From 90918bebcf1169234f64ce5b787ca10f5991961a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 5 Oct 2021 20:44:43 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1066259
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1279042
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1290072
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1298665
- https://snyk.io/vuln/SNYK-PYTHON-LXML-1088006
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055461
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055462
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1059090
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080635
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080654
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081494
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081501
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081502
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082329
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082750
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090584
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090586
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090587
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090588
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1292150
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1292151
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1316216
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574576
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
- https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 70e4dbd4..cfa135ca 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -40,7 +40,7 @@ django-cors-middleware==1.5.0
 
 # For Django tests
 beautifulsoup4==4.9.3
-lxml==4.6.2
+lxml==4.6.3
 
 azure-common==1.1.26
 # Upgrade to 12.x.x once https://github.com/jschneier/django-storages/pull/805/ is merged
@@ -69,3 +69,4 @@ google-auth-oauthlib==0.4.2
 libsass==0.20.1
 django-compressor==2.4
 django-sass-processor==0.8.2
+rsa>=4.7 # not directly required, pinned by Snyk to avoid a vulnerability