From 5f5056812d302e11db6bcc0e241a6b6b49aeaeb8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 22 Sep 2024 15:55:17 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 4915c0e..3fcb1d4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,4 +13,5 @@ requests>=2.23.0
 pywin32>=305; sys_platform == "win32"
 setuptools>=56.0.0
 lockfile>=0.10
-urllib3<1.27,>=1.26.2
+urllib3<2.2.2
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability