From e8e28487c411f6ce8dec13c58306376a2fc5d1ba Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Fri, 12 Dec 2025 20:54:36 +0000
Subject: [PATCH] fix: sample-python/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-14151621
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-14400977
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-14400978
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-14400979
---
 sample-python/requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sample-python/requirements.txt b/sample-python/requirements.txt
index d789564800..e71247a9b2 100644
--- a/sample-python/requirements.txt
+++ b/sample-python/requirements.txt
@@ -53,7 +53,7 @@ simplegeneric==0.8.1
 six==1.11.0
 terminado==0.8.1
 testpath==0.4.1
-tornado==5.1.1
+tornado==6.5.3
 traitlets==4.3.2
 tweepy==3.6.0
 urllib3==1.23
@@ -63,3 +63,4 @@ webencodings==0.5.1
 Werkzeug==0.14.1
 widgetsnbextension==3.4.2
 xlrd==1.1.0
+fonttools>=4.61.0 # not directly required, pinned by Snyk to avoid a vulnerability