fix: requirements/requirements_server.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 - https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
aivclab · May 29, 2024 · 233b080 · 233b080
1 parent 2d73448
commit 233b080
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/requirements/requirements_server.txt b/requirements/requirements_server.txt
@@ -20,7 +20,11 @@ pyfiglet
 schedule
 PyGithub
 msal
-pillow>=10.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
 requests>=2.32.0 # not directly required, pinned by Snyk to avoid a vulnerability
 wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability
-waitress
+waitress
+black>=24.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
+fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+werkzeug>=3.0.3 # not directly required, pinned by Snyk to avoid a vulnerability