Skip to content

Bump nautobot from 2.3.16 to 2.4.10 #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Bump nautobot from 2.3.16 to 2.4.10 #380

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 4, 2025
edited
Loading

Bumps nautobot from 2.3.16 to 2.4.10.

Release notes

Sourced from nautobot's releases.

v2.4.10 - 2025-06-09

What's Changed

Security in v2.4.10

  • #6672 - Added enforcement of user authentication when serving uploaded media files (GHSA-rh67-4c8j-hjjh).
  • #7417 - Added protections against access of various security-related and/or data-altering methods of various Nautobot models from within a Jinja2 sandboxed environment or the Django template renderer (GHSA-wjw6-95h5-4jpx).
  • #7425 - Updated Django to 4.2.22 to address CVE-2025-48432.

Fixed in v2.4.10

  • #7358 - Fixed web_request_context faulty logic in its try/finally block.
  • #7362 - Fixed NautobotCSVParser incorrect parsing of many-to-many fields.

Documentation in v2.4.10

  • #7430 - Added latest security disclosures to the documentation.
  • #7430 - Removed John Anderson as a point of contact for Nautobot security issues.

Contributors

Full Changelog: nautobot/nautobot@v2.4.9...v2.4.10

v2.4.9 - 2025-05-27

What's Changed

Security in v2.4.9

  • #7317 - Updated setuptools to 78.1.1 to address CVE-2025-47273. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.

Added in v2.4.9

  • #7043 - Added support for job_queue parameter to JobResult.execute_job(), JobResult.enqueue_job(), and ScheduledJob.create_schedule().

Changed in v2.4.9

  • #7043 - Changed "Run Job" form to display a warning when submitting a Job against a Celery queue that has no active workers, but allow the job to be submitted, instead of blocking the Job altogether.

Fixed in v2.4.9

  • #7043 - Fixed regression introduced in 2.4.0 involving inability to specify a non-default job queue when scheduling a Job.
  • #7172 - Restored missing rd column in VRFTable.
  • #7245 - Fixed ExportObjectList job now initializes filter_params from the selected SavedView's config when ?saved_view is present and filters haven't been cleared. If additional query parameters are included, they override matching filters from the saved view.
  • #7250 - Fixed MULTISELECT custom field representation in GraphQL to be a JSON array instead of a string.

... (truncated)

Commits
  • 6227409 Merge pull request #7436 from nautobot/release/2.4.10
  • b8a85db Update 1.6 release note
  • 02d3075 Markdownlint
  • d9c1f9b Towncrier
  • a75651b Merge branch 'develop' into release/2.4.10
  • 4728d43 Update security contacts and add disclosures (#7430)
  • b78b0f5 Bring v1.6 release note up to date
  • be4e818 Improve security of SecretsProvider class.
  • ac852d5 Update nautobot/docs/release-notes/version-2.4.md
  • bd14de2 Towncrier and version bump
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Issues/pull requests relating to library dependencies python Pull requests that update Python code labels Sep 4, 2025
@dependabot dependabot bot added dependencies Issues/pull requests relating to library dependencies python Pull requests that update Python code labels Sep 4, 2025
@github-actions
Copy link

github-actions bot commented Sep 4, 2025

Coverage report

This PR does not seem to contain any modification to coverable code.

@gsnider2195
Copy link
Contributor

gsnider2195 commented Oct 2, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/pip/nautobot-2.4.10 branch from 8e024c3 to 6a31853 Compare October 2, 2025 16:53
@dependabot
Bump nautobot from 2.3.16 to 2.4.10
9d6e76b 
Bumps [nautobot](https://github.com/nautobot/nautobot) from 2.3.16 to 2.4.10.
- [Release notes](https://github.com/nautobot/nautobot/releases)
- [Changelog](https://github.com/nautobot/nautobot/blob/develop/CHANGELOG.md)
- [Commits](nautobot/nautobot@v2.3.16...v2.4.10)

---
updated-dependencies:
- dependency-name: nautobot
  dependency-version: 2.4.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/nautobot-2.4.10 branch from 6a31853 to 9d6e76b Compare October 2, 2025 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@glennmatthews glennmatthews Awaiting requested review from glennmatthews glennmatthews is a code owner

@smk4664 smk4664 Awaiting requested review from smk4664 smk4664 is a code owner

@romanukes romanukes Awaiting requested review from romanukes romanukes is a code owner

Assignees

No one assigned

Labels

dependencies Issues/pull requests relating to library dependencies python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gsnider2195