From a85222ac0694818fb11fe93a5c52193b65166110 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 15 Nov 2022 06:46:13 +0000 Subject: [PATCH] fix: requirements/base.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-LXML-2940874 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904 --- requirements/base.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements/base.txt b/requirements/base.txt index 8d33b8f..4a77a17 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -8,7 +8,7 @@ appdirs==1.4.4 # via fs fs==2.4.16 # via xblock -lxml==4.9.0 +lxml==4.9.1 # via xblock markupsafe==2.1.1 # via xblock @@ -31,3 +31,4 @@ xblock==1.6.1 # The following packages are considered to be unsafe in a requirements file: # setuptools +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability