From c29a7938f26c65bb6ed9610641c434f83595e17b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 29 Aug 2025 22:31:22 +0000 Subject: [PATCH 1/3] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10302884 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456315 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456316 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9634162 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 9668fb0..10201ae 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,3 +6,4 @@ cryptography>=41.0.4 # not directly required, pinned by Snyk to avoid a vulnerab pyjwt>=2.4.0 # not directly required, pinned by Snyk to avoid a vulnerability requests>=2.32.4 # not directly required, pinned by Snyk to avoid a vulnerability sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability +django>=5.0.14 # not directly required, pinned by Snyk to avoid a vulnerability From 32f1447569386b0d7c2d289bba72177eb7695f8e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 14 Feb 2026 02:02:31 +0000 Subject: [PATCH 2/3] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-15263096 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 10201ae..360ac48 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ social-auth-app-django social-auth-core>=3.3.0 kiwitcms-tenants certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability -cryptography>=41.0.4 # not directly required, pinned by Snyk to avoid a vulnerability +cryptography>=46.0.5 # not directly required, pinned by Snyk to avoid a vulnerability pyjwt>=2.4.0 # not directly required, pinned by Snyk to avoid a vulnerability requests>=2.32.4 # not directly required, pinned by Snyk to avoid a vulnerability sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability From 16c37ff5340d367b793afd4a323d75f9acd7137b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 10 Jan 2026 03:38:33 +0000 Subject: [PATCH 3/3] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 360ac48..a729541 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,3 +7,4 @@ pyjwt>=2.4.0 # not directly required, pinned by Snyk to avoid a vulnerability requests>=2.32.4 # not directly required, pinned by Snyk to avoid a vulnerability sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability django>=5.0.14 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=2.6.3 # not directly required, pinned by Snyk to avoid a vulnerability