From f75ff8010326657c7b9cdb45e628a4f58633027c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 13 Oct 2023 16:13:02 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3112177
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3112180
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2312875
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329158
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329159
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329160
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389002
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389021
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2968205
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3319450
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-2407255
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5840584
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5871282
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5876644
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2329135
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331901
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331905
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331907
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2397241
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PYJWT-2840625
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
---
 requirements.txt | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 224be5d89..2cd32e55d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 # requirements.txt for DefectDojo using Python 3.x
 asteval==0.9.25
 bleach==4.1.0
-celery==5.1.2
+celery==5.2.2
 coverage==6.1.1
 defusedxml==0.7.1
 django_celery_results==2.2.0
@@ -18,7 +18,7 @@ django-slack==5.17.6
 django-tagging==0.5.0
 django-watson==1.5.5
 django-prometheus==2.1.0
-Django==3.1.13
+Django==3.2.22
 djangorestframework==3.12.4
 gunicorn==20.1.0
 html2text==2020.1.16
@@ -30,16 +30,16 @@ Markdown==3.3.4
 mysqlclient==2.0.3
 openpyxl==3.0.9
 xlrd==1.2.0
-Pillow==8.4.0  # required by django-imagekit
+Pillow==10.0.1  # required by django-imagekit
 psycopg2-binary==2.9.1
-cryptography==35.0.0
+cryptography==41.0.4
 python-dateutil==2.8.2
 pytz==2021.3
 redis==3.5.3
-requests==2.26.0
+requests==2.31.0
 sqlalchemy==1.4.26  # Required by Celery broker transport
 supervisor==4.2.2
-urllib3==1.26.7
+urllib3==1.26.17
 uWSGI==2.0.20
 vobject==0.9.6.1
 whitenoise==5.2.0
@@ -47,7 +47,7 @@ titlecase==2.3
 social-auth-app-django==5.0.0
 social-auth-core==4.1.0
 Python-jose==3.3.0
-gitpython==3.1.24
+gitpython==3.1.35
 debugpy==1.5.1
 python-gitlab==2.10.1
 google-api-python-client==2.28.0
@@ -64,13 +64,14 @@ django-debug-toolbar-request-history==0.1.4
 vcrpy==4.1.1
 vcrpy-unittest==0.1.7
 django-tagulous==1.3.0
-PyJWT==2.3.0
+PyJWT==2.4.0
 cvss==2.3
 django-fieldsignals==0.7.0
 hyperlink==21.0.0
-numpy==1.21.3
+numpy==1.22.2
 django-test-migrations==1.1.0
 djangosaml2==1.3.4
 drf-spectacular==0.20.2
 django-ratelimit==3.0.1
 argon2-cffi==21.1.0
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability