From 419c73dd132c649d45583b3e8d855bf4fd04b601 Mon Sep 17 00:00:00 2001
From: Robert Bartel <robert.bartel@noaa.gov>
Date: Fri, 12 Sep 2025 09:07:40 -0400
Subject: [PATCH] Bump Django dependency due to vulnerability.

Bumping to address Dependabot alert #55.

(CVE-2025-57833 / GHSA-6w2r-r2m5-xq5w)
---
 python/gui/dependencies.txt                      | 2 +-
 python/services/evaluationservice/pyproject.toml | 2 +-
 requirements.txt                                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/python/gui/dependencies.txt b/python/gui/dependencies.txt
index 63daec4a2..ecabb56e0 100644
--- a/python/gui/dependencies.txt
+++ b/python/gui/dependencies.txt
@@ -1,7 +1,7 @@
 attrs
 certifi
 chardet
-Django~=4.2
+Django~=4.2.24
 gunicorn>=22.0
 idna
 jsonschema==3.0.2
diff --git a/python/services/evaluationservice/pyproject.toml b/python/services/evaluationservice/pyproject.toml
index e0f4c7f49..144fbcfb7 100644
--- a/python/services/evaluationservice/pyproject.toml
+++ b/python/services/evaluationservice/pyproject.toml
@@ -15,7 +15,7 @@ dependencies = [
     "channels",
     "channels-redis",
     "django-rq",
-    "Django~=4.2",
+    "Django~=4.2.24",
     "djangorestframework",
     "geopandas",
     "exceptiongroup"
diff --git a/requirements.txt b/requirements.txt
index 67aa677e3..e89f8c3dc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -31,7 +31,7 @@ daphne
 Pint
 django_rq
 requests
-Django~=4.2
+Django~=4.2.24
 scipy
 xarray
 python-dateutil