fix: requirements/base.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGOALLAUTH-7413652 - https://snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6226331 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6226332 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-7172128 - https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-7443632 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
scieloorg · Jul 25, 2024 · b870552 · b870552
1 parent d6e7c97
commit b870552
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -1,5 +1,5 @@
 pytz==2023.3.post1  # https://github.com/stub42/pytz
-Pillow==10.2.0  # https://github.com/python-pillow/Pillow
+Pillow==10.3.0  # https://github.com/python-pillow/Pillow
 argon2-cffi==23.1.0  # https://github.com/hynek/argon2_cffi
 whitenoise==6.6.0  # https://github.com/evansd/whitenoise
 redis==5.0.1  # https://github.com/redis/redis-py
@@ -15,19 +15,19 @@ xmltodict==0.13.0  # https://github.com/martinblech/xmltodict.git
 django==5.0.3
 django-environ==0.11.2  # https://github.com/joke2k/django-environ
 django-model-utils==4.4.0  # https://github.com/jazzband/django-model-utils
-django-allauth==0.61.1  # https://github.com/pennersr/django-allauth
+django-allauth==0.63.3  # https://github.com/pennersr/django-allauth
 django-crispy-forms==2.1  # https://github.com/django-crispy-forms/django-crispy-forms
 crispy-bootstrap5==2024.2 # https://github.com/django-crispy-forms/crispy-bootstrap5
 django-compressor==4.4  # https://github.com/django-compressor/django-compressor
 django-redis==5.4.0  # https://github.com/jazzband/django-redis4
 
 # Django REST
-djangorestframework==3.15.0
+djangorestframework==3.15.2
 djangorestframework-simplejwt==5.3.1  # https://django-rest-framework-simplejwt.readthedocs.io/en/latest/
 
 # Wagtail
 # ------------------------------------------------------------------------------
-wagtail==5.2.3  # https://github.com/wagtail/wagtail
+wagtail==6.0.5  # https://github.com/wagtail/wagtail
 
 
 # Wagtail Recaptcha
@@ -95,7 +95,7 @@ django-maintenance-mode==0.21.1
 # Snky
 # ------------------------------------------------------------------------------
 certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
-requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability
+requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
 
 
 #Django prometheus
@@ -109,4 +109,7 @@ django-prometheus==2.3.1
 
 # freezegun
 # ------------------------------------------------------------------------------
-freezegun==1.5.1
+freezegun==1.5.1
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability