fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6261585 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767 - https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
Crown-Commercial-Service · May 16, 2024 · 9a6d512 · 9a6d512
1 parent 099a073
commit 9a6d512
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -14,7 +14,7 @@ botocore==1.21.51
     #   s3transfer
 cachelib==0.1.1
     # via flask-session
-certifi==2022.12.7
+certifi==2023.7.22
     # via requests
 cffi==1.14.0
     # via cryptography
@@ -24,7 +24,7 @@ click==7.0
     # via flask
 contextlib2==0.6.0.post1
     # via digitalmarketplace-utils
-cryptography==39.0.1
+cryptography==42.0.6
     # via digitalmarketplace-utils
 defusedxml==0.6.0
     # via odfpy
@@ -38,7 +38,7 @@ digitalmarketplace-utils==60.12.0
     #   digitalmarketplace-content-loader
 docopt==0.6.2
     # via notifications-python-client
-flask==1.1.4
+flask==2.2.5
     # via
     #   -r requirements.in
     #   digitalmarketplace-content-loader
@@ -68,7 +68,7 @@ govuk-country-register==0.5.0
     # via digitalmarketplace-utils
 govuk-frontend-jinja @ git+https://github.com/Crown-Commercial-Service/govuk-frontend-jinja.git@v0.5.6-alpha
     # via -r requirements.in
-idna==2.9
+idna==3.7
     # via requests
 inflection==0.3.1
     # via digitalmarketplace-content-loader
@@ -77,7 +77,7 @@ itsdangerous==1.1.0
     #   -r requirements.in
     #   flask
     #   flask-wtf
-jinja2==2.11.3
+jinja2==3.1.4
     # via
     #   digitalmarketplace-content-loader
     #   flask
@@ -116,7 +116,7 @@ pyyaml==6.0.1
     # via digitalmarketplace-content-loader
 redis==3.5.3
     # via digitalmarketplace-utils
-requests==2.26.0
+requests==2.31.0
     # via
     #   digitalmarketplace-apiclient
     #   digitalmarketplace-utils
@@ -128,11 +128,11 @@ six==1.14.0
     # via python-dateutil
 unicodecsv==0.14.1
     # via digitalmarketplace-utils
-urllib3==1.26.7
+urllib3==1.26.18
     # via
     #   botocore
     #   requests
-werkzeug==1.0.1
+werkzeug==3.0.3
     # via
     #   flask
     #   flask-login