Upgrade Django from 2.2.13 to 5.1.14

[marcusbeirne]

Summary

Upgrades minicom-public Django environment from 2.2.13 to 5.1.14 to match the current production version and avoid security vulnerabilities in older Django versions.

Changes

📦 Dependencies

• Django: 2.2.13 → 5.1.14
• django-cors-headers: 2.5.3 → 4.4.0+

🏗️ Virtual Environment Structure

• Changed from creating venv in project root (.) to venv/ subdirectory
• Follows Python best practices and matches minicom repo structure
• Cleaner separation between code and virtual environment

🔧 Scripts Updated

script/django/setup:

• Uses venv/ subdirectory instead of root directory
• Added Python 3.10+ version check (required for Django 5.1)
• Added error handling with set -e
• Added pip upgrade step
• Added informative status messages

script/django/start:

• Updated to use venv/bin/activate path
• Added virtual environment existence check
• Improved error messages

📝 Documentation

django/README.md:

• Updated activation path: bin/activate → venv/bin/activate
• Fixed migration commands to use correct venv path
• Updated Django docs link: 1.8 → 5.1
• Clarified SQLite shell commands section
• Improved formatting and consistency

🔒 Git Configuration

django/.gitignore:

• Replaced wildcard * with specific patterns
• Now properly ignores: venv/, *.sqlite3, __pycache__/, etc.
• Prevents tracking build artifacts and databases

Database file:

• Removed db.sqlite3 from git tracking
• Database should be generated fresh by each developer running setup

Testing

• ✅ Fresh setup runs successfully
• ✅ Django 5.1.14 installs correctly
• ✅ Python 3.10+ requirement enforced
• ✅ Virtual environment created in correct location
• ✅ Migrations apply successfully
• ✅ Database operations work correctly

Breaking Changes

None - this is a development environment upgrade. Candidates will run script/django/setup to create fresh environments.

🤖 Generated with Claude Code

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pypi/​django@​2.2.13 ⏵ 5.1.4	+1
	pypi/​django-cors-headers@​2.5.3 ⏵ 4.6.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: pypi django License: Font-Awesome-Free-License-6.x - the applicable license policy does not allow this license (4) (Django-5.1.4/docs/_theme/djangodocs/static/fontawesome/LICENSE.txt) From: django/requirements.txt → pypi/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report