From 095607b1c09f860a36b305a4a190e5329ce7678c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 9 Mar 2024 21:12:33 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6261585
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
---
 requirements.txt | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 52575d113..c6d3928ed 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -22,7 +22,7 @@ botocore==1.22.0
     #   s3transfer
 cachelib==0.1.1
     # via flask-session
-certifi==2019.11.28
+certifi==2023.7.22
     # via requests
 cffi==1.14.0
     # via
@@ -34,7 +34,7 @@ click==7.0
     # via flask
 contextlib2==0.6.0.post1
     # via digitalmarketplace-utils
-cryptography==39.0.1
+cryptography==42.0.4
     # via digitalmarketplace-utils
 defusedxml==0.6.0
     # via odfpy
@@ -44,7 +44,7 @@ digitalmarketplace-utils==60.12.0
     # via -r requirements.in
 docopt==0.6.2
     # via notifications-python-client
-flask==1.1.4
+flask==2.2.5
     # via
     #   -r requirements.in
     #   digitalmarketplace-utils
@@ -87,7 +87,7 @@ itsdangerous==1.1.0
     #   -r requirements.in
     #   flask
     #   flask-wtf
-jinja2==2.11.3
+jinja2==3.1.3
     # via flask
 jmespath==0.9.4
     # via
@@ -125,7 +125,7 @@ pytz==2019.3
     # via digitalmarketplace-utils
 redis==3.5.3
     # via digitalmarketplace-utils
-requests==2.26.0
+requests==2.31.0
     # via
     #   digitalmarketplace-apiclient
     #   digitalmarketplace-utils
@@ -157,11 +157,11 @@ strict-rfc3339==0.7
     # via -r requirements.in
 unicodecsv==0.14.1
     # via digitalmarketplace-utils
-urllib3==1.26.5
+urllib3==1.26.18
     # via
     #   botocore
     #   requests
-werkzeug==1.0.0
+werkzeug==2.3.8
     # via flask
 workdays==1.4
     # via digitalmarketplace-utils