Update the Django version to 2.1.2, which is the latest one.

Question

Update the Django version to 2.1.2, which is the latest one.

ykdojo opened this issue 6 years ago · comments

It's just because GitHub says Django < 2.1.2 has some security issues. I'm not sure what they are exactly, but probably better to be safe here.

Deleted user · Answer 1 · Sat Oct 20 2018 23:57:56 GMT+0800 (China Standard Time)

How to update @ykdojo? Using pip ?

YK · Answer 2 · Sat Oct 20 2018 23:59:20 GMT+0800 (China Standard Time)

No I think we're going to keep using pipenv for this.

…

On Sat, Oct 20, 2018 at 11:57 AM rahul9832 ***@***.***> wrote: How to update @ykdojo <https://github.com/ykdojo>? Using pip ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#7 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABukw0pSo_XBOUR4HKeqftS7YrQ5-XsVks5um0gFgaJpZM4Xw6qB> .

Ben Soyka · Answer 3 · Sun Oct 21 2018 12:41:11 GMT+0800 (China Standard Time)

@ykdojo, the issue is that a new version of Django could be released with a change that breaks the code, but it still fits the requirement, so your code should would no longer work. I recommend Dependabot. When a new version of a dependency (like Django) is released, the bot will make a PR updating the Pipfile with the new version number. Then, you make sure nothing will break your code, and merge the PR to update the Pipfile requirement.

So, it’s not necessarily an issue with a new version of Django, but it’s how you are requiring it in the Pipfile. Instead use:
django==2.1.2
and set up Dependabot, which will take care of the rest.

YK · Answer 4 · Sun Oct 21 2018 13:18:34 GMT+0800 (China Standard Time)

Okay sounds good. Thanks for the info!

Ben Soyka · Answer 5 · Sun Oct 21 2018 22:08:00 GMT+0800 (China Standard Time)

Of course! Happy to help!

YK · Answer 6 · Sun Nov 25 2018 12:23:47 GMT+0800 (China Standard Time)

Done. e739367