From 60f8589391528cc97d0b86a24d94c22b02289ca5 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 11 Mar 2024 18:10:56 +0000
Subject: [PATCH] fix: app/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2312875
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329158
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329159
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329160
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389002
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389021
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2968205
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3039675
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3266406
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3319450
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6230369
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-1584201
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-5426157
---
 app/requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/requirements.txt b/app/requirements.txt
index 773b1bd..f58fe0b 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -1,17 +1,18 @@
 asgiref==3.4.1
-celery==5.1.2
+celery==5.2.2
 confusable-homoglyphs==3.2.0
-Django==3.2.6
+Django==3.2.25
 django-braces==1.15.0
 django-celery-results==2.2.0
 psycopg2-binary==2.9.1
 pytz==2021.1
 pymongo==3.12.1
 python-dateutil==2.8.2
-sqlparse==0.4.1
+sqlparse==0.4.4
 lxml==4.6.3
 minio==7.1.0
 gunicorn==20.1.0
 -e git+https://github.com/scieloorg/opac_schema.git@v2.62#egg=opac_schema
 -e git+https://github.com/scieloorg/dsm.git@v0.1.1#egg=dsm
 -e git+https://github.com/scieloorg/scielo_v3_manager.git@0.6#egg=scielo_v3_manager
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability