Merge pull request #6276 from simaishi/43_bump_deps

[4.3] Bump python dependencies for security fixes
2026-03-20 07:43:35 -05:00 · 2023-01-23 09:01:40 -05:00
parent 1e33bc4020
commit bda806fd03
5 changed files with 24 additions and 471 deletions
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -25,7 +25,7 @@ django-taggit
 djangorestframework==3.13.1
 djangorestframework-yaml
 filelock
-GitPython
+GitPython>=3.1.30  # CVE-2022-24439
 hiredis==2.0.0  # see UPGRADE BLOCKERs
 irc
 jinja2
@@ -55,7 +55,7 @@ twilio
 twisted[tls]
 uWSGI
 uwsgitop
-wheel
+wheel>=0.38.1 # CVE-2022-40898
 pip==21.2.4  # see UPGRADE BLOCKERs
 setuptools  # see UPGRADE BLOCKERs
 setuptools_scm[toml]  # see UPGRADE BLOCKERs, xmlsec build dep