Upgrade django to fix security issues

gthess · Jan 15, 2020 · ff2d03b · ff2d03b
1 parent a324229
commit ff2d03b
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 18 deletions.
diff --git a/requirements-dev.in b/requirements-dev.in
@@ -32,3 +32,6 @@ pydotplus  # generating graphs with the docs command...
 
 django-cprofile-middleware
 moviepy
+
+# django phonenumber field (via otp) needs this, and cannot get it themselves:
+phonenumberslite>=7.0.2
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile --output-file=requirements-dev.txt requirements-dev.in
+#    pip-compile requirements-dev.in
 #
 alabaster==0.7.12         # via sphinx
 argh==0.26.2              # via sphinx-autobuild, watchdog
@@ -16,13 +16,13 @@ chardet==3.0.4            # via requests
 colorama==0.4.1
 commonmark==0.9.1         # via recommonmark
 coverage==4.5.4
-decorator==4.4.0          # via moviepy
+decorator==4.4.1          # via moviepy
 django-coverage==1.2.4
 django-cprofile-middleware==1.0.4
 django-debug-toolbar-request-history==0.1.0
 django-debug-toolbar==2.0
 django-extensions==2.2.5
-django==2.2.6             # via django-debug-toolbar
+django==2.2.9             # via django-debug-toolbar
 docutils==0.15.2          # via recommonmark, sphinx
 freezegun==0.3.12
 httmock==1.3.0
@@ -41,6 +41,7 @@ moviepy==1.0.1
 numpy==1.17.3             # via imageio, moviepy
 packaging==19.2           # via pytest, sphinx
 pathtools==0.1.2          # via sphinx-autobuild, watchdog
+phonenumberslite==8.11.1
 pillow==6.2.1             # via imageio
 pluggy==0.13.0            # via pytest
 port_for==0.3.1           # via sphinx-autobuild
@@ -59,13 +60,13 @@ pytest-logging==2015.11.4
 pytest-mock==1.11.2
 pytest-responses==0.4.0
 pytest==5.2.2
-python-dateutil==2.8.0    # via freezegun
+python-dateutil==2.8.1    # via freezegun
 pytz==2019.3              # via babel, django
 pyyaml==5.1.2             # via sphinx-autobuild, watchdog
 recommonmark==0.6.0
 requests==2.22.0          # via httmock, moviepy, responses, sphinx
 responses==0.10.6         # via pytest-responses
-six==1.12.0               # via django-extensions, freezegun, livereload, packaging, python-dateutil, responses
+six==1.13.0               # via django-extensions, freezegun, livereload, packaging, python-dateutil, responses
 snowballstemmer==2.0.0    # via pydocstyle, sphinx
 sphinx-autobuild==0.7.1
 sphinx==2.2.1
@@ -84,4 +85,4 @@ wcwidth==0.1.7            # via pytest
 zipp==0.6.0               # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
-# setuptools==41.6.0        # via sphinx
+# setuptools
diff --git a/requirements.in b/requirements.in
@@ -12,7 +12,7 @@
 git+https://github.com/avast/pytest-docker@9ce726f4a045addc777fb1cea837a6309cbbeef6#egg=pytest-docker
 
 # to update websecmap run: make update_requirement_websecmap
-git+https://gitlab.com/internet-cleanup-foundation/web-security-map@acf1e12cc6d896b92fbf3b61d4e41be0a233fce5#egg=websecmap
+git+https://gitlab.com/internet-cleanup-foundation/web-security-map@d21833bd989debed56cc63f3d8c78384979c97e1#egg=websecmap
 
