upgrade django to fix pip_audit

[acosferreira]

Jira Issue: https://issues.redhat.com/browse/AAP-54545

Description

update django to fix

django | 4.2.25 | GHSA-qw25-v68c-qjf3 | 4.2.26,5.1.14,5.2.8 | An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
django | 4.2.25 | GHSA-frmv-pr5f-9mcr | 4.2.26,5.1.14,5.2.8 | An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.

Testing

Steps to test

1. Pull down the PR
2. ...
3. ...

Scenarios tested

Production deployment

• This code change is ready for production on its own
• This code change requires the following considerations before going to production:

---

Note

Upgrade Django to 4.2.26, pin pip<24.1 in the pip-compile workflow, and regenerate compiled requirements (including a full requirements.txt).

• Dependencies:
  • Upgrade Django from 4.2.25 to 4.2.26 in pyproject.toml, requirements.in, and compiled requirements-*.txt.
• CI:
  • Update .github/workflows/pip_compile.yml to pip install --upgrade "pip<24.1" before installing pip-tools.
• Requirements:
  • Regenerate requirements-aarch64.txt, requirements-x86_64.txt, and produce a fully expanded requirements.txt from requirements.in.

^{Written by Cursor Bugbot for commit 6ecb0fd. This will update automatically on new commits. Configure here.}

[cursor]

Bug: Lockfile Drift Breaks Dependency Management

The workflow monitors requirements.txt for changes but only validates architecture-specific files. After changing requirements.txt from a simple reference file to a full lockfile, the workflow now fails to regenerate or validate it when dependencies change. This causes requirements.txt to drift from requirements-{arch}.txt files over time, potentially breaking installations.

 

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud