From 6649fa545080bd4717934772a7d3babfe5340d75 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 4 Dec 2025 22:52:47 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157807
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-14157810
- https://snyk.io/vuln/SNYK-PYTHON-SQLPARSE-14157217
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 02a4cf5fd0..267099089d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ botocore>=1.39.15
 celery>=5.5.3
 coverage>=7.9.2
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
-Django>4.2,<5
+Django>4.2.27
 django-admin-rangefilter>=0.13.3
 django-analytical>=3.2.0
 django-bootstrap5>=25.1
@@ -89,3 +89,4 @@ xml2rfc>=3.30.0
 xym>=0.6,<1.0
 zxcvbn>=4.5.0
 types-zxcvbn~=4.5.0.20250223  # match zxcvbn version
+sqlparse>=0.5.4 # not directly required, pinned by Snyk to avoid a vulnerability