Update the Django version to 2.1.2, which is the latest one.
ykdojo opened this issue · comments
It's just because GitHub says Django < 2.1.2 has some security issues. I'm not sure what they are exactly, but probably better to be safe here.
@ykdojo, the issue is that a new version of Django could be released with a change that breaks the code, but it still fits the requirement, so your code should would no longer work. I recommend Dependabot. When a new version of a dependency (like Django) is released, the bot will make a PR updating the Pipfile with the new version number. Then, you make sure nothing will break your code, and merge the PR to update the Pipfile requirement.
So, it’s not necessarily an issue with a new version of Django, but it’s how you are requiring it in the Pipfile. Instead use:
and set up Dependabot, which will take care of the rest.
Okay sounds good. Thanks for the info!
Of course! Happy to help!