From f4570d468227cc5e37f5141f9b46c530666621b1 Mon Sep 17 00:00:00 2001 From: snyk-bot <snyk-bot@snyk.io> Date: Tue, 28 May 2024 19:05:40 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-MKDOCS-1729735 - https://snyk.io/vuln/SNYK-PYTHON-MKDOCS-2438396 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 --- requirements.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c6cb71f..00cdeef 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,4 +2,7 @@ mkdocs==1.4.2 mkdocs-material==8.5.10 mkdocs-git-revision-date-localized-plugin==1.1.0 mkdocs-minify-plugin==0.6.1 -mkdocs-exclude==1.0.2 \ No newline at end of file +mkdocs-exclude==1.0.2 +jinja2>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file