Skip to content

Commit

Permalink
fix: backend/requirements.txt to reduce vulnerabilities
Browse files Browse the repository at this point in the history 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
  • Loading branch information
@snyk-bot
snyk-bot committed Aug 15, 2024
1 parent 0fea6fe commit 68e17a2
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions backend/requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ fastapi-jwt-auth==0.5.0
gunicorn==20.1.0
h11==0.14.0
httptools==0.5.0
idna==3.4
idna==3.7
python-jose==3.3.0
makefun==1.15.0
mysqlclient==2.2.0
Expand All @@ -40,11 +40,13 @@ starlette==0.27.0
# sse-starlette==1.4.1 (wrong version cant deploy)
sse-starlette==2.1.3
typing-extensions==4.7.1
urllib3==2.0.4
urllib3==2.2.2
uvicorn==0.22.0
uvloop==0.17.0
# websocket-client==1.7.2 (wrong version cant deploy)
websocket-client==1.6.4
websockets==11.0.2
wheel==0.41.0
setuptools==68.0.0
setuptools==68.0.0
anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

0 comments on commit 68e17a2

Please sign in to comment.