From 810230176262ac6cf262a34e84b63f545ec9de63 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 19 Nov 2022 07:21:32 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473
- https://snyk.io/vuln/SNYK-PYTHON-LXML-1088006
- https://snyk.io/vuln/SNYK-PYTHON-LXML-2316995
- https://snyk.io/vuln/SNYK-PYTHON-LXML-2940874
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PYTHONLEVENSHTEIN-1061894
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904
---
 requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 9faf013..45af256 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,15 +6,15 @@ cornice-swagger==1.0.0
 hupper==1.10.2
 idna==2.9
 iso8601==0.1.12
-lxml==4.5.0
-numpy==1.18.4
+lxml==4.9.1
+numpy==1.22.2
 PasteDeploy==2.1.0
 plaster==1.0
 plaster-pastedeploy==0.7
 prometheus-client==0.7.1
 pymongo==3.10.1
 pyramid==1.10.4
-python-Levenshtein==0.12.0
+python-Levenshtein==0.12.1
 python-slugify==4.0.0
 regex==2020.5.14
 requests==2.23.0
@@ -31,3 +31,4 @@ waitress==1.4.3
 WebOb==1.8.6
 zope.deprecation==4.4.0
 zope.interface==5.1.0
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability