From 1bd46827dd4fdf784bb613e37cfdbe8e3e588d79 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 24 Oct 2022 00:46:21 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJOSER-174565
- https://snyk.io/vuln/SNYK-PYTHON-DJOSER-72874
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055461
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055462
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080635
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080654
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081494
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081501
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1081502
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082329
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082750
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090584
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090586
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090587
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1090588
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1292150
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1292151
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1316216
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2329135
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331901
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331905
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2331907
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-2397241
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-536096
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-540746
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-541323
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-541324
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-541325
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-541326
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574576
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
---
 requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a5c0299..78576f8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,8 +29,8 @@ dry-rest-permissions==0.1.8
 djangorestframework-gis==0.13
 drf-yasg==1.7.4
 django-extra-fields==1.0.0
-Pillow==5.1.0
-djoser==1.2.2
+Pillow==9.0.1
+djoser==1.5.1
 
 # for S3 static/media storage
 django-storages==1.6.6
@@ -54,3 +54,4 @@ django-extensions>=1.7.2,<1.8
 ipython>=5.1.0,<6.0
 Werkzeug>=0.10.4,<1.0
 factory-boy==2.11.1
+urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability