centralcloud/oncall-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
oncall-engine/engine/requirements.in
Joey Orlando 4a39518a56
address outstanding CVEs + remove plop from grafana-plugin/ (#4871) 
# Which issue(s) this PR closes

Closes the following dependabot alerts/CVEs:

- [x] https://github.com/grafana/oncall/security/dependabot/117 -
CVE-2022-42969
- [x] https://github.com/grafana/oncall/security/dependabot/106 and
https://github.com/grafana/oncall/security/dependabot/105 -
CVE-2024-3651
- [x] https://github.com/grafana/oncall/security/dependabot/51 -
CVE-2022-46175
- [x] https://github.com/grafana/oncall/security/dependabot/124 -
CVE-2024-4068
- [ ] https://github.com/grafana/oncall/security/dependabot/78 -
CVE-2023-44270
- [ ] https://github.com/grafana/oncall/security/dependabot/132 and
https://github.com/grafana/oncall/security/dependabot/131 -
CVE-2024-39689

## Checklist

- [x] Unit, integration, and e2e (if applicable) tests updated
- [ ] Documentation added (or `pr:no public docs` PR label added if not
required)
- [ ] Added the relevant release notes label (see labels prefixed w/
`release:`). These labels dictate how your PR will
    show up in the autogenerated release notes.
2024-08-20 10:29:01 -04:00

70 lines
1.9 KiB
Text
Raw Blame History

babel==2.12.1
beautifulsoup4==4.12.2
celery[redis]==5.3.1
cryptography==42.0.8
django==4.2.15
django-add-default-value==0.10.0
django-amazon-ses==4.0.1
django-anymail==11.1
django-cors-headers==3.7.0
# pyroscope-io==0.8.1
django-dbconn-retry==0.1.7
django-debug-toolbar==4.1
django-deprecate-fields==0.1.1
django-filter==2.4.0
django-ipware==4.0.2
django-log-request-id==1.6.0
django-migration-linter==4.1.0
django-mirage-field==1.3.0
django-mysql==4.6.0
django-polymorphic==3.1.0
django-ratelimit==2.0.0
django-redis==5.4.0
django-rest-polymorphic==0.1.10
django-silk==5.0.3
django-sns-view==0.1.2
djangorestframework==3.15.2
factory-boy<3.0
drf-spectacular==0.26.5
emoji==2.4.0
# If the version of grpcio is changed
# upload a new arm64 wheel instead of /engine/grpcio-1.57.0-cp311-cp311-linux_aarch64.whl
grpcio==1.64.1
fcm-django @ https://github.com/grafana/fcm-django/archive/refs/tags/v1.0.12r1.tar.gz#sha256=7ec7cd9d353fc9edf19a4acd4fa14090a31d83d02ac986c5e5e081dea29f564f
hiredis==2.2.3
humanize==4.10.0
icalendar==5.0.10
lxml==5.2.2
markdown2==2.4.10
opentelemetry-sdk==1.25.0
opentelemetry-api==1.25.0
opentelemetry-exporter-otlp-proto-grpc==1.25.0
opentelemetry-instrumentation-logging==0.46b0
opentelemetry-instrumentation-wsgi==0.46b0
opentelemetry-instrumentation-requests==0.46b0
opentelemetry-instrumentation-django==0.46b0
phonenumbers==8.10.0
prometheus_client==0.16.0
psutil==5.9.4
psycopg2==2.9.3
pymdown-extensions==10.0
PyMySQL==1.1.1
python-telegram-bot==13.13
recurring-ical-events==2.1.0
redis==5.0.1
regex==2021.11.2
requests==2.32.3
slack-export-viewer==1.1.4
slack_sdk==3.21.3
social-auth-app-django==5.4.1
twilio~=6.37.0
urllib3==1.26.19
uwsgi==2.0.26
whitenoise==5.3.0
google-api-python-client==2.122.0
google-auth-httplib2==0.2.0
google-auth-oauthlib==1.2.0
# we are manually pinning idna to 3.7 to fix CVE-2024-3651
# requests==2.32.3 is installing idna==3.6 but supports idna>=2.5,<4
# https://github.com/psf/requests/blob/v2.32.3/setup.py#L63
idna==3.7
Reference in a new issue View git blame Copy permalink