fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203 - https://snyk.io/vuln/SNYK-PYTHON-JWCRYPTO-6405821 - https://snyk.io/vuln/SNYK-PYTHON-SELENIUM-6062316 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
OKEAMAH · Aug 17, 2024 · cd21a10 · cd21a10
1 parent bb0b342
commit cd21a10
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -36,7 +36,7 @@ html5lib>=1.1    # Only used in tests
 inflect>= 6.0.2
 jsonfield>=3.1.0    # for SubmissionCheck.  This is https://github.com/bradjasper/django-jsonfield/.
 jsonschema[format]>=4.2.1
-jwcrypto>=1.2    # for signed notifications - this is aspirational, and is not really used.
+jwcrypto>=1.5.6    # for signed notifications - this is aspirational, and is not really used.
 logging_tree>=1.9    # Used only by the showloggers management command
 lxml>=4.8.0,<5
 markdown>=3.3.6
@@ -64,12 +64,14 @@ types-requests>=2.27.1
 requests-mock>=1.9.3
 rfc2html>=2.0.3
 scout-apm>=2.24.2
-selenium>=4.0
+selenium>=4.15.1
 tblib>=1.7.0    # So that the django test runner provides tracebacks
 tlds>=2022042700    # Used to teach bleach about which TLDs currently exist
 tqdm>=4.64.0
 Unidecode>=1.3.4
-urllib3>=2
+urllib3>=2.2.2
 weasyprint>=59
 xml2rfc>=3.12.4
 xym>=0.6,<1.0
+fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability