[Snyk] Security upgrade django from 3.1.12 to 5.0.14

[msant262]

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• pygoat/requirements.txt

⚠️ Warning

Django 3.2.25 has requirement asgiref<4,>=3.3.2, but you have asgiref 3.2.7.
dj-database-url 2.3.0 has requirement Django>=4.2, but you have Django 3.2.25.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[PauloNova8]

Checkmarx One – Scan Summary & Details – 1691100c-748b-47bf-83aa-3d01a8e2c9ad

New Issues (43)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Missing User Instruction	/Dockerfile: 1	details A user should be specified in the dockerfile, otherwise the image will run as root
	Missing User Instruction	/Dockerfile: 1	details A user should be specified in the dockerfile, otherwise the image will run as root
	Passwords And Secrets - Generic Password	/docker-compose.yml: 11	details Query to find passwords and secrets in infrastructure code.
	Passwords And Secrets - Generic Secret	/teste_appscan.yml: 17	details Query to find passwords and secrets in infrastructure code.
	Apt Get Install Pin Version Not Defined	/Dockerfile: 5	details When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 5	details When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 5	details When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 8	details When installing a package, its pin version should be defined
	Container Capabilities Unrestricted	/docker-compose.yml: 2	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Capabilities Unrestricted	/docker-compose.yml: 12	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Capabilities Unrestricted	/docker-compose.yml: 23	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Capabilities Unrestricted	/docker-compose.yml: 4	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Capabilities Unrestricted	/docker-compose.yml: 14	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Traffic Not Bound To Host Interface	/docker-compose.yml: 16	details Incoming container traffic should be bound to a specific host interface
	Container Traffic Not Bound To Host Interface	/docker-compose.yml: 6	details Incoming container traffic should be bound to a specific host interface
	Healthcheck Not Set	/docker-compose.yml: 2	details Check containers periodically to see if they are running properly.
	Healthcheck Not Set	/docker-compose.yml: 4	details Check containers periodically to see if they are running properly.
	Healthcheck Not Set	/docker-compose.yml: 14	details Check containers periodically to see if they are running properly.
	Healthcheck Not Set	/docker-compose.yml: 12	details Check containers periodically to see if they are running properly.
	Healthcheck Not Set	/docker-compose.yml: 23	details Check containers periodically to see if they are running properly.
	Memory Not Limited	/docker-compose.yml: 4	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Memory Not Limited	/docker-compose.yml: 12	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Memory Not Limited	/docker-compose.yml: 23	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Security Opt Not Set	/docker-compose.yml: 12	details Attribute 'security_opt' should be defined.
	Security Opt Not Set	/docker-compose.yml: 14	details Attribute 'security_opt' should be defined.
	Security Opt Not Set	/docker-compose.yml: 23	details Attribute 'security_opt' should be defined.
	Security Opt Not Set	/docker-compose.yml: 2	details Attribute 'security_opt' should be defined.
	Security Opt Not Set	/docker-compose.yml: 4	details Attribute 'security_opt' should be defined.
	Unpinned Package Version in Pip Install	/Dockerfile: 20	details Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
	Cpus Not Limited	/docker-compose.yml: 12	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	Cpus Not Limited	/docker-compose.yml: 23	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	Cpus Not Limited	/docker-compose.yml: 4	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 7	details Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
	Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 9	details Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
	Pip install Keeping Cached Packages	/Dockerfile: 23	details When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
	Pip install Keeping Cached Packages	/Dockerfile: 20	details When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
	Pip install Keeping Cached Packages	/Dockerfile: 9	details When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
	Pip install Keeping Cached Packages	/Dockerfile: 14	details When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
	Unpinned Actions Full Length Commit SHA	/main.yml: 13	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/teste_appscan.yml: 14	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Update Instruction Alone	/Dockerfile: 8	details Instruction 'RUN update' should always be followed by ' install' in the same RUN statement

Fixed Issues (7)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2024-53908	Python-Django-5.1.3
	CVE-2024-53907	Python-Django-5.1.3
	CVE-2024-56201	Python-Jinja2-3.1.4
	CVE-2024-56326	Python-Jinja2-3.1.4
	CVE-2024-56374	Python-Django-5.1.3
	CVE-2025-26699	Python-Django-5.1.3
	CVE-2025-27516	Python-Jinja2-3.1.4