From f7e69e971db18e1abe2df00922015f43c0066f6e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 20 Jul 2024 05:57:25 +0000 Subject: [PATCH] fix: requirements/requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements/requirements_dev.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/requirements/requirements_dev.txt b/requirements/requirements_dev.txt index a2964d27..b3236954 100644 --- a/requirements/requirements_dev.txt +++ b/requirements/requirements_dev.txt @@ -4,11 +4,13 @@ twine>=1.13.0 pytest>=4.3.0 pytest-cov>=2.11.1 coveralls>=1.6.0 -black[jupyter]>=21.5b0 +black>=24.3.0 pre-commit -r requirements_docs.txt -r requirements_extra.txt -r requirements_gui.txt -r requirements_setup.txt -r requirements_tests.txt --r ../requirements.txt \ No newline at end of file +-r ../requirements.txt +urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file