From b2a532279bbf92425a9f1b5e09ddd8723a87565e Mon Sep 17 00:00:00 2001
From: Baptiste Jonglez <git@bitsofnetworks.org>
Date: Thu, 9 Dec 2021 21:10:08 +0100
Subject: [PATCH] Constrain dependency for Babel >= 2.9.1 to address
 CVE-2021-42771

---
 setup.cfg | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup.cfg b/setup.cfg
index defdd490..e35f1d8d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -28,6 +28,7 @@ install_requires =
     debts>=0.5,<1
     email_validator>=1.0,<2
     Flask-Babel>=1.0,<3
+    Babel>=2.9.1,<3  # CVE-2021-42771
     Flask-Cors>=3.0.8,<4
     Flask-Mail>=0.9.1,<1
     Flask-Migrate>=2.5.3,<4  # Not following semantic versioning (e.g. https://github.com/miguelgrinberg/flask-migrate/commit/1af28ba273de6c88544623b8dc02dd539340294b)