From 72b219593b703473b7f797c80e23e3a3dc8ed9a6 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 13 Oct 2023 14:04:43 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NETWORKX-1062709
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-73513
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055461
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055462
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1059090
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080635
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1080654
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082329
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1082750
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574576
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
- https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5756497
- https://snyk.io/vuln/SNYK-PYTHON-SCIPY-5759266
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
---
 requirements.txt | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f47cd19..58d7627 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
-numpy==1.13.3
-scipy==0.19.1
+numpy==1.22.2
+scipy==1.10.0rc1
 scikit-image==0.13.0
 dlib==19.4.0
 flask==1.0
@@ -12,3 +12,6 @@ python-levenshtein==0.12.1
 colorlog==3.0.1
 Sphinx==3.0.4
 sphinx-rtd-theme==0.2.4
+networkx>=2.6 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+werkzeug>=2.2.3 # not directly required, pinned by Snyk to avoid a vulnerability