From 24cbddbeabb33e273b98c2db1ce543d13d6af999 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 3 Oct 2024 09:12:12 +0000
Subject: [PATCH] fix: files/requirements_dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173
- https://snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2359034
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2940619
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2942122
---
 files/requirements_dev.txt | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/files/requirements_dev.txt b/files/requirements_dev.txt
index 4f2ceab..84520af 100644
--- a/files/requirements_dev.txt
+++ b/files/requirements_dev.txt
@@ -3,16 +3,16 @@ redis==3.5.3
 celery>=5.1.0
 cffi>=1.14.5
 gevent>=21.12.0
-ujson>=1.35
+ujson>=5.4.0
 urllib3>=1.19 # required to avoid issues with get_url module
 # - ndg-httpsclient>=0.4.2 # required to avoid issues with get_url module
 pyasn1==0.4.8
 #- six>=1.10.0  # try to fix error in dependencies with requests[security]
-requests[security]>=2.12 # required to avoid issues with get_url module
+requests>=2.31.0 # required to avoid issues with get_url module
 Flask-Limiter==1.4
 trio>=0.18.0
 # workaround for https://git.ziirish.me/ziirish/burp-ui/-/issues/347#note_3770
-Flask>=1.1.4
+Flask>=2.2.5
 Flask-Login>=0.5.0
 Flask-Bower>=1.3.0
 Flask-Babel>=2.0.0
@@ -26,9 +26,12 @@ pluginbase>=1.0.0
 tzlocal>=2.1
 # workaround for https://git.ziirish.me/ziirish/burp-ui/-/issues/347#note_3770
 pyOpenSSL>=20.0.1
-configobj>=5.0.6
+configobj>=5.0.9
 async_generator>=1.10
 Click>=7.1.2
 # workaround for https://git.ziirish.me/ziirish/burp-ui/-/issues/347#note_3770
 Werkzeug==2.0.2
 cryptography==36.0.2
+certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability
+idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
+jinja2>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability