fix: files/requirements_dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3112177 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3112180 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
CoffeeITWorks · Oct 4, 2024 · 3c615b7 · 3c615b7
1 parent d809970
commit 3c615b7
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/files/requirements_dev.txt b/files/requirements_dev.txt
@@ -4,7 +4,7 @@ celery>=5.1.0
 cffi>=1.14.5
 gevent>=21.12.0
 ujson>=1.35
-urllib3>=1.19 # required to avoid issues with get_url module
+urllib3>=2.2.2 # required to avoid issues with get_url module
 # - ndg-httpsclient>=0.4.2 # required to avoid issues with get_url module
 pyasn1==0.4.8
 #- six>=1.10.0  # try to fix error in dependencies with requests[security]
@@ -30,5 +30,6 @@ configobj>=5.0.6
 async_generator>=1.10
 Click>=7.1.2
 # workaround for https://git.ziirish.me/ziirish/burp-ui/-/issues/347#note_3770
-Werkzeug==2.0.2
-cryptography==36.0.2
+Werkzeug==3.0.3
+cryptography==42.0.8
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability