From cdb1a6cff7ac66b0c56f1aa685b7d0c30842bb5f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 10 Jun 2025 09:56:22 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-DJANGO-10302884
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-10305723
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index aa99543d..120ac1b5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-Django==1.11.29
+Django==4.2.22
 git+https://github.com/dbca-wa/dpaw-utils.git@0.3a16#egg=dpaw-utils
 git+https://github.com/django-oscar/django-oscar.git@8a3288da439cc2a878f44ae5c5101043e658d2a2#egg=django-oscar
 git+https://github.com/xzzy/django_crispy_jcaptcha.git#egg=django_crispy_jcaptcha
@@ -32,3 +32,4 @@ dj-static==0.0.6
 dj-database-url==0.5.0
 django-treebeard==4.3.1
 psycopg2==2.8.6
+requests>=2.32.4 # not directly required, pinned by Snyk to avoid a vulnerability