Skip to content

Commit

Permalink
fix: requirements.txt to reduce vulnerabilities (#198)
Browse files Browse the repository at this point in the history
* fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933

* truncate workspace name to 64 characters

* error fix on workspace name

* fix: dependency-conflicts between jinja2 and diagrams

* fix: dependency-conflicts between werkzeug moto MarkupSafe

* fix duplicate local

* fix demo_page missing

---------

Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Bill Metangmo <[email protected]>
  • Loading branch information
3 people authored Dec 4, 2024
1 parent 4715e82 commit c129892
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
contextvars==2.4
diagrams==0.18.0
graphviz==0.13.2
MarkupSafe==1.1.1
MarkupSafe>=2.1.1
pre-commit==2.15.0
detect-secrets==1.2.0
moto==3.1.4
Expand All @@ -12,4 +12,4 @@ selenium-wire==4.2.0
certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
Werkzeug==2.1.2
Werkzeug==2.1.2

0 comments on commit c129892

Please sign in to comment.