From d9e58ed359f6e924dcdc058c2104011f0ea6b7be Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 19 May 2024 16:52:51 +0000
Subject: [PATCH] fix: django/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674
---
 django/requirements.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/django/requirements.txt b/django/requirements.txt
index a4a2654d3..b70e16d9f 100644
--- a/django/requirements.txt
+++ b/django/requirements.txt
@@ -53,3 +53,5 @@ pgcli
 rarfile
 # CoMSES citation app - disabled until migration to django 2.0 https://github.com/comses/citation/issues/20
 # -e git+https://github.com/comses/citation.git#egg=citation
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability