From 0a7cb6fd3f0a30eb10c502ac495f40142a1e5c48 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 23 Oct 2023 21:23:15 +0000
Subject: [PATCH] fix: gpt4all-api/gpt4all_api/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2359034
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2940619
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2942122
---
 gpt4all-api/gpt4all_api/requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gpt4all-api/gpt4all_api/requirements.txt b/gpt4all-api/gpt4all_api/requirements.txt
index f7c7ed533df6..4d9be386d377 100644
--- a/gpt4all-api/gpt4all_api/requirements.txt
+++ b/gpt4all-api/gpt4all_api/requirements.txt
@@ -1,12 +1,13 @@
 aiohttp>=3.6.2
 aiofiles
 pydantic>=1.4.0,<2.0.0
-requests>=2.24.0
-ujson>=2.0.2
+requests>=2.31.0
+ujson>=5.4.0
 fastapi>=0.95.0
 Jinja2>=3.0
 gpt4all>=1.0.0
 pytest
 openai
 black
-isort
\ No newline at end of file
+isort
+certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file