specify patched sqlparse in requirements.in

NTIA · Apr 24, 2023 · cf7cd86 · cf7cd86
1 parent 276c832
commit cf7cd86
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
@@ -109,6 +109,8 @@ environs==9.5.0
     #   -r requirements.txt
     #   scos-actions
     #   scos-tekrsa
+exceptiongroup==1.1.1
+    # via pytest
 filelock==3.9.0
     # via
     #   -r requirements.txt
@@ -196,7 +198,6 @@ packaging==23.0
     #   marshmallow
     #   pyproject-api
     #   pytest
-    #   ray
     #   tox
 paramiko==3.0.0
     # via
@@ -291,6 +292,10 @@ ruamel-yaml==0.17.21
     #   -r requirements.txt
     #   drf-yasg
     #   scos-actions
+ruamel-yaml-clib==0.2.7
+    # via
+    #   -r requirements.txt
+    #   ruamel-yaml
 scipy==1.10.1
     # via
     #   -r requirements.txt
@@ -327,6 +332,12 @@ texttable==1.6.7
     # via
     #   -r requirements.txt
     #   docker-compose
+tomli==2.0.1
+    # via
+    #   coverage
+    #   pyproject-api
+    #   pytest
+    #   tox
 tox==4.4.6
     # via -r requirements-dev.in
 uritemplate==4.1.1

diff --git a/src/requirements.in b/src/requirements.in
@@ -1,4 +1,3 @@
-cryptography>=39.0.1
 django>=3.2.18, <4.0
 djangorestframework>=3.0, <4.0
 django-session-timeout>=0.1, <1.0
@@ -16,3 +15,9 @@ requests-mock>=1.0, <2.0
 requests_oauthlib>=1.0, <2.0
 scos_actions @ git+https://github.com/NTIA/scos-actions@6.2.2
 scos_tekrsa @ git+https://github.com/NTIA/scos-tekrsa@3.0.4
+
+# The following are sub-dependencies for which SCOS Sensor enforces a
+# higher minimum patch version than the dependencies which require them.
+# This is done to ensure the inclusion of specific security patches.
+cryptography>=39.0.1  # CVE-2023-0286
+sqlparse>=0.4.4       # CVE-2023-30608
diff --git a/src/requirements.txt b/src/requirements.txt
@@ -124,7 +124,6 @@ packaging==23.0
     #   docker
     #   drf-yasg
     #   marshmallow
-    #   ray
 paramiko==3.0.0
     # via docker
 platformdirs==3.0.0
@@ -177,6 +176,8 @@ ruamel-yaml==0.17.21
     # via
     #   drf-yasg
     #   scos-actions
+ruamel-yaml-clib==0.2.7
+    # via ruamel-yaml
 scipy==1.10.1
     # via scos-actions
 scos_actions @ git+https://github.com/NTIA/scos-actions@6.2.2
@@ -197,7 +198,9 @@ six==1.16.0
     #   sigmf
     #   websocket-client
 sqlparse==0.4.4
-    # via django
+    # via
+    #   -r requirements.in
+    #   django
 tekrsa-api-wrap==1.3.2
     # via scos-tekrsa
 texttable==1.6.7