From e4239bd3b838b1717e295412113030ee42631fc6 Mon Sep 17 00:00:00 2001
From: Terri Oda <terri.oda@intel.com>
Date: Thu, 8 Aug 2024 13:05:38 -0700
Subject: [PATCH] chore(deps): bump min versions per snyk (#4318)

Snyk recommended bumping a few minimum versions to avoid
vulnerabilities.

This replaces the following couple of issues because I didn't think it
was worth running tests twice for the different files:
* closes #4296
* closes #4295

Signed-off-by: Terri Oda <terri.oda@intel.com>
---
 doc/requirements.csv | 1 +
 doc/requirements.txt | 1 +
 requirements.csv     | 1 +
 requirements.txt     | 9 +++++----
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/requirements.csv b/doc/requirements.csv
index 67b21068e5..6026319352 100644
--- a/doc/requirements.csv
+++ b/doc/requirements.csv
@@ -6,3 +6,4 @@ anthonyharrison_not_in_db,sbom2doc
 pillow,pillow
 python,requests
 python,urllib3
+jaraco,zipp
diff --git a/doc/requirements.txt b/doc/requirements.txt
index 90f8108322..9a82cb3862 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -5,3 +5,4 @@ sbom2doc
 pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
 requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
 urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/requirements.csv b/requirements.csv
index 8bd720f214..3ad34e857e 100644
--- a/requirements.csv
+++ b/requirements.csv
@@ -25,3 +25,4 @@ anthonyharrison_not_in_db,lib4vex
 the_purl_authors_not_in_db,packageurl-python
 h2non,filetype
 python,setuptools
+jaraco,zipp
diff --git a/requirements.txt b/requirements.txt
index e14d5f2c40..1f785f9280 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-aiohttp[speedups]>=3.9.2
+aiohttp[speedups]>=3.9.4
 beautifulsoup4
 cvss
 defusedxml
@@ -16,11 +16,12 @@ packageurl-python
 packaging
 plotly
 pyyaml>=5.4
-requests>=2.32.0
+requests>=2.32.2
 rich
 rpmfile>=1.0.6
-setuptools>=65.5.1 # pinned by Snyk to avoid a vulnerability
+setuptools>=70.0.0 # pinned by Snyk to avoid a vulnerability
 toml; python_version < "3.11"
-urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
+urllib3>=2.2.2 # dependency of requests added explictly to avoid CVEs
 xmlschema
 zstandard; python_version >= "3.4"
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability