Skip to content

fix(api): Remove Django pin from uv override-dependencies and upgrade to 5.2.15#7755

Merged
emyller merged 1 commit into
mainfrom
fix/remove-django-override-pin
Jun 11, 2026
Merged

fix(api): Remove Django pin from uv override-dependencies and upgrade to 5.2.15#7755
emyller merged 1 commit into
mainfrom
fix/remove-django-override-pin

Conversation

@matthewelwell

@matthewelwell matthewelwell commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Thanks for submitting a PR! Please check the boxes below:

  • I have read the Contributing Guide.
  • I have added information to docs/ if required so people know about the feature.
  • I have filled in the "Changes" section below.
  • I have filled in the "How did you test this code" section below.

Changes

Removes the override for django added in the uv migration in order to update to 5.2.15 to resolve a CVE.

How did you test this code?

  • Ran uv lock --upgrade-package django locally — confirmed Django moves from 5.2.14 → 5.2.15 in uv.lock with no other package changes.
  • After merge, the next scheduled Renovate run (or a manual workflow dispatch of .github/workflows/renovate.yml) should produce the renovate/pypi-django-vulnerability PR rather than parking it on the dashboard.

@matthewelwell @claude
fix(api): Remove Django pin from uv override-dependencies
00e03a8 
The `django==5.2.14` override in `[tool.uv].override-dependencies` was
holding Django at 5.2.14 regardless of the `django >=5,<6` constraint in
`[project].dependencies`, which prevented Renovate from generating the
Django 5.2.15 security update PR (the lockfile would never change).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@matthewelwell matthewelwell requested a review from a team as a code owner June 11, 2026 11:04
@matthewelwell matthewelwell requested review from emyller and removed request for a team June 11, 2026 11:04
@vercel

vercel Bot commented Jun 11, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments
Project Deployment Actions Updated (UTC)
docs Ignored Ignored Jun 11, 2026 11:04am
flagsmith-frontend-preview Ignored Ignored Jun 11, 2026 11:04am
flagsmith-frontend-staging Ignored Ignored Jun 11, 2026 11:04am

Request Review

@github-actions github-actions Bot added api Issue related to the REST API fix labels Jun 11, 2026
@github-actions

github-actions Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Docker builds report

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-e2e:pr-7755 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-frontend:pr-7755 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-api:pr-7755 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-private-cloud:pr-7755 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-api-test:pr-7755 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith:pr-7755 Finished ✅ Results

@matthewelwell matthewelwell changed the title fix(api): Remove Django pin from uv override-dependencies fix(api): Remove Django pin from uv override-dependencies and upgrade to 5.2.15 Jun 11, 2026
@matthewelwell matthewelwell mentioned this pull request Jun 11, 2026
Draft
4 tasks
@github-actions

github-actions Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Playwright Test Results (oss - depot-ubuntu-latest-16)

passed  1 passed

Details

stats  1 test across 1 suite
duration  38.7 seconds
commit  00e03a8
info  🔄 Run: #17429 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

passed  1 passed

Details

stats  1 test across 1 suite
duration  43.4 seconds
commit  00e03a8
info  🔄 Run: #17429 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

passed  2 passed

Details

stats  2 tests across 2 suites
duration  33.4 seconds
commit  00e03a8
info  🔄 Run: #17429 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

passed  1 passed

Details

stats  1 test across 1 suite
duration  58.2 seconds
commit  00e03a8
info  🔄 Run: #17429 (attempt 1)

@codecov

codecov Bot commented Jun 11, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.55%. Comparing base (a9822c3) to head (00e03a8).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7755   +/-   ##
=======================================
  Coverage   98.55%   98.55%           
=======================================
  Files        1454     1454           
  Lines       56000    56000           
=======================================
  Hits        55193    55193           
  Misses        807      807

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

github-actions Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Visual Regression

19 screenshots compared. See report for details.
View full report

@emyller emyller merged commit 8a6c26b into main Jun 11, 2026
35 of 36 checks passed
@emyller emyller deleted the fix/remove-django-override-pin branch June 11, 2026 12:40
@flagsmith-engineering flagsmith-engineering Bot mentioned this pull request Jun 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emyller emyller emyller approved these changes

Assignees

@emyller emyller

Labels

api Issue related to the REST API fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthewelwell @emyller