From e76c6981ff1933898fd646f8d17639414c032dce Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 5 Oct 2024 06:53:27 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173
- https://snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672
- https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-7856105
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
- https://snyk.io/vuln/SNYK-PYTHON-PYMONGO-7172112
- https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291196
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8dffeb9a..7a543000 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@ beautifulsoup4==4.11.1
 blinker==1.5
 cachelib==0.9.0
 cachetools==5.2.1
-certifi==2022.12.7
+certifi==2024.7.4
 chardet==5.1.0
 charset-normalizer==3.0.1
 citeproc-py==0.6.0
@@ -16,13 +16,13 @@ colorama==0.4.6
 croniter==1.3.8
 cssmin==0.2.0
 distlib==0.3.6
-dnspython==2.3.0
+dnspython==2.6.1
 elastic-apm==6.13.2
 email-validator==1.3.0
 feedparser==6.0.10
 feedwerk==1.1.0
 filelock==3.9.0
-Flask==2.2.2
+Flask==2.2.5
 Flask-Admin==1.6.0
 Flask-BabelEx==0.9.4
 Flask-Caching==2.0.2
@@ -38,11 +38,11 @@ Flask-SQLAlchemy==3.0.2
 Flask-WTF==1.1.1
 gevent==22.10.2
 greenlet==2.0.1
-gunicorn==20.1.0
+gunicorn==22.0.0
 htmlmin==0.1.12
-idna==3.4
+idna==3.7
 itsdangerous==2.1.2
-Jinja2==3.0.0
+Jinja2==3.1.4
 legendarium==2.0.6
 lxml==5.3.0
 Mako==1.2.4
@@ -54,10 +54,10 @@ packaging==23.0
 passlib==1.7.4
 pbr==5.11.1
 picles.plumber==0.11
-Pillow==9.4.0
+Pillow==10.3.0
 platformdirs==2.6.2
 pluggy==1.0.0
-pymongo==4.3.3
+pymongo==4.6.3
 pyproject_api==1.5.0
 PySocks==1.7.1
 python-dateutil==2.8.2
@@ -65,8 +65,8 @@ python-editor==1.0.4
 python-slugify==7.0.0
 pytz==2022.7.1
 raven==6.10.0
-redis==4.4.2
-requests==2.28.2
+redis==4.4.4
+requests==2.32.2
 requests-oauthlib==1.3.1
 rq==1.12.0
 rq-dashboard==0.6.1
@@ -83,9 +83,9 @@ tox==4.3.5
 tweepy==4.12.1
 unicodecsv==0.14.1
 Unidecode==1.3.6
-urllib3==1.26.14
+urllib3==1.26.19
 virtualenv==20.17.1
-Werkzeug==2.2.2
+Werkzeug==3.0.3
 wrapt==1.14.1
 WTForms==3.0.1
 XlsxWriter==3.0.7
@@ -97,3 +97,5 @@ tenacity==8.2.3
 -e git+https://git@github.com/scieloorg/opac_schema@v2.8.0#egg=Opac_Schema
 -e git+https://git@github.com/scieloorg/packtools@4.5.0#egg=packtools
 -e git+https://github.com/scieloorg/scieloh5m5.git@1.9.5#egg=scieloh5m5
+setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability