From 004965e51c386dc2bf54fbcf5a9adefd5cd2b138 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 8 Aug 2024 09:43:11 +0000 Subject: [PATCH 1/2] fix: docs/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570772 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570773 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5811865 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5812109 --- docs/requirements.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index b16716ced72..5550bdedbf3 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,6 @@ -certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability +certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability ipython==8.10.0 -jinja2>=3.1.3 # not directly required, pinned by Snyk to avoid a vulnerability +jinja2>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability markupsafe==2.0.1 pydata-sphinx-theme==0.7.2 pygments>=2.15.0 # not directly required, pinned by Snyk to avoid a vulnerability @@ -12,3 +12,4 @@ sphinx-code-include==1.1.1 sphinx-copybutton==0.4.0 sphinx-panels==0.6.0 urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability +idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability From 09647293128dde9f2ca47c2f5449426d52dec9c4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 8 Aug 2024 20:11:32 +0000 Subject: [PATCH 2/2] fix: docs/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 --- docs/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index b16716ced72..76aef58205f 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,8 +4,8 @@ jinja2>=3.1.3 # not directly required, pinned by Snyk to avoid a vulnerability markupsafe==2.0.1 pydata-sphinx-theme==0.7.2 pygments>=2.15.0 # not directly required, pinned by Snyk to avoid a vulnerability -requests>=2.32.0 # not directly required, pinned by Snyk to avoid a vulnerability -setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability sphinx==4.3.0 sphinx-autoapi==1.8.4 sphinx-code-include==1.1.1