From 87da98b91088ba7bef70f2dcac7b67b079c7a2ef Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 2 Jul 2024 04:36:17 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6261585
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422
- https://snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5840584
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5871282
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5876644
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-6150683
- https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
- https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195
- https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291196
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SOCIALAUTHAPPDJANGO-6673771
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
---
 requirements.txt | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index bbac433bf55..b3268bb4c45 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,8 +25,8 @@ git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging
 django-watson==1.6.3
 django-prometheus==2.2.0
 Django==4.1.5
-djangorestframework==3.14.0
-gunicorn==20.1.0
+djangorestframework==3.15.2
+gunicorn==22.0.0
 html2text==2020.1.16
 humanize==4.6.0
 jira==3.4.1
@@ -36,24 +36,24 @@ Markdown==3.4.1
 mysqlclient==2.1.1
 openpyxl==3.1.0
 xlrd==1.2.0
-Pillow==9.4.0  # required by django-imagekit
+Pillow==10.3.0  # required by django-imagekit
 psycopg2-binary==2.9.5
-cryptography==39.0.0
+cryptography==42.0.8
 python-dateutil==2.8.2
 pytz==2022.7.1
-redis==4.4.2
-requests==2.28.2
+redis==4.4.4
+requests==2.32.2
 sqlalchemy==1.4.46  # Required by Celery broker transport
 supervisor==4.2.5
-urllib3==1.26.11
+urllib3==1.26.19
 uWSGI==2.0.21
 vobject==0.9.6.1
 whitenoise==5.2.0
 titlecase==2.3
-social-auth-app-django==5.0.0
+social-auth-app-django==5.4.1
 social-auth-core==4.3.0
 Python-jose==3.3.0
-gitpython==3.1.30
+gitpython==3.1.41
 debugpy==1.6.6
 python-gitlab==3.13.0
 google-api-python-client==2.76.0
@@ -86,3 +86,5 @@ boto3==1.26.64  # Required for Celery Broker AWS (SQS) support
 netaddr==0.8.0
 vulners==2.0.6
 fontawesomefree==6.2.1
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability