From 118daee8868262be2c467d7b9d3d498605b98575 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 14 May 2024 16:04:06 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
- https://snyk.io/vuln/SNYK-PYTHON-HTTPX-2772742
- https://snyk.io/vuln/SNYK-PYTHON-HTTPX-2805813
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
- https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195
- https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5756497
- https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5759266
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
---
 requirements.txt | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 2722c2d45..2689d7ea8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@ google-cloud-logging==1.15.1
 google-cloud-secret-manager==2.4.0
 clusterfuzz==0.0.1a0
 Jinja2==2.11.3
-numpy==1.18.1
+numpy==1.22.2
 Orange3==3.28.0
 pandas==1.2.4
 psycopg2-binary==2.8.4
@@ -15,10 +15,10 @@ pytest==6.1.2
 python-dateutil==2.8.1
 pytz==2019.3
 PyYAML==5.4
-redis==3.5.3
+redis==4.3.6
 rq==1.4.3
 scikit-posthocs==0.6.2
-scipy==1.6.2
+scipy==1.10.0rc1
 seaborn==0.11.1
 sqlalchemy==1.3.19
 
@@ -26,3 +26,7 @@ sqlalchemy==1.3.19
 pylint==2.7.4
 pytype==2021.4.15
 yapf==0.30.0
+fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability
+httpx>=0.23.0 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability