From 3f342d2920bbef04c7745eb1762027455e3860f5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 31 Jul 2024 17:52:09 +0000 Subject: [PATCH] fix: components/example-notebook-servers/jupyter-scipy/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842 - https://snyk.io/vuln/SNYK-PYTHON-AZURESTORAGEBLOB-2949173 - https://snyk.io/vuln/SNYK-PYTHON-DASK-1767103 - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862881 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862882 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-6099119 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-7217832 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-3031740 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SCIKITLEARN-7217830 - https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5756497 - https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5759266 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 - https://snyk.io/vuln/SNYK-PYTHON-SYMPY-6084333 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217829 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- .../jupyter-scipy/requirements.txt | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/components/example-notebook-servers/jupyter-scipy/requirements.txt b/components/example-notebook-servers/jupyter-scipy/requirements.txt index c1f9bdfd18c..713a4a1c368 100644 --- a/components/example-notebook-servers/jupyter-scipy/requirements.txt +++ b/components/example-notebook-servers/jupyter-scipy/requirements.txt @@ -10,7 +10,7 @@ bokeh==2.3.2 #Bottleneck==1.3.2 Could not build wheels for Bottleneck which use PEP 517 and cannot be installed directly cloudpickle==1.6.0 cython==0.29.23 -dask==2021.6.1 +dask==2021.10.0 dill==0.3.4 h5py==3.2.1 ipympl==0.7.0 @@ -21,14 +21,26 @@ numba==0.53.1 numexpr==2.7.3 pandas==1.2.4 patsy==0.5.1 -protobuf==3.17.3 +protobuf==3.18.3 scikit-image==0.18.1 -scikit-learn==0.24.2 -scipy==1.7.0 +scikit-learn==1.5.0 +scipy==1.10.0rc1 seaborn==0.11.1 SQLAlchemy==1.4.18 statsmodels==0.12.2 -sympy==1.8 +sympy==1.12 tables==3.6.1 vincent==0.4.4 xlrd==2.0.1 +anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability +azure-storage-blob>=12.13.0 # not directly required, pinned by Snyk to avoid a vulnerability +ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability +jupyter-server>=2.14.1 # not directly required, pinned by Snyk to avoid a vulnerability +numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability +pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability +tornado>=6.4.1 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability +wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability