From c567ecfc46c95693c45fc90ff7a60bf6dad0407f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 23 Apr 2026 18:30:53 +0000 Subject: [PATCH 1/2] fix: requirements/base.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-LXML-16119103 --- requirements/base.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements/base.txt b/requirements/base.txt index 04a7c1c5..073a9190 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -101,4 +101,5 @@ wagtail-json-widget==0.0.9 # https://pypi.org/project/wagtail-json-widget/ # Citation export (CSL / BibTeX via citeproc-py) # ------------------------------------------------------------------------------ citeproc-py==0.9.0 # https://pypi.org/project/citeproc-py/ -citeproc-py-styles==0.1.5 # https://pypi.org/project/citeproc-py-styles/ (bibtex.csl, etc.) \ No newline at end of file +citeproc-py-styles==0.1.5 # https://pypi.org/project/citeproc-py-styles/ (bibtex.csl, etc.) +lxml>=6.1.0 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file From f3c32c02155cd329f1b237abde64a04652dea0bf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 23 Apr 2026 18:30:56 +0000 Subject: [PATCH 2/2] fix: requirements/base.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-LXML-16119103