From 4a59edd2ed74694d4f0ef897d6d6d88587ecd084 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 22 Apr 2024 07:01:44 +0000 Subject: [PATCH] fix: requirements/test-ci-base.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 --- requirements/test-ci-base.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/requirements/test-ci-base.txt b/requirements/test-ci-base.txt index 3563008e5ca..c34a0dff9e0 100644 --- a/requirements/test-ci-base.txt +++ b/requirements/test-ci-base.txt @@ -5,3 +5,6 @@ codecov -r extras/pymemcache.txt -r extras/thread.txt -r extras/auth.txt +certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability +idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability