From dea0fef2b6230ccb8a4ee0c4012942617320fbad Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 26 Oct 2023 17:35:36 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index eaa220c7..927a84b1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ click==6.7 clickclick==1.2.2 connexion==2.3.0 crc32c==1.7 -cryptography==2.7 +cryptography==41.0.5 dcplib==3.3.0 docutils==0.15.2 enum-compat==0.0.2 @@ -38,6 +38,6 @@ six==1.12.0 termcolor==1.1.0 typing==3.6.4 urllib3==1.25.8 -Werkzeug==0.15.6 +Werkzeug==3.0.1 pip>=19.2 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file