From 37bcd89ec01b1e14b928a8489cb7ed662fb7cb0f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 28 Jul 2022 08:31:02 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYARROW-483024
- https://snyk.io/vuln/SNYK-PYTHON-PYARROW-483026
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-42159
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-559098
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-SCIKITLEARN-1079100
---
 requirements.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/requirements.txt b/requirements.txt
index 9cb0914..26981c5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,3 +13,5 @@ typing>=3.6.4,<4.0.0
 apache-beam[gcp]>=2.16.0,<2.17.0
 # tfdv and tft 0.15 has requirement absl-py<0.9
 absl-py>=0.8.1,<0.9
+pyarrow>=0.15.1 # not directly required, pinned by Snyk to avoid a vulnerability
+pyyaml>=5.4 # not directly required, pinned by Snyk to avoid a vulnerability