[Snyk] Fix for 23 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • requirements.txt

⚠️ Warning

netCDF4 1.5.5.1 requires numpy, which is not installed.
Flask 2.2.5 has requirement itsdangerous>=2.0, but you have itsdangerous 0.24.
Flask 2.2.5 has requirement Jinja2>=3.0, but you have Jinja2 2.11.3.
Flask 2.2.5 has requirement click>=8.0, but you have click 7.1.2.
cftime 1.3.1 requires numpy, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity	Issue	Upgrade	Breaking Change	Exploit Maturity
	Insufficient Verification of Data Authenticity SNYK-PYTHON-CERTIFI-3164749	certifi: 2021.5.30 -> 2022.12.7	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3172287	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Expected Behavior Violation SNYK-PYTHON-CRYPTOGRAPHY-3314966	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Use After Free SNYK-PYTHON-CRYPTOGRAPHY-3315324	cryptography: 3.3.2 -> 39.0.1	No	Proof of Concept
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-PYTHON-CRYPTOGRAPHY-3315328	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Timing Attack SNYK-PYTHON-CRYPTOGRAPHY-3315331	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3315452	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3315972	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3315975	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3316038	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3316211	cryptography: 3.3.2 -> 39.0.1	No	No Known Exploit
	Information Exposure SNYK-PYTHON-FLASK-5490129	flask: 1.0.2 -> 2.2.5	No	No Known Exploit
	Remote Code Execution (RCE) SNYK-PYTHON-GITPYTHON-3113858	gitpython: 2.1.15 -> 3.1.30	No	No Known Exploit
	NULL Pointer Dereference SNYK-PYTHON-NUMPY-2321964	numpy: 1.21.3 -> 1.22.2	No	Proof of Concept
	Buffer Overflow SNYK-PYTHON-NUMPY-2321966	numpy: 1.21.3 -> 1.22.2	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-NUMPY-2321970	numpy: 1.21.3 -> 1.22.2	No	Proof of Concept
	Denial of Service (DoS) SNYK-PYTHON-PILLOW-3113875	pillow: 4.3.0 -> 9.2.0	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-PILLOW-3113876	pillow: 4.3.0 -> 9.2.0	No	No Known Exploit
	Information Exposure SNYK-PYTHON-REQUESTS-5595532	requests: 2.21.0 -> 2.31.0	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SQLPARSE-5426157	sqlparse: 0.3.1 -> 0.4.4	No	No Known Exploit
	Directory Traversal SNYK-PYTHON-WERKZEUG-3266409	werkzeug: 0.15.3 -> 2.2.3	No	Mature
	Access Restriction Bypass SNYK-PYTHON-WERKZEUG-3319935	werkzeug: 0.15.3 -> 2.2.3	No	No Known Exploit
	Denial of Service (DoS) SNYK-PYTHON-WERKZEUG-3319936	werkzeug: 0.15.3 -> 2.2.3	No	No Known Exploit

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free
🦉 Denial of Service (DoS)
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn