From edd1c0cfb864a9c3c4d191bf0a2630d65a06766c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 04:38:14 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- pdm.lock | 13 ++++++++++++- pyproject.toml | 1 + requirements.txt | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pdm.lock b/pdm.lock index 953f19c..ead2144 100644 --- a/pdm.lock +++ b/pdm.lock @@ -5,7 +5,7 @@ groups = ["default", "dev"] strategy = ["cross_platform", "inherit_metadata"] lock_version = "4.4.2" -content_hash = "sha256:5579734869615ae4db7e2e6672c470f02be5bf3efd453925f1a79e3e68e0f557" +content_hash = "sha256:37b3ab2a1118980c357a6cdda300d19b047047d96e95421016f7c79fa52acc0a" [[package]] name = "anyio" @@ -689,3 +689,14 @@ files = [ {file = "virtualenv-20.26.3-py3-none-any.whl", hash = "sha256:8cc4a31139e796e9a7de2cd5cf2489de1217193116a8fd42328f1bd65f434589"}, {file = "virtualenv-20.26.3.tar.gz", hash = "sha256:4c43a2a236279d9ea36a0d76f98d84bd6ca94ac4e0f4a3b9d46d05e10fea542a"}, ] + +[[package]] +name = "zipp" +version = "3.19.2" +requires_python = ">=3.8" +summary = "Backport of pathlib-compatible object wrapper for zip files" +groups = ["dev"] +files = [ + {file = "zipp-3.19.2-py3-none-any.whl", hash = "sha256:f091755f667055f2d02b32c53771a7a6c8b47e1fdbc4b72a8b9072b3eef8015c"}, + {file = "zipp-3.19.2.tar.gz", hash = "sha256:bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19"}, +] diff --git a/pyproject.toml b/pyproject.toml index b515fb3..98ae310 100755 --- a/pyproject.toml +++ b/pyproject.toml @@ -32,6 +32,7 @@ dev = [ "ruff>=0.0.257", "bandit>=1.7.5", "pyyaml>=6.0.1", + "zipp>=3.19.1", ] [[tool.pdm.autoexport]] diff --git a/requirements.txt b/requirements.txt index 61ee259..47c0a4b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -39,3 +39,4 @@ tox-pdm==0.7.2 typer[all]==0.12.3 typing-extensions==4.12.2 virtualenv==20.26.3 +zipp==3.19.2