From b7c1fcb66dcad86a09bd479261c68468352e923b Mon Sep 17 00:00:00 2001
From: Leo Hemsted <leo.hemsted@digital.cabinet-office.gov.uk>
Date: Tue, 14 Dec 2021 13:47:38 +0000
Subject: [PATCH] bump lxml to fix security warning

two vulnerabilities in <4.6.5 (GHSL-2021-1037 and GHSL-2021-1038)
https://github.com/lxml/lxml/blob/master/CHANGES.txt

also removes docopt as we don't use it except for a dev script (which we
might not need anyway)
---
 requirements.in  | 3 +--
 requirements.txt | 8 +++-----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/requirements.in b/requirements.in
index 41a712699..e60f3225b 100644
--- a/requirements.in
+++ b/requirements.in
@@ -3,7 +3,6 @@
 
 cffi==1.14.5
 celery[sqs]==5.2.0
-docopt==0.6.2
 Flask-Bcrypt==0.7.1
 flask-marshmallow==0.14.0
 Flask-Migrate==2.7.0
@@ -24,7 +23,7 @@ strict-rfc3339==0.7
 rfc3987==1.3.8
 cachetools==4.2.1
 beautifulsoup4==4.9.3
-lxml==4.6.3
+lxml==4.7.1
 Werkzeug==2.0.2
 
 # higher version causes build to fail on PaaS due to lack of Rust
diff --git a/requirements.txt b/requirements.txt
index fee9883de..f46f4467e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -73,12 +73,10 @@ cryptography==3.3.2
 dnspython==1.16.0
     # via eventlet
 docopt==0.6.2
-    # via
-    #   -r requirements.in
-    #   notifications-python-client
+    # via notifications-python-client
 docutils==0.15.2
     # via awscli
-eventlet==0.30.2 # pyup: ignore
+eventlet==0.30.2
     # via -r requirements.in
 flask==1.1.2
     # via
@@ -134,7 +132,7 @@ jsonschema==3.2.0
     # via -r requirements.in
 kombu==5.2.1
     # via celery
-lxml==4.6.3
+lxml==4.7.1
     # via -r requirements.in
 mako==1.1.5
     # via alembic