From 7a3929d06a30b6628d8db9c27dce4d4482747692 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Jul 2024 01:18:16 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-2407255
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5840584
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5871282
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5876644
- https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-6150683
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SCIKITLEARN-7217830
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570772
- https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570773
- https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5811865
- https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5812109
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f7f77d9350d..9f1c701d6c8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,11 +6,11 @@ docformatter==1.3.0
 flake8==3.7.8
 flake8-bugbear==19.8.0
 gitdb2==2.0.5
-GitPython==3.0.3
+GitPython==3.1.41
 h5py==2.10.0
 joblib>=0.14.0
 nltk==3.4.5
-numpy>=1.16.0
+numpy>=1.22.2
 pytest==5.3.2
 pexpect==4.7.0
 Pillow>=6.2.0
@@ -20,12 +20,12 @@ pyyaml==5.1
 pyzmq==18.1.0
 regex==2019.8.19
 recommonmark==0.6.0
-requests==2.22.0
+requests==2.32.2
 requests-mock==1.7.0
-scikit-learn>=0.21.0
+scikit-learn>=1.5.0
 scipy>=1.3.0
 sh==1.12.14
-Sphinx==2.2.0
+Sphinx==3.3.0
 sphinx_rtd_theme==0.4.3
 sphinx-autodoc-typehints==1.10.3
 tokenizers==0.4.2
@@ -34,3 +34,7 @@ typing-extensions==3.7.4.1
 Unidecode==1.1.1
 websocket-client==0.56.0
 websocket-server==0.4
+idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=1.26.19 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability