The Wire · Showcase
DJANGOPROJECT.COM TIGHTENS CI PIPELINE WITH MAJOR DEPENDENCY UPGRADES
By RepoJournal · Filed · About Django
The Django web properties team shipped a coordinated security and stability push overnight, upgrading codecov, GitHub Actions, and error tracking in a single wave.
The djangoproject.com site moved codecov/codecov-action from 6.0.1 to 7.0.0 [1], marking a migration away from a compromised keybase account to a fresh security ops account. Actions/checkout jumped to 7.0.0 [2] with new fork PR protections that block untrusted code checkout on pull_request_target events, a critical security hardening for any workflow that accepts external contributions. Sentry SDK bumped to 2.63.0 [3], fixing a double-wrapping bug in FastAPI handlers that could have masked errors in production. Prek, the pre-commit language manager, advanced to 0.4.5 [4] with full coverage across R, Conda, Perl, and coursier ecosystems. Meanwhile, core Django itself cleaned house [5], renaming tests/migrations/test_base.py to base.py to match naming conventions used elsewhere in the test suite and eliminate a confusing misnomer. None of these are breaking changes for downstream teams, but the codecov and actions/checkout upgrades should be pulled into any workflow that mirrors djangoproject.com's CI setup.
Action items
- → Pull codecov/codecov-action 7.0.0 into your CI if you use keybase-backed signing django/djangoproject.com [plan]
- → Review your workflow_run and pull_request_target triggers for fork PR exposure after actions/checkout 7.0.0 upgrade django/djangoproject.com [plan]
- → Monitor Sentry error fingerprinting if you run FastAPI with Sentry SDK 2.60.x django/djangoproject.com [monitor]
References
- [1] Bump codecov/codecov-action from 6.0.1 to 7.0.0 ↗ django/djangoproject.com
- [2] Bump actions/checkout from 6.0.3 to 7.0.0 ↗ django/djangoproject.com
- [3] Bump sentry-sdk from 2.60.0 to 2.63.0 in /requirements ↗ django/djangoproject.com
- [4] Bump prek from 0.3.8 to 0.4.5 in /requirements ↗ django/djangoproject.com
- [5] Renamed tests/migrations/test_base.py to tests/migrations/base.py. ↗ django/django
FAQ
- What changed in Django on June 30, 2026?
- The Django web properties team shipped a coordinated security and stability push overnight, upgrading codecov, GitHub Actions, and error tracking in a single wave.
- What should Django teams do about it?
- Pull codecov/codecov-action 7.0.0 into your CI if you use keybase-backed signing • Review your workflow_run and pull_request_target triggers for fork PR exposure after actions/checkout 7.0.0 upgrade • Monitor Sentry error fingerprinting if you run FastAPI with Sentry SDK 2.60.x
- Which Django repositories shipped on June 30, 2026?
- django/djangoproject.com, django/django