From 7896a839dba02a4e37b84b309e46b93a3465bedb Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 25 Aug 2025 02:48:52 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FLASKCORS-9668952
- https://snyk.io/vuln/SNYK-PYTHON-FLASKCORS-9668953
- https://snyk.io/vuln/SNYK-PYTHON-FLASKCORS-9668954
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309091
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7453657..9fc4073 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 flask>=2.2.3
-flask-cors>=4.0.0
-Werkzeug>=2.2.3
+flask-cors>=6.0.0
+Werkzeug>=3.0.6
 numpy>=1.24.2
 cirq>=1.1.0
 cirq-core>=1.1.0
@@ -10,4 +10,5 @@ eventlet>=0.33.3
 flask-socketio>=5.3.2
 gunicorn>=20.1.0
 python-dotenv>=1.0.0
-psutil>=5.9.0
\ No newline at end of file
+psutil>=5.9.0
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file