From 13d95827d66564929d98a21c2a453aaedb39633e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 29 Jun 2024 00:34:02 +0000
Subject: [PATCH] fix: requirements/base.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1066259
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1279042
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1290072
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-1298665
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2312875
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329158
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329159
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2329160
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389002
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2389021
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2968205
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-3319450
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5750790
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-5932095
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6041515
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-6370660
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
---
 requirements/base.txt | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 3261232..5552889 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -21,7 +21,7 @@ timezonefinder==4.2.0
 python-slugify==4.0.0  # https://github.com/un33k/python-slugify
 Pillow==7.0.0  # https://github.com/python-pillow/Pillow
 argon2-cffi==19.1.0  # https://github.com/hynek/argon2_cffi
-redis>=3.2
+redis>=4.3.6
 
 crate==0.26.0
 matplotlib==3.4.2
@@ -29,7 +29,7 @@ celery==5.2.2
 
 # Django
 # ------------------------------------------------------------------------------
-django==2.2.27
+django==3.2.25
 django-environ==0.4.5  # https://github.com/joke2k/django-environ
 django-model-utils==4.0.0  # https://github.com/jazzband/django-model-utils
 django-allauth==0.41.0  # https://github.com/pennersr/django-allauth
@@ -69,3 +69,8 @@ NREL-PySAM==2.2.2
 
 # Our greenbutton-python fork
 -e git+https://github.com/opentaps/greenbutton-python.git#egg=greenbutton
+certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
+cryptography>=42.0.8 # not directly required, pinned by Snyk to avoid a vulnerability
+idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
+jinja2>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability
+requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability