From 0266c085244d2135df5256d7d13caf77031a5d9c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 09:22:07 +0000 Subject: [PATCH 1/5] fix: requirements/requirements-dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements/requirements-dev.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index a1046d4..4641c0a 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -9,3 +9,4 @@ pygments>=2.15.0 # not directly required, pinned by Snyk to avoid a vulnerabilit requests>=2.32.0 # not directly required, pinned by Snyk to avoid a vulnerability wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From 0ab1987c153918c011a612b2b88fe26f2013acea Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 09:28:07 +0000 Subject: [PATCH 2/5] fix: requirements/requirements-test.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements/requirements-test.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements/requirements-test.txt b/requirements/requirements-test.txt index 59c63ba..66815b8 100644 --- a/requirements/requirements-test.txt +++ b/requirements/requirements-test.txt @@ -1,4 +1,5 @@ deepdiff coverage pytest -pytest-cov \ No newline at end of file +pytest-cov +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file From 820218bb1dbd3131030cf93d8a7ae3ebfe2f9e76 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 09:30:03 +0000 Subject: [PATCH 3/5] fix: requirements/requirements-docs.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements/requirements-docs.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements/requirements-docs.txt b/requirements/requirements-docs.txt index 60e215e..6c61792 100644 --- a/requirements/requirements-docs.txt +++ b/requirements/requirements-docs.txt @@ -15,3 +15,4 @@ pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability tornado>=6.4.1 # not directly required, pinned by Snyk to avoid a vulnerability fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability requests>=2.32.0 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From 75852f2cdfd666fe442f3b89b248ec9e7c87f5f5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Jul 2024 07:53:50 +0000 Subject: [PATCH 4/5] fix: requirements/requirements-flake8.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 --- requirements/requirements-flake8.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements-flake8.txt b/requirements/requirements-flake8.txt index a20ce8c..078a2aa 100644 --- a/requirements/requirements-flake8.txt +++ b/requirements/requirements-flake8.txt @@ -9,4 +9,4 @@ flake8-coding flake8-return # flake8-noreturn>=1.0.1; python_version >= '3.8' flake8-deprecated -setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability From ad66e7821b85048f8412c76894b7f686d46402b7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Jul 2024 08:02:03 +0000 Subject: [PATCH 5/5] fix: requirements/requirements-dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 --- requirements/requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index a1046d4..ad7b912 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -1,6 +1,6 @@ # Development flit -setuptools>=65.5.1 +setuptools>=70.0.0 build # building the package {pyproject-build} twine # to publish on pypi {twine upload --repository-url=https://test.pypi.org/legacy/ dist/*} {twine upload dist/*} johnnydep # to see dependencies {johnnydep }