From d63fcc46574d74d8a198884b7f813a77c1d60b2d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 22 Jun 2024 05:40:59 +0000
Subject: [PATCH 1/2] fix: dev-requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
---
 dev-requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-requirements.txt b/dev-requirements.txt
index dfd95ea9..0181b1fd 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -6,4 +6,5 @@ httpretty==0.9.7
 parameterized==0.8.1
 pytest-cov
 pytest-ckan
-six>=1.13.0
\ No newline at end of file
+six>=1.13.0
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file

From 839cffb833117aeafb6bd13454911c2f0db1f8e9 Mon Sep 17 00:00:00 2001
From: ThrawnCA <shell_layer-github@yahoo.com.au>
Date: Tue, 9 Jul 2024 16:58:52 +1000
Subject: [PATCH 2/2] pin urllib3 to the 1.x series instead of 2.x for
 compatibility with botocore

---
 dev-requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-requirements.txt b/dev-requirements.txt
index 0181b1fd..1026aea5 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -7,4 +7,4 @@ parameterized==0.8.1
 pytest-cov
 pytest-ckan
 six>=1.13.0
-urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file
+urllib3>=1.26.19 # not directly required, pinned to avoid a vulnerability