From 68e17a25db327471bb14792c05cbe7281c811544 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 15 Aug 2024 19:17:19 +0000
Subject: [PATCH] fix: backend/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 backend/requirements.txt | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/backend/requirements.txt b/backend/requirements.txt
index b3f698c9..ac1cf9c1 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -18,7 +18,7 @@ fastapi-jwt-auth==0.5.0
 gunicorn==20.1.0
 h11==0.14.0
 httptools==0.5.0
-idna==3.4
+idna==3.7
 python-jose==3.3.0
 makefun==1.15.0
 mysqlclient==2.2.0
@@ -40,11 +40,13 @@ starlette==0.27.0
 # sse-starlette==1.4.1 (wrong version cant deploy)
 sse-starlette==2.1.3
 typing-extensions==4.7.1
-urllib3==2.0.4
+urllib3==2.2.2
 uvicorn==0.22.0
 uvloop==0.17.0
 # websocket-client==1.7.2 (wrong version cant deploy)
 websocket-client==1.6.4
 websockets==11.0.2
 wheel==0.41.0
-setuptools==68.0.0
\ No newline at end of file
+setuptools==68.0.0
+anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file