Merge pull request #855 from uktrade/Hotfix_security_update

Hotfix security update MASTER
uktrade · Aug 7, 2020 · d319534 · d319534
2 parents b21b617 + 3a9128f
commit d319534
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 33 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@
 ### Implemented enhancements
 ### Fixed bugs
 
+### Hotfix
+- No ticket - Update of dependencies to fix security vulnerability
 
 ## [2020.06.15](https://github.com/uktrade/directory-cms/releases/tag/2020.06.15)
 [Full Changelog](https://github.com/uktrade/directory-cms/compare/2020.06.12...2020.06.15)

diff --git a/requirements.in b/requirements.in
@@ -32,7 +32,7 @@ urllib3>=1.24.2<2.0.0
 w3lib>=1.19.0<2.0.0
 django-admin-ip-restrictor==2.1.0
 notifications-python-client==5.3.*
-pillow>=6.*  # for security fix. check compatibility on next wagtail upgrade
+pillow>=7.1.0
 num2words==0.5.10
 pycountry==19.8.18
 elastic-apm>=5.5.2,<6.0.0

diff --git a/requirements.txt b/requirements.txt
@@ -12,8 +12,8 @@ bleach-whitelist==0.0.10  # via -r requirements.in
 bleach==3.1.5             # via -r requirements.in
 boto3==1.6.3              # via -r requirements.in
 botocore==1.9.23          # via boto3, s3transfer
-celery[redis]==4.4.5      # via -r requirements.in, django-celery-beat
-certifi==2020.4.5.2       # via elastic-apm, requests, sentry-sdk
+celery[redis]==4.4.6      # via -r requirements.in, django-celery-beat
+certifi==2020.6.20        # via elastic-apm, requests, sentry-sdk
 chardet==3.0.4            # via requests
 directory-components==20.3.1  # via -r requirements.in
 directory-constants==18.7.0  # via -r requirements.in, directory-components
@@ -26,39 +26,39 @@ django-filter==2.2.0      # via -r requirements.in
 django-health-check==3.8.0  # via directory-healthcheck
 django-ipware==2.1.0      # via django-admin-ip-restrictor
 django-modelcluster==5.0.2  # via wagtail
-django-modeltranslation==0.15  # via wagtail-modeltranslation
+django-modeltranslation==0.15.1  # via wagtail-modeltranslation
 django-pglocks==1.0.2     # via -r requirements.in
 django-redis==4.10.0      # via -r requirements.in
 django-staff-sso-client==1.0.1  # via -r requirements.in
 django-taggit==1.3.0      # via wagtail
 django-timezone-field==4.0  # via django-celery-beat
 django-treebeard==4.3.1   # via wagtail
-django==2.2.13            # via -r requirements.in, directory-components, directory-constants, directory-healthcheck, django-admin-ip-restrictor, django-celery-beat, django-filter, django-modeltranslation, django-redis, django-staff-sso-client, django-storages, django-taggit, django-timezone-field, django-treebeard, sigauth, wagtail
+django==2.2.14            # via -r requirements.in, directory-components, directory-constants, directory-healthcheck, django-admin-ip-restrictor, django-celery-beat, django-filter, django-modeltranslation, django-redis, django-staff-sso-client, django-storages, django-taggit, django-timezone-field, django-treebeard, sigauth, wagtail
 django_storages==1.7.1    # via -r requirements.in
 djangorestframework==3.9.4  # via -r requirements.in, sigauth, wagtail
 docopt==0.6.2             # via notifications-python-client, num2words
 docutils==0.16            # via botocore
 draftjs-exporter==2.1.7   # via wagtail
-elastic-apm==5.7.0        # via -r requirements.in
+elastic-apm==5.8.1        # via -r requirements.in
 future==0.18.2            # via celery, notifications-python-client
-gevent==20.6.1            # via -r requirements.in
+gevent==20.6.2            # via -r requirements.in
 greenlet==0.4.16          # via gevent
 gunicorn==19.5.0          # via -r requirements.in
 html2text==2018.1.9       # via -r requirements.in
-html5lib==1.0.1           # via wagtail
+html5lib==1.1             # via wagtail
 idna==2.8                 # via requests
-importlib-metadata==1.6.1  # via kombu
+importlib-metadata==1.7.0  # via kombu
 jmespath==0.10.0          # via boto3, botocore
 jsonschema==3.0.1         # via directory-components
-kombu==4.6.10             # via -r requirements.in, celery
+kombu==4.6.11             # via -r requirements.in, celery
 markdown==2.6             # via -r requirements.in
 mohawk==0.3.4             # via sigauth
 monotonic==1.5            # via notifications-python-client
 notifications-python-client==5.3.0  # via -r requirements.in
 num2words==0.5.10         # via -r requirements.in
 oauthlib==3.1.0           # via requests-oauthlib
 packaging==20.4           # via bleach
-pillow==6.2.2             # via -r requirements.in, wagtail
+pillow==7.2.0             # via -r requirements.in, wagtail
 psycogreen==1.0.2         # via -r requirements.in
 psycopg2==2.7.3.2         # via -r requirements.in
 pycountry==19.8.18        # via -r requirements.in
@@ -82,7 +82,7 @@ urllib3==1.24.3           # via -r requirements.in, elastic-apm, requests, sentr
 vine==1.3.0               # via amqp, celery
 w3lib==1.22.0             # via -r requirements.in
 wagtail-modeltranslation==0.10.13  # via -r requirements.in
-wagtail==2.7.3            # via -r requirements.in, wagtail-modeltranslation, wagtailmedia
+wagtail==2.7.4            # via -r requirements.in, wagtail-modeltranslation, wagtailmedia
 wagtailmedia==0.5.0       # via -r requirements.in
 webencodings==0.5.1       # via bleach, html5lib
 whitenoise==4.1.2         # via -r requirements.in

diff --git a/requirements_test.txt b/requirements_test.txt
@@ -12,12 +12,12 @@ bleach-whitelist==0.0.10  # via -r requirements.in
 bleach==3.1.5             # via -r requirements.in
 boto3==1.6.3              # via -r requirements.in
 botocore==1.9.23          # via boto3, s3transfer
-celery[redis]==4.4.5      # via -r requirements.in, django-celery-beat
-certifi==2020.4.5.2       # via elastic-apm, requests, sentry-sdk
+celery[redis]==4.4.6      # via -r requirements.in, django-celery-beat
+certifi==2020.6.20        # via elastic-apm, requests, sentry-sdk
 chardet==3.0.4            # via requests
 click==7.1.2              # via pip-tools
-coverage==5.1             # via coveralls, pytest-cov
-coveralls==2.0.0          # via -r requirements_test.in
+coverage==5.2.1           # via coveralls, pytest-cov
+coveralls==2.1.1          # via -r requirements_test.in
 directory-components==20.3.1  # via -r requirements.in
 directory-constants==18.7.0  # via -r requirements.in, directory-components
 directory-healthcheck==1.1.2  # via -r requirements.in
@@ -30,60 +30,61 @@ django-filter==2.2.0      # via -r requirements.in
 django-health-check==3.8.0  # via directory-healthcheck
 django-ipware==2.1.0      # via django-admin-ip-restrictor
 django-modelcluster==5.0.2  # via wagtail
-django-modeltranslation==0.15  # via wagtail-modeltranslation
+django-modeltranslation==0.15.1  # via wagtail-modeltranslation
 django-pglocks==1.0.2     # via -r requirements.in
 django-redis==4.10.0      # via -r requirements.in
 django-staff-sso-client==1.0.1  # via -r requirements.in
 django-taggit==1.3.0      # via wagtail
 django-timezone-field==4.0  # via django-celery-beat
 django-treebeard==4.3.1   # via wagtail
-django==2.2.13            # via -r requirements.in, directory-components, directory-constants, directory-healthcheck, django-admin-ip-restrictor, django-celery-beat, django-debug-toolbar, django-filter, django-modeltranslation, django-redis, django-staff-sso-client, django-storages, django-taggit, django-timezone-field, django-treebeard, sigauth, wagtail
+django==2.2.14            # via -r requirements.in, directory-components, directory-constants, directory-healthcheck, django-admin-ip-restrictor, django-celery-beat, django-debug-toolbar, django-filter, django-modeltranslation, django-redis, django-staff-sso-client, django-storages, django-taggit, django-timezone-field, django-treebeard, sigauth, wagtail
 django_storages==1.7.1    # via -r requirements.in
 djangorestframework==3.9.4  # via -r requirements.in, sigauth, wagtail
 docopt==0.6.2             # via coveralls, notifications-python-client, num2words
 docutils==0.16            # via botocore
 draftjs-exporter==2.1.7   # via wagtail
-elastic-apm==5.7.0        # via -r requirements.in
+elastic-apm==5.8.1        # via -r requirements.in
 factory-boy==2.12.0       # via -r requirements_test.in, wagtail-factories
-faker==4.1.0              # via factory-boy
+faker==4.1.1              # via factory-boy
 flake8==3.8.3             # via -r requirements_test.in
 freezegun==0.3.14         # via -r requirements_test.in
 future==0.18.2            # via celery, notifications-python-client
-gevent==20.6.1            # via -r requirements.in
+gevent==20.6.2            # via -r requirements.in
 greenlet==0.4.16          # via gevent
 gunicorn==19.5.0          # via -r requirements.in
 html2text==2018.1.9       # via -r requirements.in
-html5lib==1.0.1           # via wagtail
+html5lib==1.1             # via wagtail
 idna==2.8                 # via requests
-importlib-metadata==1.6.1  # via flake8, kombu, pluggy, pytest
+importlib-metadata==1.7.0  # via flake8, kombu, pluggy, pytest
+iniconfig==1.0.1          # via pytest
 jmespath==0.10.0          # via boto3, botocore
 jsonschema==3.0.1         # via directory-components
-kombu==4.6.10             # via -r requirements.in, celery
+kombu==4.6.11             # via -r requirements.in, celery
 markdown==2.6             # via -r requirements.in
 mccabe==0.6.1             # via flake8
 mohawk==0.3.4             # via sigauth
 monotonic==1.5            # via notifications-python-client
-more-itertools==8.3.0     # via pytest
+more-itertools==8.4.0     # via pytest
 notifications-python-client==5.3.0  # via -r requirements.in
 num2words==0.5.10         # via -r requirements.in
 oauthlib==3.1.0           # via requests-oauthlib
 packaging==20.4           # via bleach, pytest, pytest-sugar
-pillow==6.2.2             # via -r requirements.in, wagtail
-pip-tools==5.2.1          # via -r requirements_test.in
+pillow==7.2.0             # via -r requirements.in, wagtail
+pip-tools==5.3.1          # via -r requirements_test.in
 pluggy==0.13.1            # via pytest
 psycogreen==1.0.2         # via -r requirements.in
 psycopg2==2.7.3.2         # via -r requirements.in
-py==1.8.1                 # via pytest
+py==1.9.0                 # via pytest
 pycodestyle==2.6.0        # via flake8
 pycountry==19.8.18        # via -r requirements.in
 pyflakes==2.2.0           # via flake8
 pyjwt==1.7.1              # via notifications-python-client
 pyparsing==2.4.7          # via packaging
 pyrsistent==0.16.0        # via jsonschema
-pytest-cov==2.9.0         # via -r requirements_test.in
+pytest-cov==2.10.0        # via -r requirements_test.in
 pytest-django==3.9.0      # via -r requirements_test.in
-pytest-sugar==0.9.3       # via -r requirements_test.in
-pytest==5.4.3             # via -r requirements_test.in, pytest-cov, pytest-django, pytest-sugar
+pytest-sugar==0.9.4       # via -r requirements_test.in
+pytest==6.0.1             # via -r requirements_test.in, pytest-cov, pytest-django, pytest-sugar
 python-crontab==2.5.1     # via django-celery-beat
 python-dateutil==2.6.1    # via botocore, faker, freezegun, python-crontab
 pytube==9.2.2             # via -r requirements.in
@@ -99,15 +100,15 @@ six==1.15.0               # via bleach, django-modeltranslation, freezegun, html
 sqlparse==0.3.1           # via django, django-debug-toolbar
 termcolor==1.1.0          # via pytest-sugar
 text-unidecode==1.3       # via faker
+toml==0.10.1              # via pytest
 unidecode==1.1.1          # via wagtail
 urllib3==1.24.3           # via -r requirements.in, elastic-apm, requests, sentry-sdk
 vine==1.3.0               # via amqp, celery
 w3lib==1.22.0             # via -r requirements.in
 wagtail-factories==2.0.0  # via -r requirements_test.in
 wagtail-modeltranslation==0.10.13  # via -r requirements.in
-wagtail==2.7.3            # via -r requirements.in, wagtail-factories, wagtail-modeltranslation, wagtailmedia
+wagtail==2.7.4            # via -r requirements.in, wagtail-factories, wagtail-modeltranslation, wagtailmedia
 wagtailmedia==0.5.0       # via -r requirements.in
-wcwidth==0.2.4            # via pytest
 webencodings==0.5.1       # via bleach, html5lib
 whitenoise==4.1.2         # via -r requirements.in
 willow==1.3               # via wagtail