From b492da44252f78e1b0076bcdc7d1882ad2bf17be Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 2 Sep 2024 08:09:14 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389002
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389021
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2968205
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3319450
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814
- https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-7856105
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674
---
 requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index b71d306f..d1d70c3c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 graphene==2.1.8
-Django==2.2.26
+Django==4.2.15
 django-filter==2.1.0
 graphene-file-upload==1.2.2
 django-cors-headers==3.7.0
@@ -7,7 +7,7 @@ django-s3-storage==0.12.4
 boto3==1.17.8
 psycopg2-binary==2.8.4
 PyJWT==1.7.1
-gunicorn==19.9.0
+gunicorn==21.2.0
 base32-crockford==0.3.0
 requests==2.22.0
 cryptography==3.3.2
@@ -26,3 +26,4 @@ kf_lib_data_ingest @ git+https://git@github.com/kids-first/kf-lib-data-ingest.gi
 graphene_django @ git+https://git@github.com/graphql-python/graphene-django.git@d52b18a700d2c1cec4b2de1f673bff14e2d18071
 marshmallow==3.12.1
 XlsxWriter==1.4.4
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability