From 9d6a1feed39bcd6a7cf86be54d4bd875eda8a3e1 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 18 Mar 2025 05:19:02 +0000
Subject: [PATCH] fix: website-backend/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2968205
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3319450
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456315
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456316
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 website-backend/requirements.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/website-backend/requirements.txt b/website-backend/requirements.txt
index 997b2f0..c63c624 100644
--- a/website-backend/requirements.txt
+++ b/website-backend/requirements.txt
@@ -1,6 +1,6 @@
 ansi2html
 boto3
-Django==2.2.27
+Django==4.2.20
 django-gravatar2
 django-model-utils
 django-prometheus
@@ -17,3 +17,6 @@ PyJWT==1.7.1
 pytz==2016.6.1
 requests
 virtualenv==15.1.0
+sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability