Update requirements

src/requirements-dev.txt

@@ -38,7 +38,7 @@ cachetools==5.3.0
     # via
     #   google-auth
     #   tox
-certifi==2022.12.7
+certifi==2023.7.22
     # via
     #   -r requirements.txt
     #   requests
@@ -75,7 +75,7 @@ coreschema==0.0.4
     #   drf-yasg
 coverage[toml]==7.2.1
     # via pytest-cov
-cryptography==41.0.0
+cryptography==41.0.3
     # via
     #   -r requirements.txt
     #   paramiko
@@ -89,7 +89,7 @@ distro==1.8.0
     # via
     #   -r requirements.txt
     #   docker-compose
-django==3.2.19
+django==3.2.20
     # via
     #   -r requirements.txt
     #   django-session-timeout

src/requirements.in

@@ -1,4 +1,4 @@
-django>=3.2.19, <4.0
+django>=3.2.20, <4.0
 djangorestframework>=3.0, <4.0
 django-session-timeout>=0.1, <1.0
 docker-compose>=1.0
@@ -19,5 +19,6 @@ scos_tekrsa @ git+https://github.com/NTIA/[email protected]
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-cryptography>=41.0.0  # GHSA-5cpq-8wj7-hf2v
+certifi>=2023.07.22   # CVE-2023-37920
+cryptography>=41.0.2  # CVE-2023-38325
 sqlparse>=0.4.4       # CVE-2023-30608

src/requirements.txt

@@ -14,8 +14,10 @@ attrs==22.2.0
     #   ray
 bcrypt==4.0.1
     # via paramiko
-certifi==2022.12.7
-    # via requests
+certifi==2022.7.22
+    # via
+    #   -r requirements.in
+    #   requests
 cffi==1.15.1
     # via
     #   cryptography
@@ -30,15 +32,15 @@ coreschema==0.0.4
     # via
     #   coreapi
     #   drf-yasg
-cryptography==41.0.0
+cryptography==41.0.3
     # via
     #   -r requirements.in
     #   paramiko
 defusedxml==0.7.1
     # via its-preselector
 distro==1.8.0
     # via docker-compose
-django==3.2.19
+django==3.2.20
     # via
     #   -r requirements.in
     #   django-session-timeout