From 2f1f7c5cd9e121a02e0ddb4d803cf485c973f753 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 27 Jul 2025 15:32:13 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-8715586
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7070115..6c3ecb6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -45,7 +45,7 @@ humanize==4.11.0
 # Security & Authentication
 passlib[bcrypt]==1.7.4
 python-jose[cryptography]==3.3.0
-cryptography==43.0.3
+cryptography==44.0.1
 
 # Production Server
 gunicorn==23.0.0
@@ -57,4 +57,5 @@ pytest-cov==6.0.0
 black==24.10.0
 flake8==7.1.1
 mypy==1.13.0
-pre-commit==4.0.1
\ No newline at end of file
+pre-commit==4.0.1
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file