From 787dfb5fa17571a4fcdfb74851654a74c84bc731 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 31 Jul 2024 18:51:43 +0000 Subject: [PATCH] fix: framework/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- framework/requirements.txt | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/framework/requirements.txt b/framework/requirements.txt index b3b30e1..ad8e81b 100644 --- a/framework/requirements.txt +++ b/framework/requirements.txt @@ -1,4 +1,4 @@ -aiohttp==3.9.3 +aiohttp==3.9.4 aiohttp-cache==2.2.0 aiohttp-cors==0.7.0 aiohttp-jinja2==1.5.1 @@ -13,14 +13,14 @@ azure-storage-common==2.1.0 boto3==1.17.85 botocore==1.20.85 cachetools==4.1.0 -certifi==2023.7.22 +certifi==2024.7.4 cffi==1.15.1 chardet==3.0.4 charset-normalizer==2.0.4 click==8.1.3 clickclick==20.10.2 connexion==2.14.2 -cryptography==42.0.4 +cryptography==42.0.8 Cython==0.29.21 defusedxml==0.6.0 docker==6.0.0 @@ -42,11 +42,11 @@ greenlet==2.0.2 grpc-google-iam-v1==0.12.3 grpcio==1.58.0 hiredis==2.2.3 -idna==2.9 +idna==3.7 importlib-metadata==3.10.1 inflection==0.3.1 itsdangerous==2.0.0 -Jinja2==3.1.3 +Jinja2==3.1.4 jmespath==0.9.5 jsonschema==2.6.0 libcst==0.3.20 @@ -71,7 +71,7 @@ python-dateutil==2.8.1 python-json-logger==2.0.2 pytz==2020.1 PyYAML==5.4.1 -requests==2.31.0 +requests==2.32.2 rsa==4.7.2 s3transfer==0.4.2 secure==0.2.1 @@ -80,10 +80,11 @@ SQLAlchemy==2.0.23 tabulate==0.8.9 typing-extensions==4.5.0 typing-inspect==0.7.1 -urllib3==1.26.18 +urllib3==1.26.19 uvloop==0.17.0 websocket-client==0.57.0 -Werkzeug==2.2.3 +Werkzeug==3.0.3 xmltodict==0.12.0 yarl==1.7.0 -zipp==3.3.2 +zipp==3.19.1 +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability