From 093797ea3ae5e1edf38d0e01aaf09733f7d0e3bf Mon Sep 17 00:00:00 2001
From: "geo-ghci-int[bot]"
 <146321879+geo-ghci-int[bot]@users.noreply.github.com>
Date: Mon, 8 Jul 2024 02:10:41 +0000
Subject: [PATCH] Audit Snyk check/fix master

---
 ci/requirements.txt |  2 +-
 package-lock.json   | 23 ++++++++++++++++++-----
 package.json        |  2 +-
 poetry.lock         |  8 ++++----
 pyproject.toml      |  1 +
 requirements.txt    |  2 +-
 6 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/ci/requirements.txt b/ci/requirements.txt
index c502321dac1..c27c8a0ceb6 100644
--- a/ci/requirements.txt
+++ b/ci/requirements.txt
@@ -6,7 +6,7 @@ poetry-plugin-drop-python-upper-constraint==0.1.0
 poetry-plugin-export==1.8.0
 poetry-plugin-tweak-dependencies-version==1.5.2
 poetry-dynamic-versioning==1.3.0
-certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
+certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
 jinja2>=3.1.3 # not directly required, pinned by Snyk to avoid a vulnerability
 cryptography>=42.0.8 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/package-lock.json b/package-lock.json
index 8a433b34a4b..8b2eda84f4e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
         "@jamietanna/renovate-graph": "0.19.0",
         "@snyk/fix": "1.1291.1",
         "snyk": "1.1291.1",
-        "snyk-python-plugin": "^1.24.1"
+        "snyk-python-plugin": "^1.26.2"
       }
     },
     "node_modules/@arcanis/slice-ansi": {
@@ -9731,6 +9731,18 @@
         "node": ">=8"
       }
     },
+    "node_modules/shescape": {
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/shescape/-/shescape-1.6.1.tgz",
+      "integrity": "sha512-P9fEf91yPuOpUGfE7QdzRubWbO81/O9jR81TVDbUGKyh4ppw0ArobMzX+iBx4S1Ag8eVRli81/dq0usNMTSWow==",
+      "deprecated": "v1 is deprecated and will no longer be supported after 2023-12-06",
+      "dependencies": {
+        "which": "^2.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12 || ^14 || ^16 || ^18"
+      }
+    },
     "node_modules/shimmer": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/shimmer/-/shimmer-1.2.1.tgz",
@@ -9926,13 +9938,14 @@
       }
     },
     "node_modules/snyk-python-plugin": {
-      "version": "1.24.1",
-      "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.24.1.tgz",
-      "integrity": "sha512-u52RAf9T20NsiDLZ798whQLQ/2lWZdDRRFT2GYqyl7oLr5yUD2+SG14d7Phy+ca4Vn7vwKbIQpxXwtUlbRKmVw==",
+      "version": "1.26.2",
+      "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.26.2.tgz",
+      "integrity": "sha512-kC6aKrVccQa21Wdwep4WFu9pRlWPVaogQeJUHPs5LE+KFDfZPC6tMEksBg5TI91AP3RTF+64bXvL5NatimJ1TA==",
       "dependencies": {
         "@snyk/cli-interface": "^2.11.2",
         "@snyk/dep-graph": "^1.28.1",
-        "snyk-poetry-lockfile-parser": "^1.1.7",
+        "shescape": "1.6.1",
+        "snyk-poetry-lockfile-parser": "^1.2.0",
         "tmp": "0.2.1"
       }
     },
diff --git a/package.json b/package.json
index 6a6b87e393b..8b3a0a2d339 100644
--- a/package.json
+++ b/package.json
@@ -7,6 +7,6 @@
     "@jamietanna/renovate-graph": "0.19.0",
     "@snyk/fix": "1.1291.1",
     "snyk": "1.1291.1",
-    "snyk-python-plugin": "1.24.1"
+    "snyk-python-plugin": "1.26.2"
   }
 }
diff --git a/poetry.lock b/poetry.lock
index 90513238162..3830c14829d 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -270,13 +270,13 @@ files = [
 
 [[package]]
 name = "certifi"
-version = "2024.6.2"
+version = "2024.7.4"
 description = "Python package for providing Mozilla's CA Bundle."
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "certifi-2024.6.2-py3-none-any.whl", hash = "sha256:ddc6c8ce995e6987e7faf5e3f1b02b302836a0e5d98ece18392cb1a36c72ad56"},
-    {file = "certifi-2024.6.2.tar.gz", hash = "sha256:3cd43f1c6fa7dedc5899d69d3ad0398fd018ad1a17fba83ddaf78aa46c747516"},
+    {file = "certifi-2024.7.4-py3-none-any.whl", hash = "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90"},
+    {file = "certifi-2024.7.4.tar.gz", hash = "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b"},
 ]
 
 [[package]]
@@ -3551,4 +3551,4 @@ test = ["zope.testing"]
 [metadata]
 lock-version = "2.0"
 python-versions = ">=3.10,<3.13"
-content-hash = "b312a11d0e4d6104431e9aaa5d1769e555a22076a147122644a29bf6cec67c55"
+content-hash = "cb7ad00c231433de7cf95645daab1958033ac06d18b29238acc1fb2d71b6ee5c"
diff --git a/pyproject.toml b/pyproject.toml
index 4072a607d3b..a360f4d507e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -77,6 +77,7 @@ responses = "0.25.2"
 pytest-asyncio = "0.23.7"
 cryptography = "42.0.8"
 urllib3 = "2.2.2"
+certifi = "2024.7.4"
 
 [tool.poetry.group.dev.dependencies]
 c2cwsgiutils = { version = "6.0.8",  extras = ["test-images"] }
diff --git a/requirements.txt b/requirements.txt
index 9ac333e3023..4b9da30ba23 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,6 +4,6 @@ poetry-dynamic-versioning==1.3.0
 poetry-plugin-tweak-dependencies-version==1.5.2
 pip==24.0
 poetry-plugin-drop-python-upper-constraint==0.1.0
-certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
+certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability
 jinja2>=3.1.3 # not directly required, pinned by Snyk to avoid a vulnerability
 cryptography>=42.0.8 # not directly required, pinned by Snyk to avoid a vulnerability