From 51ed6a21e4df390ed6c6dd6091268e0507840bbd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 20 Aug 2024 12:08:15 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 --- requirements.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/requirements.txt b/requirements.txt index e05cff3f51..72da187ab8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,3 +15,7 @@ pytest_cases==1.12.1 pytest-cookies==0.5.0 pytest-xdist==1.31.0 pyyaml==5.3 +certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability +idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability +jinja2>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability