From 6564d389f7505d245947df2a366a67fc10b799c1 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 3 Nov 2023 12:31:46 +0000
Subject: [PATCH] fix: pip-sample/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-BLEACH-561754
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-3063766
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-1053952
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-1932014
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-2313655
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-460224
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-5926697
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-5926698
- https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-1041707
- https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-1567195
- https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-173774
- https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-2928995
- https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-72620
- https://snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-72621
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-73513
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-3031740
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-72435
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5969479
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3266409
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
---
 pip-sample/requirements.txt | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/pip-sample/requirements.txt b/pip-sample/requirements.txt
index 680d0816..ffcee186 100644
--- a/pip-sample/requirements.txt
+++ b/pip-sample/requirements.txt
@@ -1,4 +1,4 @@
-bleach==2.1.4
+bleach==3.1.4
 certifi==2018.8.24
 chardet==3.0.4
 Click==7.0
@@ -6,7 +6,7 @@ cycler==0.10.0
 decorator==4.3.0
 defusedxml==0.5.0
 entrypoints==0.2.3
-Flask==1.0.2
+Flask==2.2.5
 google==2.0.1
 google-cloud==0.34.0
 gtfs-realtime-bindings==0.0.5
@@ -17,20 +17,20 @@ ipython-genutils==0.2.0
 ipywidgets==7.4.2
 itsdangerous==1.1.0
 jedi==0.12.1
-Jinja2==2.10
+Jinja2==2.11.3
 jsonschema==2.6.0
 jupyter==1.0.0
 jupyter-client==5.2.3
-jupyter-core==4.4.0
+jupyter-core==4.11.2
 kiwisolver==1.0.1
 MarkupSafe==1.0
 matplotlib==2.2.2
 mistune==0.8.3
 nbconvert==5.4.0
 nbformat==4.4.0
-nltk==3.3
-notebook==5.7.0
-numpy==1.15.3
+nltk==3.8.1
+notebook==6.4.12
+numpy==1.22.2
 oauthlib==2.1.0
 pandas==0.23.3
 pandocfilters==1.4.2
@@ -38,30 +38,31 @@ parso==0.3.1
 pexpect==4.6.0
 pickleshare==0.7.5
 prometheus-client==0.3.1
-protobuf==3.6.1
+protobuf==3.18.3
 protobuf-to-dict==0.1.0
 ptyprocess==0.6.0
-Pygments==2.2.0
+Pygments==2.7.4
 pyparsing==2.2.0
 PySocks==1.6.8
 python-dateutil==2.7.3
 pytz==2018.5
 pyzmq==17.1.2
 qtconsole==4.4.1
-requests==2.19.1
+requests==2.31.0
 requests-oauthlib==1.0.0
 Send2Trash==1.5.0
 simplegeneric==0.8.1
 six==1.11.0
 terminado==0.8.1
 testpath==0.4.1
-tornado==5.1.1
+tornado==6.3.3
 traitlets==4.3.2
 tweepy==3.6.0
-urllib3==1.23
+urllib3==1.26.18
 virtualenv==16.0.0
 wcwidth==0.1.7
 webencodings==0.5.1
-Werkzeug==0.14.1
+Werkzeug==3.0.1
 widgetsnbextension==3.4.2
 xlrd==1.1.0
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability