From 920efedfac8f6024b0bb541baebbd9e7f05d410a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 1 Aug 2024 07:55:03 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a270e81f..fefe5d74 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-setuptools==57.4.0
+setuptools==70.0.0
 elasticsearch==7.14.0
 netaddr==0.8.0
 flask==2.0.1
@@ -9,4 +9,6 @@ oschmod==0.3.12
 argparse==1.4.0
 PyYAML==5.4.1 # library_name=yaml
 flask-swagger==0.2.14 # library_name=flask_swagger
-flask-swagger-ui==3.36.0 # library_name=flask_swagger_ui
\ No newline at end of file
+flask-swagger-ui==3.36.0 # library_name=flask_swagger_ui
+werkzeug>=3.0.3 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file