fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6230369 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660 - https://snyk.io/vuln/SNYK-PYTHON-OPENTELEMETRYINSTRUMENTATION-5926995 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
phildini · Mar 6, 2024 · bea4199 · bea4199
1 parent 9e17662
commit bea4199
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@ aiohttp==3.9.2
 bleach==5.0.1
 celery==5.3.1
 colorthief==0.2.1
-Django==3.2.20
+Django==3.2.25
 django-celery-beat==2.4.0
 django-compressor==4.3.1
 django-imagekit==4.1.0
@@ -14,7 +14,7 @@ flower==1.2.0
 grpcio==1.57.0
 libsass==0.22.0
 Markdown==3.4.1
-Pillow==9.4.0
+Pillow==10.2.0
 psycopg2==2.9.5
 pycryptodome==3.16.0
 python-dateutil==2.8.2
@@ -56,3 +56,5 @@ types-psycopg2==2.9.21.11
 types-python-dateutil==2.8.19.14
 types-requests==2.31.0.2
 types-requests==2.31.0.2
+opentelemetry-instrumentation>=0.41b0 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability