From e6830ecd9328b629bb139e847df27e2d9ad8f784 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Mon, 6 Sep 2021 16:00:31 +0200
Subject: [PATCH 1/4] fix: cvat/requirements/base.txt to reduce vulnerabilities
 (#3640)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
---
 cvat/requirements/base.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 4f8190ac..6991003a 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -6,7 +6,7 @@ django-cacheops==5.0.1
 django-compressor==2.4
 django-rq==2.3.2
 EasyProcess==0.3
-Pillow==8.3.0
+Pillow==8.3.2
 numpy==1.19.5
 python-ldap==3.3.1
 pytz==2020.1

From d80d241f5a363aa6fa6cf0106dbc1cf68ca78ef8 Mon Sep 17 00:00:00 2001
From: Dhivya S <dhivyasreedhar@gmail.com>
Date: Tue, 7 Sep 2021 01:24:07 +0530
Subject: [PATCH 3/4] Update launch.json (#3625)

* Update launch.json

Changed .vscode\launch.json for compatibility with JavaScript Debugger

* Update launch.json

* Update .vscode/launch.json

Co-authored-by: Dmitry Kalinin <dmitry.kalinin@intel.com>

* Update .vscode/launch.json

Co-authored-by: Dmitry Kalinin <dmitry.kalinin@intel.com>

Co-authored-by: Dmitry Kalinin <dmitry.kalinin@intel.com>
---
 .vscode/launch.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.vscode/launch.json b/.vscode/launch.json
index 4b65fad0..55811c53 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -5,7 +5,7 @@
     "version": "0.2.0",
     "configurations": [
         {
-            "type": "chrome",
+            "type": "pwa-chrome",
             "request": "launch",
             "preLaunchTask": "npm: start - cvat-ui",
             "name": "ui.js: debug",
@@ -59,7 +59,7 @@
         },
         {
             "name": "server: chrome",
-            "type": "chrome",
+            "type": "pwa-chrome",
             "request": "launch",
             "url": "http://localhost:7000/",
             "disableNetworkCache":true,

From 0981dc36380ee6f2f2f785ba66d7a6fd5f24a9e5 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Mon, 6 Sep 2021 21:54:40 +0200
Subject: [PATCH 4/4] [Snyk] Security upgrade urllib3 from 1.25.11 to 1.26.5
 (#3614)

* fix: cvat/requirements/base.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435

* Update requests package

Co-authored-by: Nikita Manovich <nikita.manovich@intel.com>
---
 cvat/requirements/base.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 6991003a..60569a23 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -14,7 +14,7 @@ pyunpack==0.2.1
 rcssmin==1.0.6
 redis==3.5.3
 rjsmin==1.1.0
-requests==2.24.0
+requests==2.26.0
 rq==1.5.1
 rq-scheduler==0.10.0
 sqlparse==0.3.1
@@ -54,3 +54,4 @@ google-cloud-storage==1.42.0
 # of pycocotools and tensorflow 2.4.1
 # when pycocotools is installed by wheel in python 3.8+
 datumaro==0.1.10.1 --no-binary=datumaro --no-binary=pycocotools
+urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability