From e9bb3fe5c36c9c2531473897206a2a0fe1a1dc02 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Dec 2024 19:03:31 +0000
Subject: [PATCH 1/5] Bump django from 4.2.16 to 4.2.17 in /src

Bumps [django](https://github.com/django/django) from 4.2.16 to 4.2.17.
- [Commits](https://github.com/django/django/compare/4.2.16...4.2.17)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 src/requirements-dev.txt | 2 +-
 src/requirements.txt     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 12add771..d039d515 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -73,7 +73,7 @@ defusedxml==0.7.1
     #   its-preselector
 distlib==0.3.7
     # via virtualenv
-django==4.2.16
+django==4.2.17
     # via
     #   -r requirements.txt
     #   django-session-timeout
diff --git a/src/requirements.txt b/src/requirements.txt
index 80b9740f..bbf5439e 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -35,7 +35,7 @@ cryptography==43.0.1
     # via -r requirements.in
 defusedxml==0.7.1
     # via its-preselector
-django==4.2.16
+django==4.2.17
     # via
     #   -r requirements.in
     #   django-session-timeout

From 6c4b99071d36d255af156941aff70af1e0f91395 Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Fri, 13 Dec 2024 11:43:53 -0700
Subject: [PATCH 2/5] Require django>=4.2.17 and re-compile lockfile

---
 src/requirements-dev.txt | 4 +++-
 src/requirements.in      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index d039d515..096d872d 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -64,7 +64,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.6.4
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==43.0.1
     # via -r requirements.txt
 defusedxml==0.7.1
diff --git a/src/requirements.in b/src/requirements.in
index e4a4f7db..635e8f5c 100644
--- a/src/requirements.in
+++ b/src/requirements.in
@@ -1,5 +1,5 @@
 cryptography>=43.0.1
-django>=4.2.16, <5.0
+django>=4.2.17, <5.0
 djangorestframework>=3.15.2, <4.0
 django-session-timeout>=0.1, <1.0
 drf-yasg>=1.0, <2.0

From 0589d03895020881ed5d37164b638fba58a4322f Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Fri, 13 Dec 2024 11:44:51 -0700
Subject: [PATCH 3/5] Update pre-commit hooks

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f5aeec30..2a644504 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -34,7 +34,7 @@ repos:
       - id: black
         types: [file, python]
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.42.0
+    rev: v0.43.0
     hooks:
       - id: markdownlint
         types: [file, markdown]

From 1334d0639cda51e6abba5f79540472558ded2401 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 Dec 2024 01:10:50 +0000
Subject: [PATCH 4/5] Bump jinja2 from 3.1.4 to 3.1.5 in /src

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 src/requirements-dev.txt | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 096d872d..153fb629 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -64,9 +64,7 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.6.4
-    # via
-    #   coverage
-    #   pytest-cov
+    # via pytest-cov
 cryptography==43.0.1
     # via -r requirements.txt
 defusedxml==0.7.1
@@ -139,7 +137,7 @@ its-preselector @ git+https://github.com/NTIA/Preselector@3.1.0
     # via
     #   -r requirements.txt
     #   scos-actions
-jinja2==3.1.4
+jinja2==3.1.5
     # via memray
 jsonfield==3.1.0
     # via -r requirements.txt

From e8de9d69ab804da15f6a6501c0b0167fc62948a1 Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Fri, 3 Jan 2025 14:43:57 -0700
Subject: [PATCH 5/5] Require jinja2>=3.1.5

---
 src/requirements-dev.txt | 14 ++++++++++----
 src/requirements.in      |  1 +
 src/requirements.txt     |  4 ++++
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 153fb629..3209ed99 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -64,7 +64,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.6.4
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==43.0.1
     # via -r requirements.txt
 defusedxml==0.7.1
@@ -138,7 +140,9 @@ its-preselector @ git+https://github.com/NTIA/Preselector@3.1.0
     #   -r requirements.txt
     #   scos-actions
 jinja2==3.1.5
-    # via memray
+    # via
+    #   -r requirements.txt
+    #   memray
 jsonfield==3.1.0
     # via -r requirements.txt
 jsonschema==4.20.0
@@ -156,8 +160,10 @@ markdown-it-py[linkify,plugins]==3.0.0
     #   mdit-py-plugins
     #   rich
     #   textual
-markupsafe==2.1.5
-    # via jinja2
+markupsafe==3.0.2
+    # via
+    #   -r requirements.txt
+    #   jinja2
 marshmallow==3.20.1
     # via
     #   -r requirements.txt
diff --git a/src/requirements.in b/src/requirements.in
index 635e8f5c..9d59b94a 100644
--- a/src/requirements.in
+++ b/src/requirements.in
@@ -21,6 +21,7 @@ aiohttp>=3.10.11      # CVE-2024-52304
 certifi>=2024.7.4     # CVE-2024-39689
 idna>=3.7             # CVE-2024-3651
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
+jinja2>=3.1.5         # CVE-2024-56201, CVE-2024-56326
 pyyaml>=5.4.0         # CVE-2020-14343
 sqlparse>=0.5.0       # CVE-2024-4340
 urllib3>=2.2.2        # CVE-2024-37891
diff --git a/src/requirements.txt b/src/requirements.txt
index bbf5439e..42e9bd5d 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -78,12 +78,16 @@ inflection==0.5.1
     # via drf-yasg
 its-preselector @ git+https://github.com/NTIA/Preselector@3.1.0
     # via scos-actions
+jinja2==3.1.5
+    # via -r requirements.in
 jsonfield==3.1.0
     # via -r requirements.in
 jsonschema==4.20.0
     # via ray
 jsonschema-specifications==2023.11.2
     # via jsonschema
+markupsafe==3.0.2
+    # via jinja2
 marshmallow==3.20.1
     # via environs
 msgpack==1.0.7