From 576459295fecefa8890877aab46c22a82d2860d3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 11 Jan 2026 09:41:03 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-14908843
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index d6383423..cd16de9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ itsdangerous>=2.2.0
 nest-asyncio>=1.5.8
 frozendict>=2.4.3,<3.0
 python-dateutil>=2.9.0,<3.0
-urllib3>=2.2.0,<3.0
+urllib3>=2.6.3
 Authlib>=1.3.0,<2.0
 typing-extensions>=4.11.0,<5.0
 certifi>=2025.10.5,<2025.11.0
@@ -34,3 +34,4 @@ twine>=4.0.2
 
 # Other dependencies
 httpx>=0.25.0,<0.29.0
+werkzeug>=3.1.5 # not directly required, pinned by Snyk to avoid a vulnerability