[Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.1 (#128)

Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Lingyi Zhang <[email protected]>
mckinsey · Nov 2, 2023 · cc0952d · cc0952d
1 parent 8dce080
commit cc0952d
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 1 deletion.
diff --git a/tools/tools_requirements.txt b/tools/tools_requirements.txt
@@ -1,2 +1,2 @@
-werkzeug
+werkzeug>=3.0.1
 requests
diff --git a/...log.d/20231101_213654_lingyi_zhang_snyk_fix_1fa4e2ea1b51a679b7318abdba0b4f36.md b/...log.d/20231101_213654_lingyi_zhang_snyk_fix_1fa4e2ea1b51a679b7318abdba0b4f36.md
@@ -0,0 +1,46 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+-->
+
+<!--
+### Highlights ✨
+
+- A bullet item for the Highlights ✨ category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX ([#1](https://github.com/mckinsey/vizro/pull/1))
+
+-->
+<!--
+### Removed
+
+- A bullet item for the Removed category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX ([#1](https://github.com/mckinsey/vizro/pull/1))
+
+-->
+<!--
+### Added
+
+- A bullet item for the Added category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX ([#1](https://github.com/mckinsey/vizro/pull/1))
+
+-->
+<!--
+### Changed
+
+- A bullet item for the Changed category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX ([#1](https://github.com/mckinsey/vizro/pull/1))
+
+-->
+<!--
+### Deprecated
+
+- A bullet item for the Deprecated category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX ([#1](https://github.com/mckinsey/vizro/pull/1))
+
+-->
+<!--
+### Fixed
+
+- A bullet item for the Fixed category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX ([#1](https://github.com/mckinsey/vizro/pull/1))
+
+-->
+
+### Security
+
+- Bump werkzeug version suggested by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 ([#128](https://github.com/mckinsey/vizro/pull/128))
diff --git a/vizro-core/pyproject.toml b/vizro-core/pyproject.toml
@@ -27,6 +27,7 @@ dependencies = [
   "numpy>=1.22.2",  # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
   "tornado>=6.3.2",  # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286
   "setuptools>=65.5.1",  # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
+  "werkzeug>=3.0.1",  # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
   "MarkupSafe"  # required to sanitize user input
 ]
 description = "Vizro is a package to facilitate visual analytics."

diff --git a/vizro-core/snyk/requirements.txt b/vizro-core/snyk/requirements.txt
@@ -7,6 +7,7 @@ ipython>=8.10.0
 numpy>=1.22.2
 tornado>=6.3.2
 setuptools>=65.5.1
+werkzeug>=3.0.1
 MarkupSafe
 kedro>=0.17.3
 wheel>=0.38.0