From d03546706e2adbddf98c074c0b762664ab9d44d4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 13 Jun 2024 20:04:03 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291 - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823 - https://snyk.io/vuln/SNYK-PYTHON-HTTPX-2772742 - https://snyk.io/vuln/SNYK-PYTHON-HTTPX-2805813 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-PYARROW-6052811 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-STREAMLIT-5880413 - https://snyk.io/vuln/SNYK-PYTHON-STREAMLIT-6156621 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217829 - https://snyk.io/vuln/SNYK-PYTHON-VALIDATORS-6008990 --- requirements.txt | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 85c8474..a25851f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,6 +5,14 @@ fpdf==1.7.2 itranslate==0.1.2 mdtable==0.2 pdfplumber==0.7.6 -streamlit==1.17.0 +streamlit==1.30.0 streamlit-chat==0.0.2.1 -youtube-dl==2021.12.17 \ No newline at end of file +youtube-dl==2021.12.17 +aiohttp>=3.9.4 # not directly required, pinned by Snyk to avoid a vulnerability +httpx>=0.23.0 # not directly required, pinned by Snyk to avoid a vulnerability +numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability +pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability +pyarrow>=14.0.1 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability +tornado>=6.4.1 # not directly required, pinned by Snyk to avoid a vulnerability +validators>=0.21.0 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file