Skip to content

Commit

Permalink
fix: requirements/snyk/libraries/requirements.txt to reduce vulnerabi…
Browse files Browse the repository at this point in the history 
…lities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959
- https://snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-1090569
- https://snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055461
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055462
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1059090
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080635
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080654
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081494
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081501
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081502
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082329
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082750
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090584
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090586
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090587
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090588
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1292150
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1292151
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1316216
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1727377
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2329135
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331901
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331905
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331907
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2397241
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674
- https://snyk.io/vuln/SNYK-PYTHON-TQDM-6807582
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-559452
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-1252240
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-1311799
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-2342656
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-5406453
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-5406455
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6016491
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6226331
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6226332
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-7172128
- https://snyk.io/vuln/SNYK-PYTHON-WAGTAIL-7443632
  • Loading branch information
@snyk-bot
snyk-bot committed Sep 27, 2024
1 parent 7c63c31 commit 9e96b56
Showing 1 changed file with 62 additions and 1 deletion.
1 change: 0 additions & 1 deletion requirements/snyk/libraries/requirements.txt
View file

This file was deleted.

62 changes: 62 additions & 0 deletions requirements/snyk/libraries/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# These packages are installed from PyPI.
backports.csv==1.0.7
beautifulsoup4==4.8.2
boto3==1.7.80
# Temporarily pin cryptography here.
# edgegrid-python has an open-ended dependency on PyOpenSSL, which in turn
# has an open-ended dependency on cryptography. cryptography 3.0 currently
# doesn't build in our build environment. This pins the last release that
# does until we can solve that problem.
cryptography==2.9.2
dj-database-url==0.5.0
djangorestframework==3.15.2
django-csp==3.4
django-extensions==2.1.3
django-flags==4.2.4
django-haystack==2.8.1
# django-localflavor is required by django-college-costs-comparison
django-localflavor==2.2
django-mptt==0.9.0
django-storages==1.7.1
django-treebeard==4.2.0
django-watchman==0.15.0
edgegrid-python==1.0.10
elasticsearch==2.4.1
govdelivery==1.3
Jinja2==2.11.2
lxml==4.2.5
Markdown==3.2.1
ntplib==0.3.4
openpyxl==3.0.3
psycopg2==2.7.3.2
pyelasticsearch==0.6.1
python-dateutil==2.7.3
regdown==1.0.2
requests==2.32.2
requests_toolbelt==0.8.0
sha3==0.2.1
unipath>=1.1,<=2.0
urllib3==1.26.19
# wagtail-autocomplete==0.6 TODO: Restore when wagtail-autocomplete #77 is merged
wagtail-flags==4.2.2
wagtail-inventory==1.1.1
wagtail-placeholder-images==0.1.1
wagtail-sharing==2.2.1
wagtail-treemodeladmin==1.2.1
wagtailmedia==0.6.0

# These packages are installed from GitHub.
https://github.com/cfpb/wagtail-autocomplete/releases/download/0.7/wagtail_autocomplete-0.6-py3-none-any.whl
https://github.com/cfpb/owning-a-home-api/releases/download/0.16.0/owning_a_home_api-0.16.0-py3-none-any.whl
https://github.com/cfpb/retirement/releases/download/0.15.0/retirement-0.15.0-py3-none-any.whl
https://github.com/cfpb/ccdb5-api/releases/download/1.5.1/ccdb5_api-1.5.1-py3-none-any.whl
https://github.com/cfpb/ccdb5-ui/releases/download/2.3.1/ccdb5_ui-2.3.1-py3-none-any.whl
https://github.com/cfpb/django-college-costs-comparison/releases/download/1.15.1/comparisontool-1.15.1-py3-none-any.whl
https://github.com/cfpb/curriculum-review-tool/releases/download/2.0.3/crtool-2.0.3-py3-none-any.whl
django>=4.2.16 # not directly required, pinned by Snyk to avoid a vulnerability
idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability
sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability
tqdm>=4.66.3 # not directly required, pinned by Snyk to avoid a vulnerability
wagtail>=6.0.5 # not directly required, pinned by Snyk to avoid a vulnerability

0 comments on commit 9e96b56

Please sign in to comment.