From cd485acf6ebd1e0a9940bc9bab9cd6aa782f2af9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 14 Nov 2022 19:28:21 +0000
Subject: [PATCH] fix: giza/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-174126
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-455616
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-42159
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-559098
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904
---
 giza/requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/giza/requirements.txt b/giza/requirements.txt
index 51052ec40..980907b0a 100644
--- a/giza/requirements.txt
+++ b/giza/requirements.txt
@@ -12,7 +12,7 @@ giza==0.5.7a0
 hieroglyph==0.7.1
 idna==2.0
 ipaddress==1.0.16
-Jinja2==2.8
+Jinja2==2.11.3
 jira==1.0.3
 libgiza==0.2.7
 MarkupSafe==0.23
@@ -25,7 +25,7 @@ pycparser==2.14
 Pygments==2.1.1
 pyOpenSSL==0.15.1
 pytz==2015.7
-PyYAML==3.11
+PyYAML==5.4
 requests==2.9.1
 requests-oauthlib==0.6.0
 requests-toolbelt==0.6.0
@@ -38,3 +38,4 @@ tlslite==0.4.9
 uritemplate.py==0.3.0
 Wand==0.4.2
 wheel==0.29.0
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability