From a179118291a87737c80c82aec8ccfc70a0aa0c37 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 14 Mar 2024 05:21:31 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203 - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862881 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862882 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-6099119 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 --- requirements.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/requirements.txt b/requirements.txt index 11d1e948..5b0dab65 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32,3 +32,9 @@ importlib==1.0.4; python_version=='2.7' pywin32>=220; sys_platform=='win32' win_unicode_console; sys_platform=='win32' +fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability +ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability +jupyter-server>=2.11.2 # not directly required, pinned by Snyk to avoid a vulnerability +pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability