From f04dd905b8ebf09cac38eaf8b0181fd85dc7fbc2 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 7 Nov 2023 22:06:04 +0000
Subject: [PATCH] fix: pip-sample/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://dev.snyk.io/vuln/SNYK-PYTHON-BLEACH-1069893
- https://dev.snyk.io/vuln/SNYK-PYTHON-BLEACH-552160
- https://dev.snyk.io/vuln/SNYK-PYTHON-BLEACH-561119
- https://dev.snyk.io/vuln/SNYK-PYTHON-BLEACH-561754
- https://dev.snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://dev.snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://dev.snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://dev.snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382
- https://dev.snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
- https://dev.snyk.io/vuln/SNYK-PYTHON-JINJA2-174126
- https://dev.snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-3063766
- https://dev.snyk.io/vuln/SNYK-PYTHON-MISTUNE-2940625
- https://dev.snyk.io/vuln/SNYK-PYTHON-NBCONVERT-2979829
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-1053952
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-1660190
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-1932014
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-2313655
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-460224
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-5926697
- https://dev.snyk.io/vuln/SNYK-PYTHON-NLTK-5926698
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-1041707
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-1567195
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-173774
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-174029
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-174114
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-2441824
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-2928995
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-72620
- https://dev.snyk.io/vuln/SNYK-PYTHON-NOTEBOOK-72621
- https://dev.snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://dev.snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://dev.snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://dev.snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://dev.snyk.io/vuln/SNYK-PYTHON-NUMPY-73513
- https://dev.snyk.io/vuln/SNYK-PYTHON-PROTOBUF-3031740
- https://dev.snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606
- https://dev.snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505
- https://dev.snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273
- https://dev.snyk.io/vuln/SNYK-PYTHON-REQUESTS-72435
- https://dev.snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://dev.snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286
- https://dev.snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803
- https://dev.snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-5969479
- https://dev.snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://dev.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3266409
- https://dev.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://dev.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://dev.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931
- https://dev.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6041510
---
 pip-sample/requirements.txt | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/pip-sample/requirements.txt b/pip-sample/requirements.txt
index 680d0816..9372ae66 100644
--- a/pip-sample/requirements.txt
+++ b/pip-sample/requirements.txt
@@ -1,12 +1,12 @@
-bleach==2.1.4
-certifi==2018.8.24
+bleach==3.3.0
+certifi==2023.7.22
 chardet==3.0.4
 Click==7.0
 cycler==0.10.0
 decorator==4.3.0
 defusedxml==0.5.0
 entrypoints==0.2.3
-Flask==1.0.2
+Flask==2.2.5
 google==2.0.1
 google-cloud==0.34.0
 gtfs-realtime-bindings==0.0.5
@@ -17,20 +17,20 @@ ipython-genutils==0.2.0
 ipywidgets==7.4.2
 itsdangerous==1.1.0
 jedi==0.12.1
-Jinja2==2.10
+Jinja2==2.11.3
 jsonschema==2.6.0
 jupyter==1.0.0
 jupyter-client==5.2.3
-jupyter-core==4.4.0
+jupyter-core==4.11.2
 kiwisolver==1.0.1
 MarkupSafe==1.0
 matplotlib==2.2.2
-mistune==0.8.3
-nbconvert==5.4.0
+mistune==2.0.3
+nbconvert==6.3.0b0
 nbformat==4.4.0
-nltk==3.3
-notebook==5.7.0
-numpy==1.15.3
+nltk==3.8.1
+notebook==6.4.12
+numpy==1.22.2
 oauthlib==2.1.0
 pandas==0.23.3
 pandocfilters==1.4.2
@@ -38,30 +38,32 @@ parso==0.3.1
 pexpect==4.6.0
 pickleshare==0.7.5
 prometheus-client==0.3.1
-protobuf==3.6.1
+protobuf==3.18.3
 protobuf-to-dict==0.1.0
 ptyprocess==0.6.0
-Pygments==2.2.0
+Pygments==2.15.0
 pyparsing==2.2.0
 PySocks==1.6.8
 python-dateutil==2.7.3
 pytz==2018.5
 pyzmq==17.1.2
 qtconsole==4.4.1
-requests==2.19.1
+requests==2.20
 requests-oauthlib==1.0.0
 Send2Trash==1.5.0
 simplegeneric==0.8.1
 six==1.11.0
 terminado==0.8.1
 testpath==0.4.1
-tornado==5.1.1
+tornado==6.3.3
 traitlets==4.3.2
 tweepy==3.6.0
-urllib3==1.23
+urllib3==1.26.18
 virtualenv==16.0.0
 wcwidth==0.1.7
 webencodings==0.5.1
-Werkzeug==0.14.1
+Werkzeug==3.0.1
 widgetsnbextension==3.4.2
 xlrd==1.1.0
+ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability