[Snyk] Security upgrade django from 2.2.28 to 4.2.26

[anonim-01]

Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements/dev.txt

⚠️ Warning

inflect 6.0.5 has requirement pydantic<2,>=1.9.1, but you have pydantic 2.4.2.
code-annotations 1.5.0 requires stevedore, which is not installed.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 SQL Injection

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-3f45e2f9370e71ab610a5adcd57be4a5

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull Request Overview

This PR attempts to upgrade Django from 2.2.28 to 4.2.26 to address security vulnerabilities identified by Snyk. However, the upgrade is incomplete and will likely fail due to conflicting constraints.

Key Changes

• Updates Django version in requirements/dev.txt from 2.2.28 to 4.2.26
• This is a major version jump spanning two Django major versions (2.2 → 4.2)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Incomplete upgrade: While dev.txt is updated to Django 4.2.26, requirements/django.txt still specifies django==2.2.28, and more critically, requirements/django.in has an explicit constraint Django>=2.2,<3.0 that will prevent Django 4.2.26 from being installed. All three files need to be updated consistently for the upgrade to work. Additionally, setup.py classifiers list Django 3.2 and 4.0 support but not 4.2.

[Copilot]

Major version upgrade without migration plan: Upgrading from Django 2.2 to 4.2 spans two major versions and includes breaking changes. The CHANGELOG.rst shows Django 4.2 support was added in version 1.7.0, but this PR doesn't address potential breaking changes in middleware configuration (xblock/test/settings.py uses older middleware patterns), deprecated APIs, or template syntax changes. A comprehensive testing and migration strategy should be documented.