From 1f70dde652f930f6376792a6f9c432fbf7aff3af Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 16 Jan 2021 03:06:17 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-173679 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-40778 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-40779 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-42178 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-72888 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-72435 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570772 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570773 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-72681 --- requirements.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index fafc6a0..e9c2586 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,6 @@ -Django==2.0.2 -Sphinx==1.6.3 +Django==2.0.11 +Sphinx==3.0.4 model-mommy==1.5.1 -requests==2.18.4 +requests==2.20 pyqt5==5.10.1 +urllib3>=1.25.9 # not directly required, pinned by Snyk to avoid a vulnerability