From 27671aad22d936ac69744b3d86fa725bce153057 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 16 May 2025 05:19:43 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10074036 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-9964606 --- requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 4b7921a..6649db1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ click==8.1.7 # pip-tools distlib==0.3.8 # via virtualenv -django==3.2.25 +django==4.2.21 # via # -r requirements.in # django-tinymce @@ -84,3 +84,4 @@ zipp==3.17.0 # The following packages are considered to be unsafe in a requirements file: # pip # setuptools +setuptools>=78.1.1 # not directly required, pinned by Snyk to avoid a vulnerability