From ea71cb5a0510bedc3129a7f8a3b2ab62967084ed Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 12 Jan 2026 08:58:30 +0000
Subject: [PATCH] fix:
 components/example-notebook-servers/jupyter-scipy/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-BOKEH-14894275
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210
---
 .../example-notebook-servers/jupyter-scipy/requirements.txt    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/example-notebook-servers/jupyter-scipy/requirements.txt b/components/example-notebook-servers/jupyter-scipy/requirements.txt
index 4199895adf0..aaf2011a02d 100644
--- a/components/example-notebook-servers/jupyter-scipy/requirements.txt
+++ b/components/example-notebook-servers/jupyter-scipy/requirements.txt
@@ -6,7 +6,7 @@ kfserving==0.4.1
 # scipy packages
 # https://github.com/jupyter/docker-stacks/blob/master/scipy-notebook/Dockerfile
 beautifulsoup4==4.9.3
-bokeh==2.3.1
+bokeh==3.8.2
 #Bottleneck==1.3.2 Could not build wheels for Bottleneck which use PEP 517 and cannot be installed directly
 cloudpickle==1.6.0
 cython==0.29.22
@@ -31,3 +31,4 @@ sympy==1.7.1
 tables==3.6.1
 vincent==0.4.4
 xlrd==2.0.1
+urllib3>=2.6.3 # not directly required, pinned by Snyk to avoid a vulnerability