Skip to content

[compliance] Update devbox examples with vulnerabilities #2753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
loreto merged 1 commit into from
Dec 17, 2025
Merged

[compliance] Update devbox examples with vulnerabilities #2753

loreto merged 1 commit into from
Dec 17, 2025

Conversation

@loreto
Copy link
Contributor

@loreto loreto commented Dec 17, 2025

Summary

.Update devbox examples with vulnerabilities. Bump Django from 4.2.22 to 4.2.27 in the Django stack requirements. Update filelock from 3.18.0 to 3.20.1 in the PyTorch basic example poetry.lock file.

How was it tested?

devbox shell

Community Contribution License

All community contributions in this pull request are licensed to the project
maintainers under the terms of the
Apache 2 License.

By creating this pull request, I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 License as stated in
the
Community Contribution License.

@loreto
Update Django and filelock dependencies
ab24034 
Bump Django from 4.2.22 to 4.2.27 in the Django stack requirements. Update filelock from 3.18.0 to 3.20.1 in the PyTorch basic example poetry.lock file.
@loreto loreto requested a review from Copilot December 17, 2025 16:14
Copilot AI reviewed Dec 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates dependency versions in devbox examples to address known security vulnerabilities. The updates include Django in the Django stack example and filelock in the PyTorch basic example, bringing both to their latest secure versions.

  • Upgraded Django from 4.2.22 to 4.2.27 to address security vulnerabilities
  • Updated filelock from 3.18.0 to 3.20.1 with corresponding poetry.lock changes including hashes and metadata

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
examples/stacks/django/requirements.txt Bumped Django version from 4.2.22 to 4.2.27 to address security vulnerabilities
examples/data_science/pytorch/basic-example/poetry.lock Updated filelock from 3.18.0 to 3.20.1, including updated file hashes, python version requirement, and removed extras metadata

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@loreto loreto merged commit a2b6b73 into main Dec 17, 2025
35 checks passed
@loreto loreto deleted the daniel/deps3 branch December 17, 2025 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mikeland73 mikeland73 mikeland73 approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@loreto @mikeland73