Skip to content

Bump django from 5.2.8 to 6.0.5 in /backend#4606

Open
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/pip/backend/django-6.0.4
Open

Bump django from 5.2.8 to 6.0.5 in /backend#4606
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/pip/backend/django-6.0.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited
Loading

Bumps django from 5.2.8 to 6.0.5.

Commits
  • 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
  • 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
  • 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
  • ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
  • 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
  • f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
  • 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
  • 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
  • 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
  • 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies python Pull requests that update Python code labels Apr 23, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pycon Ready Ready Preview May 5, 2026 10:40pm

@dependabot
Bump django from 5.2.8 to 6.0.5 in /backend
849feb4 
Bumps [django](https://github.com/django/django) from 5.2.8 to 6.0.5.
- [Commits](django/django@5.2.8...6.0.5)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump django from 5.2.8 to 6.0.4 in /backend Bump django from 5.2.8 to 6.0.5 in /backend May 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/django-6.0.4 branch from 605578d to 849feb4 Compare May 5, 2026 22:22
@marcoacierno
Copy link
Copy Markdown
Member

marcoacierno commented May 5, 2026

@claude Fix this:

Using CPython 3.13.5 interpreter at: /opt/hostedtoolcache/Python/3.13.5/x64/bin/python3
Creating virtual environment at: .venv
× No solution found when resolving dependencies for split
│ (python_full_version >= '3.13.5' and python_full_version < '3.14' and
│ sys_platform == 'darwin'):
╰─▶ Because django-timezone-field==7.0 depends on django>=3.2,<6.0 and your
project depends on django==6.0.5, we can conclude that your project and
django-timezone-field==7.0 are incompatible.
And because your project depends on django-timezone-field==7.0, we can
conclude that your project's requirements are unsatisfiable.

@claude
Copy link
Copy Markdown
Contributor

claude Bot commented May 5, 2026
edited
Loading

Claude finished @marcoacierno's task in 2m 52s —— View job

Fixing Dependency Conflict

  • Analyze the dependency conflict
  • Find compatible version of django-timezone-field for Django 6.0
  • Update pyproject.toml with the fix
  • Commit and push changes

Fixed: Updated django-timezone-field==7.0django-timezone-field>=7.1 in pyproject.toml to resolve the Django 6.0 compatibility issue.

The previous version (7.0) required django>=3.2,<6.0, which conflicted with Django 6.0.5. The CI will now re-run to verify the fix works correctly.
|

@github-actions @marcoacierno
Update django-timezone-field to support Django 6.0
f900a21 
django-timezone-field 7.0 requires django>=3.2,<6.0, which conflicts
with the Django 6.0.5 upgrade. Updating to >=7.1 for Django 6.0 support.

Co-authored-by: Marco Acierno <marcoacierno@users.noreply.github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 6, 2026

A newer version of django exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcoacierno