From 4d8cd8f4ccd5edf3f7bacd70184a59a590040625 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 31 May 2023 03:58:26 +0000
Subject: [PATCH] fix: cvat/requirements/base.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3136280
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372984
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372987
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372990
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372993
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372996
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372999
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373002
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373005
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373008
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373011
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373014
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373017
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373020
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373023
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373026
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373029
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373032
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373035
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373038
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373041
- https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-5291376
- https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413
---
 cvat/requirements/base.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 501ad395b7d6..a34ca7937569 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -14,7 +14,7 @@ pyunpack==0.2.1
 rcssmin==1.0.6
 redis==3.5.3
 rjsmin==1.1.0
-requests==2.26.0
+requests==2.31.0
 rq==1.5.2
 rq-scheduler==0.10.0
 sqlparse==0.4.2
@@ -37,7 +37,7 @@ h5py==3.6.0
 django-cors-headers==3.5.0
 furl==2.1.0
 av==9.2.0 --no-binary=av
-tensorflow==2.9.3 # Optional requirement of Datumaro. Use tensorflow-macos==2.8.0 for Mac M1
+tensorflow==2.11.1 # Optional requirement of Datumaro. Use tensorflow-macos==2.8.0 for Mac M1
 # The package is used by pyunpack as a command line tool to support multiple
 # archives. Don't use as a python module because it has GPL license.
 patool==1.12
@@ -53,3 +53,4 @@ dnspython==2.2.0
 setuptools==65.5.1
 django-health-check==3.17.0
 psutil==5.9.4
+wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability