fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6261585 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291196 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
Crown-Commercial-Service · Mar 1, 2024 · 62fd453 · 62fd453
1 parent 29d251b
commit 62fd453
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -24,7 +24,7 @@ botocore==1.27.22
     #   s3transfer
 build==0.8.0
     # via pip-tools
-certifi==2022.12.7
+certifi==2023.7.22
     # via requests
 cffi==1.14.5
     # via
@@ -43,7 +43,7 @@ colored==1.4.4
     #   digitalmarketplace-developer-tools
 configobj==5.0.8
     # via -r requirements.in
-cryptography==39.0.1
+cryptography==42.0.4
     # via paramiko
 digitalmarketplace-developer-tools==1.0.2
     # via -r requirements.in
@@ -119,9 +119,9 @@ pyyaml==5.4.1
     # via
     #   -r requirements.in
     #   docker-compose
-redis==4.5.1
+redis==4.5.4
     # via -r requirements.in
-requests==2.28.2
+requests==2.31.0
     # via
     #   -r requirements.in
     #   docker
@@ -165,7 +165,7 @@ typing-extensions==3.10.0.2
     # via
     #   black
     #   mypy
-urllib3==1.26.5
+urllib3==1.26.18
     # via
     #   botocore
     #   requests
@@ -181,3 +181,4 @@ wheel==0.38.0
 # The following packages are considered to be unsafe in a requirements file:
 # pip
 # setuptools
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability