From 4af468b238dbc6279b7f23e77b3c5b976e032d3b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 17 Jan 2024 12:55:32 +0000
Subject: [PATCH] fix: requirements-dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
---
 requirements-dev.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index dd824ac93..fa3993ba7 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,7 +1,8 @@
 git+https://github.com/spyder-ide/spyder-docs-sphinx-theme.git@develop_spyder
-jinja2>=2,<3  # Sphinx <4 is not compatible with Jinja >=3
+jinja2>=3.1.3,<3  # Sphinx <4 is not compatible with Jinja >=3
 MarkupSafe>=1,<2  # Sphinx <4 is not compatible with MarkupSafe >=2
 pre-commit>=2.10.0,<3  # For pre-commit hooks
 sphinx>=3,<4  # Sphinx-Multiversion is not compatible with Sphinx 4
 sphinx-multiversion  # For version selector support
 sphinx-panels  # For dropdowns and other fancy UI elements
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability