From f7d48735ecd3fe9b55bae3006d34386166658c0f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 26 Jul 2024 12:01:17 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 - https://snyk.io/vuln/SNYK-PYTHON-GEVENT-5906371 - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements.txt | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index e5ad65f..341dcb0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,16 +3,21 @@ connexion[swagger-ui]==2.2.0 google-auth==1.7.1 google-cloud-storage==1.9.0 flask>=1.0.0 -gunicorn==20.0.4 -gevent==1.4.0 -requests==2.20.0 +gunicorn==22.0.0 +gevent==23.9.0 +requests==2.32.2 requests-mock==1.5.0 oauth2client==4.1.2 mock==2.0.0 requests-http-signature==v0.0.3 cromwell-tools>=1.1.1, <2 -black==19.3b0 +black==24.3.0 flake8==3.7.7 pre-commit==1.14.4 google-cloud-pubsub==1.0.2 git+git://github.com/HumanCellAtlas/pipeline-tools@v0.58.1 +idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=1.26.19 # not directly required, pinned by Snyk to avoid a vulnerability +werkzeug>=3.0.3 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability