From 02077d3c96487546a4ecee886b43e99270b69985 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 9 Dec 2025 02:13:36 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157807
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157810
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-14157217
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443
---
 requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 02a4cf5fd0..b288c12e85 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ botocore>=1.39.15
 celery>=5.5.3
 coverage>=7.9.2
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
-Django>4.2,<5
+Django>4.2.27
 django-admin-rangefilter>=0.13.3
 django-analytical>=3.2.0
 django-bootstrap5>=25.1
@@ -83,9 +83,10 @@ tblib>=3.1.0  # So that the django test runner provides tracebacks
 tlds>=2022042700  # Used to teach bleach about which TLDs currently exist
 tqdm>=4.67.1
 unidecode>=1.4.0
-urllib3>=2.5.0
+urllib3>=2.6.0
 weasyprint>=66.0
 xml2rfc>=3.30.0
 xym>=0.6,<1.0
 zxcvbn>=4.5.0
 types-zxcvbn~=4.5.0.20250223  # match zxcvbn version
+sqlparse>=0.5.4 # not directly required, pinned by Snyk to avoid a vulnerability