From dada920e0cb63a5bcc55b12eb3e09b73c3379c4d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 15 Nov 2022 01:54:45 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401 - https://snyk.io/vuln/SNYK-PYTHON-RSA-570831 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435 --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index e5ad65f..f9f664b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,3 +16,5 @@ flake8==3.7.7 pre-commit==1.14.4 google-cloud-pubsub==1.0.2 git+git://github.com/HumanCellAtlas/pipeline-tools@v0.58.1 +rsa>=4.7 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability