From d74c049cfb3465f4fc92c6da9d8ee558f91241a2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 14 Jan 2026 23:23:01 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10074036 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10302884 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-12485156 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13836728 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13837025 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157807 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157810 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456315 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456316 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-14157217 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 --- requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3f89f6f16c..951ab4b08d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,7 +13,7 @@ botocore>=1.39.15 celery>=5.5.3 coverage>=7.9.2 defusedxml>=0.7.1 # for TastyPie when using xml; not a declared dependency -Django>4.2,<5 +Django>4.2.27 django-admin-rangefilter>=0.13.3 django-analytical>=3.2.0 django-bootstrap5>=25.1 @@ -91,3 +91,4 @@ xml2rfc>=3.30.0 xym>=0.6,<1.0 zxcvbn>=4.5.0 types-zxcvbn~=4.5.0.20250223 # match zxcvbn version +sqlparse>=0.5.4 # not directly required, pinned by Snyk to avoid a vulnerability