update min versions for dependabot alerts

NTIA · Nov 20, 2023 · 0f9e3b3 · 0f9e3b3
1 parent 740c89a
commit 0f9e3b3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/requirements-dev.in b/src/requirements-dev.in
@@ -9,4 +9,4 @@ tox>=4.0,<5.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-aiohttp>=3.8.5        # CVE-2023-37276
+aiohttp>=3.8.6        # CVE-2023-37276, CVE-2023-47627
diff --git a/src/requirements.in b/src/requirements.in
@@ -1,5 +1,5 @@
 cryptography>=41.0.4
-django>=3.2.20, <4.0
+django>=3.2.23, <4.0
 djangorestframework>=3.0, <4.0
 django-session-timeout>=0.1, <1.0
 drf-yasg>=1.0, <2.0