From aa63ecf00fa93a0926f12692817a977fb0405c35 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 5 May 2024 14:58:57 +0000
Subject: [PATCH] fix: predict_requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
---
 predict_requirements.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/predict_requirements.txt b/predict_requirements.txt
index 15893e5..429aa2c 100644
--- a/predict_requirements.txt
+++ b/predict_requirements.txt
@@ -1,7 +1,7 @@
 Cython>=0.29.21
 cmdstanpy==0.9.5
 pystan>=2.19.1.1
-numpy>=1.19.4 
+numpy>=1.22.2 
 pandas>=1.1.4
 matplotlib>=3.3.3
 LunarCalendar>=0.0.9
@@ -11,3 +11,6 @@ setuptools-git>=1.2
 python-dateutil>=2.8.1  
 tqdm>=4.54.0
 fbprophet>=0.7.1
+aiohttp>=3.9.4 # not directly required, pinned by Snyk to avoid a vulnerability
+fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability