-
Notifications
You must be signed in to change notification settings - Fork 11
/
security-constraints.in
42 lines (31 loc) · 1.16 KB
/
security-constraints.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# this file contains packages that are not primary dependencies but need a
# minimum version contraint for things like security vulnerabilities.
# How this works:
# Add the minimum version from the dependabot alert in this requirement file and run `make`.
# Commit the result and after build deploy it.
# For exceptional cases you need to update the major version of the requirement, which can mean more work than the
# Above two step procedure.
# Pillow truely is the gift that keeps on giving.
# CVE-2021-23437
# CVE-2022-22815
# CVE-2022-22816
# CVE-2022-22817
# CVE-2022-24303
# GHSA-4fx9-vc88-q2xc
Pillow>=9.0.1
# CVE-2021-42771
babel>=2.9.1
# GHSL-2021-1037 and GHSL-2021-1038
lxml>=4.6.5
# CVE-2021-44420
Django>=3.1.14
# GHSA-p5w8-wqhj-9hhf
sqlparse>=0.4.2
# https://github.com/internetstandards/Internet.nl-dashboard/security/dependabot/131
gitpython>=3.1.32
# https://github.com/internetstandards/Internet.nl-dashboard/security/dependabot/141
uwsgi>=2.0.22
# https://github.com/internetstandards/Internet.nl-dashboard/security/dependabot/140
certifi>=2023.7.22
# https://github.com/internetstandards/Internet.nl-dashboard/security/dependabot/137
cryptography>=41.0.2