From 1adfb4cb08d9ce6252d85aafc140e11770d8c845 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 15 Aug 2024 22:15:18 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422
- https://snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-1090569
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-JWCRYPTO-3030035
- https://snyk.io/vuln/SNYK-PYTHON-JWCRYPTO-6140368
- https://snyk.io/vuln/SNYK-PYTHON-MAKO-3017600
- https://snyk.io/vuln/SNYK-PYTHON-PYJWT-2840625
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
---
 requirements.txt | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ab2b6779eab..a32cbefc447 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,7 +11,7 @@ pyyaml>=4.2b1
 beautifulsoup4==4.9.3
 httplib2<0.18.2
 hyperlink==20.0.1
-idna>=2.5,<2.11
+idna>=3.7
 urllib3==1.25.11
 Paver==1.3.4
 python-slugify==4.0.1
@@ -71,7 +71,7 @@ django-invitations<1.9.4
 django-recaptcha==2.0.6
 
 # REST
-djangorestframework>=3.1.0,<3.12.3
+djangorestframework>=3.11.2
 djangorestframework-gis>=0.16
 djangorestframework_guardian==0.3.0
 drf-extensions==0.6.0
@@ -148,8 +148,13 @@ pytest-bdd==4.0.1
 splinter==0.14.0
 pytest-splinter==3.3.0
 pytest-django==4.1.0
-setuptools==50.3.2
+setuptools==70.0.0
 pip==20.2.4
 Twisted==20.3.0
 factory-boy==3.1.0
 flaky==3.7.0
+certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability
+cryptography>=42.0.8 # not directly required, pinned by Snyk to avoid a vulnerability
+jwcrypto>=1.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+mako>=1.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+pyjwt>=2.4.0 # not directly required, pinned by Snyk to avoid a vulnerability