fix: etl/requirements-dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862881 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862882 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-6099119 - https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-7217832 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217829 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
mongulu-cm · Jun 26, 2024 · 8a16458 · 8a16458
1 parent 828000d
commit 8a16458
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/etl/requirements-dev.txt b/etl/requirements-dev.txt
@@ -4,5 +4,8 @@ csvs-to-sqlite==1.3
 ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability
 numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
-tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability
+tornado>=6.4.1 # not directly required, pinned by Snyk to avoid a vulnerability
 urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
+jupyter-server>=2.14.1 # not directly required, pinned by Snyk to avoid a vulnerability
+requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability