From ece2ee234649c0a078b33120184ef83c2da0dc7d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 21 Jan 2026 11:47:52 +0000 Subject: [PATCH] fix: pip-sample/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-1069893 - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-552160 - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561119 - https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561754 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-2348630 - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-174126 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548181 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548987 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-9292516 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-10300774 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-3063766 - https://snyk.io/vuln/SNYK-PYTHON-MISTUNE-2940625 - https://snyk.io/vuln/SNYK-PYTHON-NBCONVERT-2979829 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5969479 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 --- pip-sample/requirements.txt | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/pip-sample/requirements.txt b/pip-sample/requirements.txt index 1d7c58ab9..a6dce921b 100644 --- a/pip-sample/requirements.txt +++ b/pip-sample/requirements.txt @@ -1,5 +1,5 @@ -bleach==2.1.4 -certifi==2018.8.24 +bleach==3.3.0 +certifi==2023.7.22 chardet==3.0.4 Click==7.0 cycler==0.10.0 @@ -11,20 +11,20 @@ google==2.0.1 google-cloud==0.34.0 gtfs-realtime-bindings==0.0.5 html5lib==1.0.1 -idna==2.7 +idna==3.7 ipykernel==5.0.0 ipython-genutils==0.2.0 ipywidgets==7.4.2 itsdangerous==1.1.0 jedi==0.12.1 -Jinja2==2.10 +Jinja2==3.1.6 jsonschema==2.6.0 jupyter==1.0.0 jupyter-client==5.2.3 -jupyter-core==4.4.0 +jupyter-core==5.8.0 kiwisolver==1.0.1 -mistune==0.8.3 -nbconvert==5.4.0 +mistune==2.0.3 +nbconvert==6.3.0b0 nbformat==4.4.0 nltk==3.3 notebook==5.7.0 @@ -37,7 +37,7 @@ prometheus-client==0.3.1 protobuf==3.6.1 protobuf-to-dict==0.1.0 ptyprocess==0.6.0 -Pygments==2.2.0 +Pygments==2.15.0 pyparsing==2.2.0 PySocks==1.6.8 python-dateutil==2.7.3 @@ -52,10 +52,11 @@ terminado==0.8.1 testpath==0.4.1 traitlets==4.3.2 tweepy==3.6.0 -urllib3==1.23 +urllib3==2.6.3 virtualenv==16.0.0 wcwidth==0.1.7 webencodings==0.5.1 Werkzeug==0.14.1 widgetsnbextension==3.4.2 xlrd==1.1.0 +ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability