[Snyk] Fix for 5 vulnerabilities (#1192)

* fix: requirements/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6230369 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 * Include pillow upgrade in Dockerfile --------- Co-authored-by: snyk-bot <[email protected]> Co-authored-by: jimmyfagan <[email protected]> Co-authored-by: jimmyfagan <[email protected]>
CMSgov · May 6, 2024 · 57a99f4 · 57a99f4
1 parent 39e5e27
commit 57a99f4
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -16,7 +16,7 @@ RUN pip install charset-normalizer==3.1.0
 RUN pip install cryptography==42.0.4
 RUN pip install debugpy==1.6.7 --trusted-host pypi.python.org --trusted-host=files.pythonhosted.org
 RUN pip install newrelic==8.8.0
-RUN pip install pillow==10.2.0
+RUN pip install pillow==10.3.0
 RUN pip install pyyaml==6.0.1
 RUN pip install wrapt==1.15.0
 RUN pip install -r requirements/requirements.dev.txt --no-index --find-links ./vendor/
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
@@ -239,7 +239,7 @@ dj-database-url==2.0.0 \
  --hash=sha256:9c9e5f7224f62635a787e9cc3c6762c9be2b19541a21e3c08fa573bd01609b4b \
  --hash=sha256:a35a9f0f43775ca6f90d819dc456233ef7bcc76b47377d5d908b75c7eb320624
  # via -r requirements/requirements.in
-django==4.2.7 \
+django==4.2.11 \
  --hash=sha256:8e0f1c2c2786b5c0e39fe1afce24c926040fad47c8ea8ad30aaf1188df29fc41 \
  --hash=sha256:e1d37c51ad26186de355cbcec16613ebdabfa9689bbade9c538835205a8abbe9
  # via
@@ -314,7 +314,7 @@ djangorestframework-yaml==2.0.0 \
  --hash=sha256:1b2cfd7482425f3c6924a8eb803d6f73276e76b03293cd7144c755753e029f15 \
  --hash=sha256:7fe744e6004d2191fa1cb8a4fc62f98150202bfebd60702a04f8187cc240b7c4
  # via -r requirements/requirements.in
-idna==3.4 \
+idna==3.7 \
  --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \
  --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2
  # via requests
@@ -368,7 +368,7 @@ oauthlib==3.2.2 \
  # -r requirements/requirements.in
  # django-oauth-toolkit
  # requests-oauthlib
-pillow==10.2.0 \
+pillow==10.3.0 \
  --hash=sha256:0304004f8067386b477d20a518b50f3fa658a28d44e4116970abfcd94fac34a8 \
  --hash=sha256:0689b5a8c5288bc0504d9fcee48f61a6a586b9b98514d7d29b840143d6734f39 \
  --hash=sha256:0eae2073305f451d8ecacb5474997c08569fb4eb4ac231ffa4ad7d342fdc25ac \
@@ -650,7 +650,7 @@ six==1.16.0 \
  # via
  # djangorestframework-csv
  # python-dateutil
-sqlparse==0.4.4 \
+sqlparse==0.5.0 \
  --hash=sha256:5430a4fe2ac7d0f93e66f1efc6e1338a41884b7ddf2a350cedd20ccc4d9d28f3 \
  --hash=sha256:d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c
  # via