From 4a5894ddceb0e60014c4b7054dfaf38a7314a61c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 20 Oct 2022 22:54:00 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401 - https://snyk.io/vuln/SNYK-PYTHON-RSA-570831 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435 --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index e5ad65f..f9f664b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,3 +16,5 @@ flake8==3.7.7 pre-commit==1.14.4 google-cloud-pubsub==1.0.2 git+git://github.com/HumanCellAtlas/pipeline-tools@v0.58.1 +rsa>=4.7 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability