From b20b0dd1218ab45969eef2c70dfba728bcfefbf4 Mon Sep 17 00:00:00 2001
From: Margaret Fero <MaggieFero@users.noreply.github.com>
Date: Tue, 15 Aug 2023 22:17:11 -0700
Subject: [PATCH 1/3] Add privileges to codeql-analysis.yml

Explicitly give codeql-analysis action the security-events: write permission so it still works even when the default GitHub Actions token is set to read-only.
---
 .github/workflows/codeql-analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 68bb05d7e5..a743ccd64d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -12,6 +12,9 @@
 
 name: "CodeQL"
 
+permissions:
+  security-events: write
+
 on:
   push:
     branches: [ main ]

From 5050aa4ec1ad2bdba84bf3f69dabcf93d2bf1938 Mon Sep 17 00:00:00 2001
From: Philip James <phildini@phildini.net>
Date: Wed, 16 Aug 2023 17:51:54 -0700
Subject: [PATCH 2/3] Bump versions on libraries  (#10)

* Bump versions

* Bump back Pillow due to test failure

* Bump setuptools
---
 Dockerfile           |  2 +-
 dev-tools/Dockerfile |  2 +-
 requirements.txt     | 15 +++++++++------
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b3cd26e887..82b0c92c50 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.9
+FROM python:3.11
 
 ENV PYTHONUNBUFFERED 1
 
diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile
index 9abc7491e4..75c5c5559d 100644
--- a/dev-tools/Dockerfile
+++ b/dev-tools/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.9
+FROM python:3.11
 
 ENV PYTHONUNBUFFERED 1
 
diff --git a/requirements.txt b/requirements.txt
index e8328b1706..051494162f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,21 +1,23 @@
+setuptools>=65.5
 aiohttp==3.8.5
 bleach==5.0.1
-celery==5.2.7
+celery==5.3.1
 colorthief==0.2.1
 Django==3.2.20
-django-celery-beat==2.4.0
-django-compressor==4.3.1
+django-celery-beat==2.5.0
+django-compressor==4.4
 django-imagekit==4.1.0
 django-model-utils==4.3.1
 django-sass-processor==1.2.2
 django-csp==3.7
 environs==9.5.0
 flower==1.2.0
+grpcio==1.57.0
 libsass==0.22.0
 Markdown==3.4.1
 Pillow==9.4.0
-psycopg2==2.9.5
-pycryptodome==3.16.0
+psycopg2==2.9.7
+pycryptodome==3.18.0
 python-dateutil==2.8.2
 redis==4.5.4
 requests==2.31.0
@@ -34,10 +36,11 @@ opentelemetry-sdk==1.16.0
 protobuf==3.20.*
 pyotp==2.8.0
 qrcode==7.3.1
+tornado==6.3.3
 
 # Dev
 pytest-django==4.1.0
-pytest==6.1.2
+pytest==6.2.5
 pytest-cov==2.10.1
 pytest-env==0.6.2
 pytest-xdist==2.3.0

From e83f4e627498149bd1c59c481b91d73ca095cc55 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 17 Oct 2023 08:13:18 +0000
Subject: [PATCH 3/3] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FLOWER-5537287
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 051494162f..febb59135d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,7 +11,7 @@ django-model-utils==4.3.1
 django-sass-processor==1.2.2
 django-csp==3.7
 environs==9.5.0
-flower==1.2.0
+flower==2.0.0
 grpcio==1.57.0
 libsass==0.22.0
 Markdown==3.4.1