From e283374347cac3e7ff5a6b207e62f53f8dce7bea Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 2 Mar 2024 08:57:31 +0000
Subject: [PATCH] fix: gpt4all-api/gpt4all_api/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2359034
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2940619
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2942122
---
 gpt4all-api/gpt4all_api/requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gpt4all-api/gpt4all_api/requirements.txt b/gpt4all-api/gpt4all_api/requirements.txt
index ae91c1029ccf..27d13d86878f 100644
--- a/gpt4all-api/gpt4all_api/requirements.txt
+++ b/gpt4all-api/gpt4all_api/requirements.txt
@@ -1,8 +1,8 @@
 aiohttp>=3.9.2
 aiofiles
 pydantic>=2.4.0,<2.0.0
-requests>=2.24.0
-ujson>=2.0.2
+requests>=2.31.0
+ujson>=5.4.0
 fastapi>=0.109.1
 Jinja2>=3.0
 gpt4all>=1.0.0
@@ -10,4 +10,5 @@ pytest
 openai==0.28.0
 black
 isort
-python-dotenv
\ No newline at end of file
+python-dotenv
+certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file