From b2503c620fe7c3445015c5f14fc38312df33c8c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 6 Jun 2020 13:08:53 +0300
Subject: [PATCH] Bump django from 2.2.10 to 2.2.13 in /cvat/requirements
 (#1657)

* Bump django from 2.2.10 to 2.2.13 in /cvat/requirements

Bumps [django](https://github.com/django/django) from 2.2.10 to 2.2.13.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/2.2.10...2.2.13)

Signed-off-by: dependabot[bot] <support@github.com>

* Update CHANGELOG.md

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nikita Manovich <nikita.manovich@intel.com>
---
 CHANGELOG.md               | 2 +-
 cvat/requirements/base.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 45aaa6ce..9b142197 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,7 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Kibana wrong working time calculation with new annotation UI use (<https://github.com/opencv/cvat/pull/1654>)
 
 ### Security
--
+- SQL injection in Django `CVE-2020-9402` (https://github.com/opencv/cvat/pull/1657)
 
 ## [1.0.0] - 2020-05-29
 ### Added
diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 05c714e3..d3175e4a 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -1,5 +1,5 @@
 click==6.7
-Django==2.2.10
+Django==2.2.13
 django-appconf==1.0.2
 django-auth-ldap==1.4.0
 django-cacheops==4.0.6