CVE-2023-36053: Updated the Django requirement

[hkage]

This PR addresses the CVE-2023-36053 that was fixed in Django 3.2.20 Therefore the requirements for the project have been updated to the most recent Django 3.2 version.

In addition, I stumbled across various other problems that occurred when running the CI jobs:

• Some requirements (base and testing) had to be pinned as pip-tools detected some version clashes. I could have updated the Django requirement manually, but many of the problems would have arisen again if the requirements had been rebuilt from scratch.
• Python 3.6 could not be installed within the Github action: 3.6 with arch x64 not found I guess the Python version was removed from the Github action. As Python 3.6 and also 3.7 have reached their end-of-live I removed them from the Github actions and tox configuration.
• The tox tests for all current Python versions failed because Tox was installed in the current version 4 and tox-factor doesn't support it yet. As tox 4 has a builtin factor-flag I removed tox-factor from the test setup.

Testing

Check whether the runserver can be started and test that basic features are functional. Even without a JIRA backend, create a test poker session and some tickets within the Django admin.

If you are starting with a blank project setup, run the following commands before:

npm install
npm run build
python manage.py createsuperuser  # optional
python manage.py migrate

[codecov-commenter]

Codecov Report

Merging #10 (033e117) into development (931dcba) will not change coverage.
The diff coverage is n/a.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@              Coverage Diff               @@
##           development       #10    +/-   ##
==============================================
  Coverage       100.00%   100.00%            
==============================================
  Files               25        14    -11     
  Lines              486       231   -255     
  Branches            26        26            
==============================================
- Hits               486       231   -255     

Flag	Coverage Δ
unittests	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 11 files with indirect coverage changes

[W1ldPo1nter]

LGTM. However, we should probably figure out how or even whether to deal with vulnerabilities of this kind in the future as we're basically only providing a library based on Django, which in turn is only a dev requirement. We're not forcing anyone to install a vulnerable Django version via the install requirements in setup.py and a vulnerable version in a dev setup is probably a non-issue. Maybe we should reconfigure/disable the bot for vulnerabilities of this kind?

Nevertheless, 👍 for fixing the requirements and test workflow.

[hkage]

LGTM. However, we should probably figure out how or even whether to deal with vulnerabilities of this kind in the future as we're basically only providing a library based on Django, which in turn is only a dev requirement. We're not forcing anyone to install a vulnerable Django version via the install requirements in setup.py and a vulnerable version in a dev setup is probably a non-issue. Maybe we should reconfigure/disable the bot for vulnerabilities of this kind?

Nevertheless, 👍 for fixing the requirements and test workflow.

That is a valid argument, indeed. I don't know whether we can configure the dependabot within the project settings, but at least it should be possible to use a YAML-based configuration to define certain rules and behaviours. So maybe we can figure out how to restrict the checks to the setup.py requirements instead of the development requirements.