-
Notifications
You must be signed in to change notification settings - Fork 7
[Snyk] Fix for 2 vulnerabilities #514
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -12,7 +12,7 @@ xmltodict==0.13.0 # https://github.com/martinblech/xmltodict.git | |||||
|
|
||||||
| # Django | ||||||
| # ------------------------------------------------------------------------------ | ||||||
| django==4.1.6 # pyup: < 4.0 # https://www.djangoproject.com/ | ||||||
| django==4.2.28 # pyup: < 4.0 # https://www.djangoproject.com/ | ||||||
|
||||||
| django-environ==0.8.1 # https://github.com/joke2k/django-environ | ||||||
| django-model-utils==4.3.1 # https://github.com/jazzband/django-model-utils | ||||||
| django-allauth==0.54.0 # https://github.com/pennersr/django-allauth | ||||||
|
||||||
| django-allauth==0.54.0 # https://github.com/pennersr/django-allauth | |
| django-allauth==0.57.0 # https://github.com/pennersr/django-allauth |
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Wagtail upgrade from 4.2.2 to 6.3.6 is a major version jump spanning two major releases (5.x and 6.x). This introduces significant breaking changes that will cause runtime errors. Key issues include:
- Wagtail 5.0+ requires Pillow>=9.1.0, but line 3 has Pillow==9.0.1 (as noted in the PR warnings)
- wagtailautocomplete.edit_handlers.AutocompletePanel was deprecated in Wagtail 3.0 and removed in later versions - it should be imported from wagtail.admin.panels instead (used in 11+ files across the codebase)
- wagtail.contrib.modeladmin was deprecated in Wagtail 5.0 and requires migration to the Snippet ViewSets API (used extensively throughout the codebase)
- Multiple template tag and API changes between versions
This upgrade requires code migration across the entire codebase before it can work properly. Consider upgrading incrementally (4.2→5.0→6.0→6.3) with proper testing at each step.
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pillow version 9.0.1 on line 3 is incompatible with the upgraded Wagtail 6.3.6. As noted in the PR warnings, Wagtail 5.0.5+ requires Pillow>=9.1.0. This dependency needs to be updated to at least Pillow==9.1.0, though a more recent version like 10.x or 11.x would be preferable for security and compatibility. Without this update, the application will fail to start with a dependency conflict error.
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The wagtailmenus version 3.1.3 is likely incompatible with Wagtail 6.3.6. Wagtailmenus 3.1.3 was released for Wagtail 3.x and 4.x. For Wagtail 6.x, wagtailmenus 4.0+ is required. Without updating this dependency, the menu functionality will fail with import errors or runtime exceptions. This is a secondary dependency that should be addressed alongside the main Wagtail upgrade.
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The wagtail-autocomplete version 0.9.0 is incompatible with Wagtail 6.3.6. Wagtail-autocomplete 0.9.0 supports up to Wagtail 4.x. For Wagtail 6.x, wagtail-autocomplete 0.11+ is required. Additionally, the codebase imports from the deprecated wagtailautocomplete.edit_handlers module (used in 11+ files including article/models.py, education_directory/models.py, etc.), which needs to be updated to use wagtail.admin.panels instead. This will cause import errors throughout the application.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Django version upgrade to 4.2.28 violates the explicit version constraint "pyup: < 4.0" specified in the comment. This constraint indicates that the codebase is not intended to be upgraded to Django 4.x. The jump from Django 4.1.6 to 4.2.28 requires updating this constraint to match the intended version policy, or downgrading to the latest 3.2.x LTS version if the constraint is intentional. Note that Django 4.0 introduced several breaking changes including new template tag autoescape behavior, updated URL pattern matching, and changes to the admin interface.