From f5957fa3c0259fd52b195643db3aef3e845db07e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 12 Sep 2024 05:16:45 +0000 Subject: [PATCH] fix: requirements/base.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959 - https://snyk.io/vuln/SNYK-PYTHON-DJANGOALLAUTH-7413652 - https://snyk.io/vuln/SNYK-PYTHON-DJANGOALLAUTH-7577207 - https://snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6226331 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6226332 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-7172128 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-7443632 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements/base.txt | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 70d4321e..580a1f77 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -1,5 +1,5 @@ pytz==2023.3.post1 # https://github.com/stub42/pytz -Pillow==10.2.0 # https://github.com/python-pillow/Pillow +Pillow==10.3.0 # https://github.com/python-pillow/Pillow argon2-cffi==23.1.0 # https://github.com/hynek/argon2_cffi whitenoise==6.6.0 # https://github.com/evansd/whitenoise redis==5.0.1 # https://github.com/redis/redis-py @@ -15,19 +15,19 @@ xmltodict==0.13.0 # https://github.com/martinblech/xmltodict.git django==5.0.3 django-environ==0.11.2 # https://github.com/joke2k/django-environ django-model-utils==4.4.0 # https://github.com/jazzband/django-model-utils -django-allauth==0.61.1 # https://github.com/pennersr/django-allauth +django-allauth==0.63.6 # https://github.com/pennersr/django-allauth django-crispy-forms==2.1 # https://github.com/django-crispy-forms/django-crispy-forms crispy-bootstrap5==2024.2 # https://github.com/django-crispy-forms/crispy-bootstrap5 django-compressor==4.4 # https://github.com/django-compressor/django-compressor django-redis==5.4.0 # https://github.com/jazzband/django-redis4 # Django REST -djangorestframework==3.15.0 +djangorestframework==3.15.2 djangorestframework-simplejwt==5.3.1 # https://django-rest-framework-simplejwt.readthedocs.io/en/latest/ # Wagtail # ------------------------------------------------------------------------------ -wagtail==5.2.3 # https://github.com/wagtail/wagtail +wagtail==6.0.5 # https://github.com/wagtail/wagtail # Wagtail Recaptcha @@ -95,7 +95,7 @@ django-maintenance-mode==0.21.1 # Snky # ------------------------------------------------------------------------------ certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability -requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability #Django prometheus @@ -109,4 +109,7 @@ django-prometheus==2.3.1 # freezegun # ------------------------------------------------------------------------------ -freezegun==1.5.1 \ No newline at end of file +freezegun==1.5.1 +sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file