From 7053fc1be1a7dc26f9421268fb0e5967ba29d2a3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 28 Apr 2024 17:11:01 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 - https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 --- requirements.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index de018352..5f9a00fc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,10 +1,10 @@ devpack # warg, draugr, apppath neodroid -numpy>=1.20.2 +numpy>=1.22.2 scipy scikit-image tqdm -Pillow>=9.0.0 +Pillow>=10.3.0 matplotlib>=3.4.1 pip h5py @@ -19,4 +19,7 @@ PyWavelets imageio pypng sorcery -black[jupyter] \ No newline at end of file +black[jupyter] +black>=24.3.0 # not directly required, pinned by Snyk to avoid a vulnerability +fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file