From 3d8c64cf324d7d1cbd442d36dbea49ff963c8ba8 Mon Sep 17 00:00:00 2001
From: MingYi <bluedabedi@hotmail.com>
Date: Fri, 21 Oct 2016 12:22:40 +0800
Subject: [PATCH 1/2] Updated dependencies to resolve reported vulns

---
 requirements.txt | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 189d55c..fc32b84 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
-django==1.7.1
-PyJWT==0.4.2
-rsa==3.0
-requests==2.2.1
-feedparser==5.1.1
-pycrypto==2.4
+django==1.10.2
+PyJWT==1.4.2
+rsa==3.4.2
+requests==2.11.1
+feedparser==5.2.1
+pycrypto==2.6.1

From 0d8b92beb4c85e0a4adf201ef38f00e1a1626111 Mon Sep 17 00:00:00 2001
From: MingYi <bluedabedi@hotmail.com>
Date: Fri, 21 Oct 2016 12:24:06 +0800
Subject: [PATCH 2/2] Demo pip direct dependency results

Direct dependency takes precedence for pip.
raven==1.9.4 would install simplejson==2.4.0 by default.
We show that a direct dependency would replace a transitive dependency.
---
 requirements.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/requirements.txt b/requirements.txt
index fc32b84..75c4e52 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,3 +4,5 @@ rsa==3.4.2
 requests==2.11.1
 feedparser==5.2.1
 pycrypto==2.6.1
+raven==1.9.4        # requires simplejson, will install simplejson==2.4.0
+simplejson==2.3.3   # direct takes precedence for pip