From afd2986ed909076d7de529a2f8a21f0566b5d1c4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 6 Jan 2026 11:58:07 +0000 Subject: [PATCH] fix: pip-sample/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-1069893 - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-552160 - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561119 - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561754 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-2348630 - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-174126 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548181 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548987 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-9292516 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-10300774 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-3063766 - https://snyk.io/vuln/SNYK-PYTHON-MISTUNE-2940625 - https://snyk.io/vuln/SNYK-PYTHON-NBCONVERT-2979829 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-1053952 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-1660190 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-1932014 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-2313655 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-460224 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-5926697 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-5926698 - https://snyk.io/vuln/SNYK-PYTHON-NLTK-7411380 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-1041707 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-1567195 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-173774 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-174029 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-174114 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-2441824 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-2928995 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-72620 - https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-72621 - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-10364902 - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-3031740 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-10305723 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-72435 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5969479 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-VIRTUALENV-8136228 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-14151620 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3266409 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309091 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092 --- pip-sample/requirements.txt | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/pip-sample/requirements.txt b/pip-sample/requirements.txt index 1d7c58ab9..6a24531dc 100644 --- a/pip-sample/requirements.txt +++ b/pip-sample/requirements.txt @@ -1,49 +1,49 @@ -bleach==2.1.4 -certifi==2018.8.24 +bleach==3.3.0 +certifi==2023.7.22 chardet==3.0.4 Click==7.0 cycler==0.10.0 decorator==4.3.0 defusedxml==0.5.0 entrypoints==0.2.3 -Flask==1.0.2 +Flask==2.2.5 google==2.0.1 google-cloud==0.34.0 gtfs-realtime-bindings==0.0.5 html5lib==1.0.1 -idna==2.7 +idna==3.7 ipykernel==5.0.0 ipython-genutils==0.2.0 ipywidgets==7.4.2 itsdangerous==1.1.0 jedi==0.12.1 -Jinja2==2.10 +Jinja2==3.1.6 jsonschema==2.6.0 jupyter==1.0.0 jupyter-client==5.2.3 -jupyter-core==4.4.0 +jupyter-core==5.8.0 kiwisolver==1.0.1 -mistune==0.8.3 -nbconvert==5.4.0 +mistune==2.0.3 +nbconvert==6.3.0b0 nbformat==4.4.0 -nltk==3.3 -notebook==5.7.0 +nltk==3.9 +notebook==6.4.12 oauthlib==2.1.0 pandocfilters==1.4.2 parso==0.3.1 pexpect==4.6.0 pickleshare==0.7.5 prometheus-client==0.3.1 -protobuf==3.6.1 +protobuf==4.25.8 protobuf-to-dict==0.1.0 ptyprocess==0.6.0 -Pygments==2.2.0 +Pygments==2.15.0 pyparsing==2.2.0 PySocks==1.6.8 python-dateutil==2.7.3 pytz==2018.5 qtconsole==4.4.1 -requests==2.19.1 +requests==2.32.4 requests-oauthlib==1.0.0 Send2Trash==1.5.0 simplegeneric==0.8.1 @@ -52,10 +52,11 @@ terminado==0.8.1 testpath==0.4.1 traitlets==4.3.2 tweepy==3.6.0 -urllib3==1.23 -virtualenv==16.0.0 +urllib3==2.6.0 +virtualenv==20.26.6 wcwidth==0.1.7 webencodings==0.5.1 -Werkzeug==0.14.1 +Werkzeug==3.1.4 widgetsnbextension==3.4.2 xlrd==1.1.0 +ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability