9.0
     # via llama-stack-client
-django==4.2.24
+django==4.2.25
     # via
     #   -r requirements.in
     #   django-allow-cidr
diff --git a/requirements-dev-aarch64.txt b/requirements-dev-aarch64.txt
@@ -69,7 +69,7 @@ pathspec==0.12.1
     #   -c requirements-aarch64.txt
     #   black
     #   yamllint
-pip-tools==7.4.1
+pip-tools==7.5.1
     # via -r requirements-dev.in
 platformdirs==4.2.1
     # via
diff --git a/requirements-dev-x86_64.txt b/requirements-dev-x86_64.txt
@@ -69,7 +69,7 @@ pathspec==0.12.1
     #   -c requirements-x86_64.txt
     #   black
     #   yamllint
-pip-tools==7.4.1
+pip-tools==7.5.1
     # via -r requirements-dev.in
 platformdirs==4.2.1
     # via
diff --git a/requirements-x86_64.txt b/requirements-x86_64.txt
@@ -106,7 +106,7 @@ diff-match-patch==20230430
     # via django-import-export
 distro==1.9.0
     # via llama-stack-client
-django==4.2.24
+django==4.2.25
     # via
     #   -r requirements.in
     #   django-allow-cidr
diff --git a/requirements.in b/requirements.in
@@ -19,7 +19,7 @@ black==24.3.0
 certifi@git+https://github.com/ansible/system-certifi@5aa52ab91f9d579bfe52b5acf30ca799f1a563d9
 cryptography==43.0.1
 daphne==4.1.2
-Django==4.2.24
+Django==4.2.25
 django-deprecate-fields==0.1.1
 django-extensions==3.2.1
 django-health-check==3.17.0
