From 9a6d512861263cdf9c12d146f117a4d7c478ca39 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 16 May 2024 17:14:16 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6261585
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
---
 requirements.txt | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c65614bdc..bb5b4a9a5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ botocore==1.21.51
     #   s3transfer
 cachelib==0.1.1
     # via flask-session
-certifi==2022.12.7
+certifi==2023.7.22
     # via requests
 cffi==1.14.0
     # via cryptography
@@ -24,7 +24,7 @@ click==7.0
     # via flask
 contextlib2==0.6.0.post1
     # via digitalmarketplace-utils
-cryptography==39.0.1
+cryptography==42.0.6
     # via digitalmarketplace-utils
 defusedxml==0.6.0
     # via odfpy
@@ -38,7 +38,7 @@ digitalmarketplace-utils==60.12.0
     #   digitalmarketplace-content-loader
 docopt==0.6.2
     # via notifications-python-client
-flask==1.1.4
+flask==2.2.5
     # via
     #   -r requirements.in
     #   digitalmarketplace-content-loader
@@ -68,7 +68,7 @@ govuk-country-register==0.5.0
     # via digitalmarketplace-utils
 govuk-frontend-jinja @ git+https://github.com/Crown-Commercial-Service/govuk-frontend-jinja.git@v0.5.6-alpha
     # via -r requirements.in
-idna==2.9
+idna==3.7
     # via requests
 inflection==0.3.1
     # via digitalmarketplace-content-loader
@@ -77,7 +77,7 @@ itsdangerous==1.1.0
     #   -r requirements.in
     #   flask
     #   flask-wtf
-jinja2==2.11.3
+jinja2==3.1.4
     # via
     #   digitalmarketplace-content-loader
     #   flask
@@ -116,7 +116,7 @@ pyyaml==6.0.1
     # via digitalmarketplace-content-loader
 redis==3.5.3
     # via digitalmarketplace-utils
-requests==2.26.0
+requests==2.31.0
     # via
     #   digitalmarketplace-apiclient
     #   digitalmarketplace-utils
@@ -128,11 +128,11 @@ six==1.14.0
     # via python-dateutil
 unicodecsv==0.14.1
     # via digitalmarketplace-utils
-urllib3==1.26.7
+urllib3==1.26.18
     # via
     #   botocore
     #   requests
-werkzeug==1.0.1
+werkzeug==3.0.3
     # via
     #   flask
     #   flask-login