From 058b83b12f681191c4dd59a4970aa4ad35d64a13 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 May 2024 02:13:27 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713 - https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129 - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291196 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 --- requirements.txt | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/requirements.txt b/requirements.txt index a93789d2..f4d1948c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ beautifulsoup4==4.11.1 blinker==1.5 cachelib==0.9.0 cachetools==5.2.1 -certifi==2022.12.7 +certifi==2023.7.22 chardet==5.1.0 charset-normalizer==3.0.1 citeproc-py==0.6.0 @@ -16,13 +16,13 @@ colorama==0.4.6 croniter==1.3.8 cssmin==0.2.0 distlib==0.3.6 -dnspython==2.3.0 +dnspython==2.6.1 elastic-apm==6.13.2 email-validator==1.3.0 feedparser==6.0.10 feedwerk==1.1.0 filelock==3.9.0 -Flask==2.2.2 +Flask==2.2.5 Flask-Admin==1.6.0 Flask-BabelEx==0.9.4 Flask-Caching==2.0.2 @@ -38,11 +38,11 @@ Flask-SQLAlchemy==3.0.2 Flask-WTF==1.1.1 gevent==22.10.2 greenlet==2.0.1 -gunicorn==20.1.0 +gunicorn==22.0.0 htmlmin==0.1.12 -idna==3.4 +idna==3.7 itsdangerous==2.1.2 -Jinja2==3.0.0 +Jinja2==3.1.4 legendarium==2.0.6 lxml==4.9.2 Mako==1.2.4 @@ -54,10 +54,10 @@ packaging==23.0 passlib==1.7.4 pbr==5.11.1 picles.plumber==0.11 -Pillow==9.4.0 +Pillow==10.3.0 platformdirs==2.6.2 pluggy==1.0.0 -pymongo==4.3.3 +pymongo==4.6.3 pyproject_api==1.5.0 PySocks==1.7.1 python-dateutil==2.8.2 @@ -65,8 +65,8 @@ python-editor==1.0.4 python-slugify==7.0.0 pytz==2022.7.1 raven==6.10.0 -redis==4.4.2 -requests==2.28.2 +redis==4.4.4 +requests==2.31.0 requests-oauthlib==1.3.1 rq==1.12.0 rq-dashboard==0.6.1 @@ -83,9 +83,9 @@ tox==4.3.5 tweepy==4.12.1 unicodecsv==0.14.1 Unidecode==1.3.6 -urllib3==1.26.14 +urllib3==1.26.18 virtualenv==20.17.1 -Werkzeug==2.2.2 +Werkzeug==3.0.3 wrapt==1.14.1 WTForms==3.0.1 XlsxWriter==3.0.7 @@ -97,3 +97,4 @@ tenacity==8.2.3 -e git+https://git@github.com/scieloorg/opac_schema@v2.70#egg=Opac_Schema -e git+https://git@github.com/scieloorg/packtools@3.3.2#egg=packtools -e git+https://github.com/scieloorg/scieloh5m5.git@1.9.5#egg=scieloh5m5 +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability