From eed12a1f7ff7af3cb22ed0a310d3cd175b73c2ee Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 30 Jan 2026 17:13:35 +0000 Subject: [PATCH 1/2] fix: requirements/production.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10074036 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10302884 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-12485156 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13836728 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13837025 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157807 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157810 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456315 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456316 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408 - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672 - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-9510910 - https://snyk.io/vuln/SNYK-PYTHON-SENTRYSDK-7541801 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-14157217 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements/production.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/requirements/production.txt b/requirements/production.txt index e73ec4bd..e7f54d3a 100644 --- a/requirements/production.txt +++ b/requirements/production.txt @@ -3,9 +3,9 @@ -r base.txt gevent==24.2.1 # http://www.gevent.org/ -gunicorn==21.2.0 # https://github.com/benoitc/gunicorn +gunicorn==23.0.0 # https://github.com/benoitc/gunicorn psycopg2==2.9.9 # https://github.com/psycopg/psycopg2 -sentry-sdk[django]==2.5.1 # https://github.com/getsentry/sentry-python +sentry-sdk==2.8.0 # https://github.com/getsentry/sentry-python # Django # ------------------------------------------------------------------------------ @@ -16,4 +16,7 @@ django-anymail # https://github.com/anymail/django-anymail # Elastic-APM # https://pypi.org/project/elastic-apm/ # ------------------------------------------------------------------------------ -elastic-apm==6.15.1 \ No newline at end of file +elastic-apm==6.15.1 +django>=4.2.27 # not directly required, pinned by Snyk to avoid a vulnerability +sqlparse>=0.5.4 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file From 2b496f68739df8befebeb8f3bc002701184d8e87 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 30 Jan 2026 17:13:41 +0000 Subject: [PATCH 2/2] fix: requirements/production.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10074036 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10302884 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-12485156 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13836728 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-13837025 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157807 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157810 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7435780 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436273 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436514 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7436646 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642790 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642791 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642813 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7642814 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886958 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-7886959 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456315 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-8456316 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-9296408 - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672 - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-9510910 - https://snyk.io/vuln/SNYK-PYTHON-SENTRYSDK-7541801 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-14157217 - https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-6615674 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899