Skip to content

Commit

Permalink
fix: requirements/snyk/libraries/requirements.txt to reduce vulnerabi…
Browse files Browse the repository at this point in the history 
…lities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814
  • Loading branch information
@snyk-bot
snyk-bot committed Aug 9, 2024
1 parent 7c63c31 commit 9dc3715
Showing 1 changed file with 56 additions and 1 deletion.
1 change: 0 additions & 1 deletion requirements/snyk/libraries/requirements.txt
View file

This file was deleted.

56 changes: 56 additions & 0 deletions requirements/snyk/libraries/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# These packages are installed from PyPI.
backports.csv==1.0.7
beautifulsoup4==4.8.2
boto3==1.7.80
# Temporarily pin cryptography here.
# edgegrid-python has an open-ended dependency on PyOpenSSL, which in turn
# has an open-ended dependency on cryptography. cryptography 3.0 currently
# doesn't build in our build environment. This pins the last release that
# does until we can solve that problem.
cryptography==2.9.2
dj-database-url==0.5.0
djangorestframework==3.11.1
django-csp==3.4
django-extensions==2.1.3
django-flags==4.2.4
django-haystack==2.8.1
# django-localflavor is required by django-college-costs-comparison
django-localflavor==2.2
django-mptt==0.9.0
django-storages==1.7.1
django-treebeard==4.2.0
django-watchman==0.15.0
edgegrid-python==1.0.10
elasticsearch==2.4.1
govdelivery==1.3
Jinja2==2.11.2
lxml==4.2.5
Markdown==3.2.1
ntplib==0.3.4
openpyxl==3.0.3
psycopg2==2.7.3.2
pyelasticsearch==0.6.1
python-dateutil==2.7.3
regdown==1.0.2
requests==2.22.0
requests_toolbelt==0.8.0
sha3==0.2.1
unipath>=1.1,<=2.0
urllib3==1.25.2
# wagtail-autocomplete==0.6 TODO: Restore when wagtail-autocomplete #77 is merged
wagtail-flags==4.2.2
wagtail-inventory==1.1.1
wagtail-placeholder-images==0.1.1
wagtail-sharing==2.2.1
wagtail-treemodeladmin==1.2.1
wagtailmedia==0.6.0

# These packages are installed from GitHub.
https://github.com/cfpb/wagtail-autocomplete/releases/download/0.7/wagtail_autocomplete-0.6-py3-none-any.whl
https://github.com/cfpb/owning-a-home-api/releases/download/0.16.0/owning_a_home_api-0.16.0-py3-none-any.whl
https://github.com/cfpb/retirement/releases/download/0.15.0/retirement-0.15.0-py3-none-any.whl
https://github.com/cfpb/ccdb5-api/releases/download/1.5.1/ccdb5_api-1.5.1-py3-none-any.whl
https://github.com/cfpb/ccdb5-ui/releases/download/2.3.1/ccdb5_ui-2.3.1-py3-none-any.whl
https://github.com/cfpb/django-college-costs-comparison/releases/download/1.15.1/comparisontool-1.15.1-py3-none-any.whl
https://github.com/cfpb/curriculum-review-tool/releases/download/2.0.3/crtool-2.0.3-py3-none-any.whl
django>=4.2.15 # not directly required, pinned by Snyk to avoid a vulnerability

0 comments on commit 9dc3715

Please sign in to comment.