From bfc0c53869b6a5cbd11315d9b0e21808e2267d8d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 27 Sep 2024 04:50:25 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-OAUTHLIB-3021142
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SCIKITLEARN-7217830
- https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5756497
- https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5759266
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 3d6bcf4..fa34f5f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@ astunparse==1.6.3
 bleach==1.5.0
 cached-property==1.5.2
 cachetools==4.2.2
-certifi==2021.5.30
+certifi==2024.7.4
 chardet==4.0.0
 coloredlogs==15.0
 dataclasses==0.8
@@ -18,26 +18,26 @@ grpcio==1.34.1
 h5py==3.1.0
 html5lib==0.9999999
 humanfriendly==9.1
-idna==2.10
+idna==3.7
 importlib-metadata==4.5.0
-joblib==1.0.1
+joblib==1.1.1
 Keras-Applications==1.0.8
 keras-nightly==2.5.0.dev2021032900
 Keras-Preprocessing==1.1.2
 Markdown==3.3.4
 mock==4.0.3
-numpy==1.19.5
-oauthlib==3.1.1
+numpy==1.22.2
+oauthlib==3.2.2
 opt-einsum==3.3.0
 pkg-resources==0.0.0
 protobuf==3.17.2
 pyasn1==0.4.8
 pyasn1-modules==0.2.8
-requests==2.25.1
+requests==2.32.2
 requests-oauthlib==1.3.0
 rsa==4.7.2
-scikit-learn==0.24.2
-scipy==1.5.4
+scikit-learn==1.5.0
+scipy==1.10.0rc1
 six==1.15.0
 tensorboard==1.15.0
 tensorboard-data-server==0.6.1
@@ -49,7 +49,8 @@ tensorflow-tensorboard==1.5.1
 termcolor==1.1.0
 threadpoolctl==2.1.0
 typing-extensions==3.7.4.3
-urllib3==1.26.5
-Werkzeug==2.0.1
+urllib3==1.26.19
+Werkzeug==3.0.3
 wrapt==1.12.1
-zipp==3.4.1
+zipp==3.19.1
+setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability