Bump utils to fix bleach security vulnerability

2026-06-21 13:43:14 -04:00 · 2020-02-25 10:39:50 +00:00
parent f0c4dd9c99
commit 55ebecbca5
2 changed files with 10 additions and 10 deletions
--- a/requirements-app.txt
+++ b/requirements-app.txt
@@ -24,5 +24,5 @@ awscli-cwlogs>=1.4,<1.5
 # Putting upgrade on hold due to v1.0.0 using sha512 instead of sha1 by default
 itsdangerous==0.24  # pyup: <1.0.0

-git+https://github.com/alphagov/notifications-utils.git@36.6.0#egg=notifications-utils==36.6.0
+git+https://github.com/alphagov/notifications-utils.git@36.6.1#egg=notifications-utils==36.6.1
 git+https://github.com/alphagov/govuk-frontend-jinja.git@v0.5.1-alpha#egg=govuk-frontend-jinja==0.5.1-alpha
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,14 +26,14 @@ awscli-cwlogs>=1.4,<1.5
 # Putting upgrade on hold due to v1.0.0 using sha512 instead of sha1 by default
 itsdangerous==0.24  # pyup: <1.0.0

-git+https://github.com/alphagov/notifications-utils.git@36.6.0#egg=notifications-utils==36.6.0
+git+https://github.com/alphagov/notifications-utils.git@36.6.1#egg=notifications-utils==36.6.1
 git+https://github.com/alphagov/govuk-frontend-jinja.git@v0.5.1-alpha#egg=govuk-frontend-jinja==0.5.1-alpha

 ## The following requirements were added by pip freeze:
-awscli==1.18.2
-bleach==3.1.0
+awscli==1.18.6
+bleach==3.1.1
 boto3==1.10.38
-botocore==1.15.2
+botocore==1.15.6
 certifi==2019.11.28
 chardet==3.0.4
 Click==7.0
@@ -45,10 +45,10 @@ et-xmlfile==1.0.1
 flask-redis==0.4.0
 future==0.18.2
 greenlet==0.4.15
-idna==2.8
+idna==2.9
 jdcal==1.4.1
 Jinja2==2.11.1
-jmespath==0.9.4
+jmespath==0.9.5
 lml==0.0.9
 lxml==4.5.0
 MarkupSafe==1.1.1
@@ -56,16 +56,16 @@ mistune==0.8.4
 monotonic==1.5
 openpyxl==3.0.3
 orderedset==2.0.1
-phonenumbers==8.11.1
+phonenumbers==8.11.2
 pyasn1==0.4.8
 pyexcel-ezodf==0.3.4
 PyJWT==1.7.1
 PyPDF2==1.26.0
 python-dateutil==2.8.1
 python-json-logger==0.1.11
-PyYAML==5.2
+PyYAML==5.3
 redis==3.4.1
-requests==2.22.0
+requests==2.23.0
 rsa==3.4.2
 s3transfer==0.3.3
 six==1.14.0