 django-otp
 django-two-factor-auth

diff --git a/requirements.txt b/requirements.txt
@@ -2,21 +2,21 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile
+#    pip-compile requirements.in
 #
 amqp==2.5.1               # via kombu
 attrs==19.3.0
 babel==2.7.0              # via django-phonenumber-field, flower, wikidata
 billiard==3.6.1.0         # via celery
 celery[eventlet,redis]==4.3.0  # via flower
 certifi==2019.9.11        # via requests
-cffi==1.13.1              # via cryptography
+cffi==1.13.2              # via cryptography
 chardet==3.0.4            # via requests
 colorlog==4.0.2
 colormath==3.0.0          # via spectra
 cryptography==2.8         # via pyopenssl
 csscompressor==0.9.5
-decorator==4.4.0          # via networkx, retry, validators
+decorator==4.4.1          # via networkx, retry, validators
 deepdiff==4.0.8
 defusedxml==0.6.0         # via odfpy
 diff-match-patch==20181111  # via django-import-export
@@ -45,7 +45,7 @@ django-statsd-mozilla==0.4.0
 django-timezone-field==3.1  # via django-celery-beat
 django-two-factor-auth==1.9.1
 django-uwsgi==0.2.2
-django==2.2.6
+django==2.2.9
 dnspython==1.16.0         # via eventlet
 et-xmlfile==1.0.1         # via openpyxl
 eventlet==0.25.1          # via celery
@@ -64,7 +64,7 @@ markdown==3.1.1
 markuppy==1.14            # via tablib
 monotonic==1.5            # via eventlet
 more-itertools==7.2.0     # via zipp
-mysqlclient==1.4.4
+mysqlclient==1.4.5
 netaddr==0.7.19
 networkx==2.4             # via colormath
 numpy==1.17.3             # via colormath, rdp
@@ -73,7 +73,7 @@ openpyxl==2.5.14          # via pyexcel-xlsx, tablib
 ordered-set==3.1.1        # via deepdiff
 pillow==6.2.1             # via python-resize-image
 polib==1.1.0
-psycopg2==2.8.4
+psycopg2-binary==2.8.4
 py==1.8.0                 # via retry
 pycparser==2.19           # via cffi
 pyexcel-io==0.5.20        # via pyexcel, pyexcel-ods, pyexcel-xls, pyexcel-xlsx
@@ -85,8 +85,8 @@ pyexcel-xlsx==0.5.7
 pyexcel==0.5.15           # via django-excel, pyexcel-text, pyexcel-webio
 pyopenssl==19.0.0
 git+https://github.com/avast/pytest-docker@9ce726f4a045addc777fb1cea837a6309cbbeef6#egg=pytest-docker
-python-crontab==2.3.9     # via django-celery-beat
-python-dateutil==2.8.0    # via python-crontab
+python-crontab==2.4.0     # via django-celery-beat
+python-dateutil==2.8.1    # via python-crontab
 python-magic==0.4.15
 python-monkey-business==1.0.0  # via django-nested-admin
 python-resize-image==1.1.19
@@ -102,13 +102,13 @@ requests==2.22.0          # via django-proxy, googlemaps, python-resize-image, r
 retry==0.9.2
 rjsmin==1.1.0             # via django-compressor
 simplejson==3.16.0
-six==1.12.0               # via cryptography, django-appconf, django-countries, django-geojson, django-nested-admin, django-otp, eventlet, pyopenssl, python-dateutil, python-monkey-business, qrcode, requests-file, tenacity, validators
+six==1.13.0               # via cryptography, django-appconf, django-countries, django-geojson, django-nested-admin, django-otp, eventlet, pyopenssl, python-dateutil, python-monkey-business, qrcode, requests-file, tenacity, validators
 spectra==0.0.11
 sqlparse==0.3.0           # via django
 statsd==3.3.0             # via django-statsd-mozilla
 tablib==0.14.0            # via django-import-export
 tabulate==0.8.5           # via pyexcel-text
-tenacity==5.1.1
+tenacity==6.0.0
 texttable==1.6.2          # via pyexcel
 tldextract==2.2.2
 tornado==5.1.1            # via flower
@@ -117,7 +117,7 @@ urllib3==1.25.6           # via requests
 uwsgi==2.0.18
 validators==0.14.0
 vine==1.3.0               # via amqp, celery
-git+https://gitlab.com/internet-cleanup-foundation/web-security-map@acf1e12cc6d896b92fbf3b61d4e41be0a233fce5#egg=websecmap
+git+https://gitlab.com/internet-cleanup-foundation/web-security-map@d21833bd989debed56cc63f3d8c78384979c97e1#egg=websecmap
 wikidata==0.6.1
 xlrd==1.2.0               # via pyexcel-xls, tablib
 xlwt==1.3.0               # via pyexcel-xls, tablib