From 6ea178acedb56597463851abb2348099143146b0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 21 Sep 2024 10:48:43 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements.txt | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/requirements.txt b/requirements.txt index da1a40e8cd..c4a3488d4f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -46,7 +46,7 @@ celery[sqs]==5.2.7 # via # -r requirements.in # sentry-sdk -certifi==2023.7.22 +certifi==2024.7.4 # via # requests # sentry-sdk @@ -115,7 +115,7 @@ greenlet==3.0.3 # sqlalchemy gunicorn[eventlet] @ git+https://github.com/benoitc/gunicorn.git@1299ea9e967a61ae2edebe191082fd169b864c64 # via -r requirements.in -idna==3.4 +idna==3.7 # via # jsonschema # requests @@ -128,7 +128,7 @@ itsdangerous==2.1.2 # -r requirements.in # flask # notifications-utils -jinja2==3.1.3 +jinja2==3.1.4 # via # flask # notifications-utils @@ -212,7 +212,7 @@ pyyaml==6.0.1 # notifications-utils redis==4.5.4 # via flask-redis -requests==2.31.0 +requests==2.32.2 # via # awscli-cwlogs # govuk-bank-holidays @@ -255,7 +255,7 @@ statsd==3.3.0 # via notifications-utils uri-template==1.2.0 # via jsonschema -urllib3==1.26.18 +urllib3==1.26.19 # via # botocore # kombu @@ -270,8 +270,9 @@ wcwidth==0.2.5 # via prompt-toolkit webcolors==1.12 # via jsonschema -werkzeug==3.0.1 +werkzeug==3.0.3 # via flask # The following packages are considered to be unsafe in a requirements file: # setuptools +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability