From 932222ad65c25de39370b3345c3b95feb619205b Mon Sep 17 00:00:00 2001
From: Daniel Chaffelson <chaffelson@gmail.com>
Date: Thu, 14 Jan 2021 14:49:44 +0000
Subject: [PATCH 1/2] Update requirements.txt to unpin future and lxml Update
 lxml to 4.6.2 or newer to resolve vulnerability

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 59c93b84..d8d6d78d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,13 +3,13 @@
 # Basics
 setuptools>=38.5
 six>=1.11.0
-future==0.18.2
+future>=0.18.2
 
 # Version comparison
 packaging>=17.1
 
 # Templates management implementation
-lxml>=4.1.1,<4.4.0  # pyup: ignore
+lxml>=4.6.2
 
 # Security and Connectivity
 requests[security]>=2.18

From 33befed0d146a7d086b70230ff8806e2fa1aab49 Mon Sep 17 00:00:00 2001
From: Daniel Chaffelson <chaffelson@gmail.com>
Date: Thu, 14 Jan 2021 16:30:46 +0000
Subject: [PATCH 2/2] Pin watchdog to <1.0.0 per their docs to maintain
 Python2.7 compatibility.

---
 requirements_dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements_dev.txt b/requirements_dev.txt
index ab2c4dc9..7c3f9932 100644
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@@ -4,7 +4,7 @@ pip>=9.0.1
 
 # Project management and Deployment
 bumpversion>=0.5.3
-watchdog>=0.8.3
+watchdog>=0.8.3,<1.0.0
 twine>=1.9.1,<2.0.0  # pyup: ignore
 virtualenvwrapper>=4.8
 virtualenv>=16.0.0  # required for tox 3.14.2 but not forced