From 31decf3b7abe16a3deeeb6ccd14f1ea657879cda Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 19 Mar 2024 17:15:46 +0000
Subject: [PATCH] fix: requirements/development.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PYARROW-6052811
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
---
 requirements/development.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/requirements/development.txt b/requirements/development.txt
index 18da59a79053f..933e7c0c7e430 100644
--- a/requirements/development.txt
+++ b/requirements/development.txt
@@ -320,3 +320,7 @@ zope-interface==5.4.0
 # The following packages are considered to be unsafe in a requirements file:
 # pip
 # setuptools
+numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability
+pyarrow>=14.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+werkzeug>=2.3.8 # not directly required, pinned by Snyk to avoid a vulnerability