From 414769755ff5b9e7355f9eda42056ef5f3e88144 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 31 Aug 2024 08:10:52 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389002 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389021 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2968205 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3319450 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 --- requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b71d306f..4e36f4eb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ graphene==2.1.8 -Django==2.2.26 +Django==4.2.15 django-filter==2.1.0 graphene-file-upload==1.2.2 django-cors-headers==3.7.0 @@ -26,3 +26,4 @@ kf_lib_data_ingest @ git+https://git@github.com/kids-first/kf-lib-data-ingest.gi graphene_django @ git+https://git@github.com/graphql-python/graphene-django.git@d52b18a700d2c1cec4b2de1f673bff14e2d18071 marshmallow==3.12.1 XlsxWriter==1.4.4 +sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability