From 0539f1f0dc33ae5e38cd2dfd202736ad7e95d5d3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 27 Nov 2023 17:00:48 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-GRPCIO-5834443 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5907722 - https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5926694 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-5538332 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 --- requirements.txt | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/requirements.txt b/requirements.txt index d444e32c..f7613df4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,17 +4,17 @@ APScheduler==3.9.1.post1 async-timeout==4.0.2 backports.zoneinfo==0.2.1;python_version<"3.9" bcrypt==4.0.1 -certifi==2022.12.7 +certifi==2023.7.22 cffi==1.15.1 charset-normalizer==2.1.1 click==8.1.3 -cryptography==39.0.1 +cryptography==41.0.5 Deprecated==1.2.13 ecdsa==0.18.0 fastapi==0.92.0 fastapi-responses==0.2.1 greenlet==2.0.1 -grpcio==1.50.0 +grpcio==1.53.2 grpcio-tools==1.44.0 h11==0.14.0 httptools==0.5.0 @@ -29,15 +29,15 @@ MarkupSafe==2.1.1 mdurl==0.1.2 packaging==21.3 passlib==1.7.4 -Pillow==9.4.0 +Pillow==10.0.1 plumbum==1.8.1 protobuf==3.20.3 psutil==5.9.4 psycopg2-binary==2.9.7 pyasn1==0.4.8 pycparser==2.21 -pydantic==1.10.2 -Pygments==2.14.0 +pydantic==1.10.13 +Pygments==2.15.0 PyMySQL==1.0.3 pyOpenSSL==23.2.0 pyparsing==3.0.9 @@ -52,23 +52,24 @@ pytz==2022.6 pytz-deprecation-shim==0.1.0.post0 PyYAML==6.0 qrcode==7.4.2 -redis==4.3.5 -requests==2.28.1 +redis==4.3.6 +requests==2.31.0 rich==13.3.2 rpyc==5.3.1 rsa==4.9 six==1.16.0 sniffio==1.3.0 SQLAlchemy==1.4.44 -starlette==0.25.0 +starlette==0.27.0 typer==0.7.0 typing_extensions==4.4.0 tzdata==2022.6 tzlocal==4.2 -urllib3==1.26.12 +urllib3==1.26.18 uvicorn==0.19.0 uvloop==0.17.0 watchfiles==0.18.1 websockets==10.4 wrapt==1.14.1 zipp==3.10.0 +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability