Bump the pip group across 5 directories with 13 updates

dependabot[bot] · web-flow · commit 8bd57acecc84 · 2025-12-16T19:47:28.000Z
Bumps the pip group with 11 updates in the /vulnerable_repos/PyGoat directory: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `39.0.1` | `44.0.1` | | [django](https://github.com/django/django) | `4.2` | `4.2.27` | | [django-allauth](https://github.com/sponsors/pennersr) | `0.52.0` | `65.13.0` | | [idna](https://github.com/kjd/idna) | `3.4` | `3.7` | | [pillow](https://github.com/python-pillow/Pillow) | `9.4.0` | `10.3.0` | | [requests](https://github.com/psf/requests) | `2.28.2` | `2.32.4` | | [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.3.1` | `0.5.0` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.9` | `2.6.0` | | [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.1.4` | | [zipp](https://github.com/jaraco/zipp) | `3.8.0` | `3.19.1` | Bumps the pip group with 1 update in the /vulnerable_repos/juice-shop/labs/lesson-03 directory: [black](https://github.com/psf/black). Bumps the pip group with 2 updates in the /vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure directory: [django](https://github.com/django/django) and [requests](https://github.com/psf/requests). Bumps the pip group with 1 update in the /vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab directory: [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 2 updates in the /vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab directory: [werkzeug](https://github.com/pallets/werkzeug) and [jinja2](https://github.com/pallets/jinja). Updates `certifi` from 2022.12.7 to 2024.7.4 - [Commits](certifi/python-certifi@2022.12.07...2024.07.04) Updates `cryptography` from 39.0.1 to 44.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@39.0.1...44.0.1) Updates `django` from 4.2 to 4.2.27 - [Commits](django/django@4.2...4.2.27) Updates `django-allauth` from 0.52.0 to 65.13.0 - [Commits](https://github.com/sponsors/pennersr/commits) Updates `idna` from 3.4 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.4...v3.7) Updates `pillow` from 9.4.0 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.4.0...10.3.0) Updates `requests` from 2.28.2 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.28.2...v2.32.4) Updates `sqlparse` from 0.3.1 to 0.5.0 - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](andialbrecht/sqlparse@0.3.1...0.5.0) Updates `urllib3` from 1.26.9 to 2.6.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.9...2.6.0) Updates `werkzeug` from 2.1.2 to 3.1.4 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.1.2...3.1.4) Updates `zipp` from 3.8.0 to 3.19.1 - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.8.0...v3.19.1) Updates `black` from 23.11.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@23.11.0...24.3.0) Updates `django` from 3.2.18 to 4.2.27 - [Commits](django/django@4.2...4.2.27) Updates `requests` from 2.28.1 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.28.2...v2.32.4) Updates `werkzeug` from 3.0.1 to 3.1.4 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.1.2...3.1.4) Updates `werkzeug` from 2.3.7 to 3.1.4 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.1.2...3.1.4) Updates `jinja2` from 3.1.2 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.6) --- updated-dependencies: - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-version: 44.0.1 dependency-type: direct:production dependency-group: pip - dependency-name: django dependency-version: 4.2.27 dependency-type: direct:production dependency-group: pip - dependency-name: django-allauth dependency-version: 65.13.0 dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-version: 10.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: sqlparse dependency-version: 0.5.0 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.6.0 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.4 dependency-type: direct:production dependency-group: pip - dependency-name: zipp dependency-version: 3.19.1 dependency-type: direct:production dependency-group: pip - dependency-name: black dependency-version: 24.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: django dependency-version: 4.2.27 dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.4 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.4 dependency-type: direct:production dependency-group: pip - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab/requirements.txt b/vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab/requirements.txt
@@ -1,7 +1,7 @@
 Flask==2.3.3
-Werkzeug==2.3.7
+Werkzeug==3.1.4
 itsdangerous==2.1.2
 click==8.1.7
 blinker==1.6.2
-Jinja2==3.1.2
+Jinja2==3.1.6
 MarkupSafe==2.1.3 
diff --git a/vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab/requirements.txt b/vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab/requirements.txt
@@ -1,2 +1,2 @@
 Flask==3.0.0
-Werkzeug==3.0.1
+Werkzeug==3.1.4
diff --git a/vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure/requirements.txt b/vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure/requirements.txt
@@ -1,6 +1,6 @@
-django==3.2.18
+django==4.2.27
 django-crispy-forms==1.14.0
 # added this one for some nice form styling
-requests==2.28.1
+requests==2.32.4
 # we may need this later for api stuff
 # TODO: check if we need more packages??
diff --git a/vulnerable_repos/PyGoat/requirements.txt b/vulnerable_repos/PyGoat/requirements.txt
@@ -1,34 +1,34 @@
 argon2-cffi==21.3.0
 argon2-cffi-bindings==21.2.0
 asgiref==3.6.0
-certifi==2022.12.7
+certifi==2024.7.4
 cffi==1.15.1
 charset-normalizer==3.0.1
-cryptography==39.0.1
+cryptography==44.0.1
 crispy-bootstrap4==2022.1
 defusedxml==0.7.1
 dj-database-url==0.5.0
-Django==4.2
-django-allauth==0.52.0
+Django==4.2.27
+django-allauth==65.13.0
 django-crispy-forms==2.3
 django-heroku==0.3.1
 gunicorn==23.0.0
-idna==3.4
+idna==3.7
 mccabe==0.6.1
 oauthlib==3.2.2
-Pillow==9.4.0
+Pillow==10.3.0
 psycopg2==2.9.3
 pycodestyle==2.7.0
 pycparser==2.21
 pyflakes==2.3.1
 PyJWT==2.4.0
 python3-openid==3.2.0
 pytz==2020.1
-PyYAML==5.1
-requests==2.28.2
+PyYAML==6.0.3
+requests==2.32.4
 requests-oauthlib==1.3.1
-sqlparse==0.3.1
-urllib3==1.26.9
-Werkzeug==2.1.2
+sqlparse==0.5.0
+urllib3==2.6.0
+Werkzeug==3.1.4
 whitenoise==6.2.0
-zipp==3.8.0
+zipp==3.19.1
diff --git a/vulnerable_repos/juice-shop/labs/lesson-03/requirements.txt b/vulnerable_repos/juice-shop/labs/lesson-03/requirements.txt
@@ -20,7 +20,7 @@ pytest-timeout==2.2.0
 mypy==1.7.1
 
 # Code formatting (optional)
-black==23.11.0
+black==24.3.0
 flake8==6.1.0
 
 # Security linting (optional)

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`Flask==3.0.0`
`2`		`-Werkzeug==3.0.1`
	`2`	`+Werkzeug==3.1.4`