Description
You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.
All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.
Checklist
Put an x in the bracket when you have completed each task, like this: [x]
- This issue is not about installing previous versions of django-smart-selects older than 1.2.8. I understand that previous versions are insecure and will not receive any support whatsoever.
- I have verified that that issue exists against the
masterbranch of django-smart-selects. - I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
- I have debugged the issue to the
smart_selectsapp. - I have reduced the issue to the simplest possible case.
- I have included all relevant sections of
models.py,forms.py, andviews.pywith problems. - I have used GitHub Flavored Markdown to style all of my posted code.
Steps to reproduce
- Create a Django 5 project using
django-smart-selectsinstalled from PyPi. - Try to run the project.
Actual behavior
The latest version of django-smart-selects package which is available on PyPi is 1.6.0. This version is not compatible with Django 5.0, while the latest available on GitHub (1.7.1) is.
In the repository Actions I saw that the following step fails:
https://github.com/jazzband/django-smart-selects/actions/runs/8273216022/job/22636552189#step:7:16
This step could be solved by using the help provided by the following StackOverflow answer:
https://stackoverflow.com/questions/70435286/resource-not-accessible-by-integration-on-github-post-repos-owner-repo-ac
Expected behavior
Installing the package from PyPi should install the latest version.