From d1c85dae4dedef205ac02c73488011dbc913a466 Mon Sep 17 00:00:00 2001
From: Tomas Z <93541722+tznamena@users.noreply.github.com>
Date: Fri, 4 Oct 2024 21:51:12 +0200
Subject: [PATCH] Upgrade django and sqlparse to pickup CVE fixes (#6709)

---
 requirements/requirements.in  | 4 ++--
 requirements/requirements.txt | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index 03e71c0407..2cb8fc0aee 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -13,7 +13,7 @@ cryptography>=41.0.7  # CVE-2023-49083
 Cython<3 # due to https://github.com/yaml/pyyaml/pull/702
 daphne
 distro
-django==4.2.15  # CVE-2024-41991
+django==4.2.16  # CVE-2024-45230
 django-auth-ldap
 django-cors-headers
 django-crum
@@ -59,7 +59,7 @@ pyzstd  # otel collector log file compression library
 receptorctl==1.4.8
 social-auth-core == 4.5.4 # hard pinned due to resolver picking CVE version when uncapped
 social-auth-app-django==5.4.2  # see UPGRADE BLOCKERs
-sqlparse>=0.4.4   # Required by django https://github.com/ansible/awx/security/dependabot/96
+sqlparse==0.5.0   # CVE-2024-4340
 redis[hiredis]
 requests
 slack-sdk
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 6eb8c3adab..f239af4c42 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -125,7 +125,7 @@ deprecated==1.2.14
     #   opentelemetry-exporter-otlp-proto-http
 distro==1.9.0
     # via -r /awx_devel/requirements/requirements.in
-django==4.2.15
+django==4.2.16
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   channels
@@ -508,7 +508,7 @@ social-auth-core==4.5.4
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   social-auth-app-django
-sqlparse==0.4.4
+sqlparse==0.5.0
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   django