From 6c55e2fb8bff478dc937fbaed485cbb44f64e7c7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 21 Jun 2025 00:44:40 +0000 Subject: [PATCH] fix: python/requirements-optional.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-10364902 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390193 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 --- python/requirements-optional.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/python/requirements-optional.txt b/python/requirements-optional.txt index 77de05af39..5d2371315e 100644 --- a/python/requirements-optional.txt +++ b/python/requirements-optional.txt @@ -3,3 +3,5 @@ web3 >= 4.8 Pillow stellar-sdk>=4.0.0,<6.0.0 rlp>=1.1.0 ; python_version<'3.7' +protobuf>=4.25.8 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=2.5.0 # not directly required, pinned by Snyk to avoid a vulnerability