# HG changeset patch
# User John Rouillard <rouilj@ieee.org>
# Date 1774813372 14400
# Node ID 2c59d8deb6532d8957c64a06897968a9f4cdfcb1
# Parent  98011edc6c600d0449277ae75f0fc57433714301
bug: set minimum level for docker requirements.txt packages

Choose minimum versions that do not have outstanding CVE's.

diff -r 98011edc6c60 -r 2c59d8deb653 scripts/Docker/requirements.txt
--- a/scripts/Docker/requirements.txt	Thu Mar 26 21:46:19 2026 -0400
+++ b/scripts/Docker/requirements.txt	Sun Mar 29 15:42:52 2026 -0400
@@ -1,5 +1,9 @@
+# Get newest versions, but specify minimum versions to get versions
+# without known vulnerabilities as reported by:
+# https://tools.simonwillison.net/python-vulnerability-lookup
+
 # setuptools required for installation - missing from newer base images
-setuptools
+setuptools >= 78.1.1
 # human timezones
 pytz
 # indexer
@@ -8,13 +12,13 @@
 # extra database support
 psycopg2
 mysqlclient
-redis
+redis >= 4.5.4
 # encryption
 gpg
 # java web tokens
-PyJWT
+PyJWT >= 2.12.0
 # extra HTTP compression methods
-Brotli
-zstd
+Brotli >= 1.2.0
+zstd >= 1.5.4
 # jinja2 template engine
-Jinja2
+Jinja2 >= 3.1.6