Skip to content

Commit

Permalink
[Snyk] Fix for 3 vulnerabilities (#88)
Browse files Browse the repository at this point in the history
* fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899

* Bump [email protected] and transitive patched deps

---------

Co-authored-by: snyk-bot <[email protected]>
  • Loading branch information
petruki and snyk-bot authored Jul 18, 2024
1 parent c342ae3 commit 8b8c801
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 6 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ RUN pip install --upgrade pip && \

COPY /src .

RUN chown -R app:app $APP_HOME
RUN chown -R app:app "$APP_HOME"
USER app
9 changes: 5 additions & 4 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
slack_bolt==1.19.0
slack_bolt==1.19.1
python_dotenv==1.0.1
gunicorn==22.0.0
flask==3.0.3
requests==2.32.3
pyjwt==2.8.0
gql==3.5.0
requests-toolbelt==1.0.0
certifi>=2024.6.2 # not directly required, pinned by Snyk to avoid a vulnerability
setuptools>=70.1.1 # not directly required, pinned by Snyk to avoid a vulnerability
certifi>=2024.6.4 # not directly required, pinned by Snyk to avoid a vulnerability
setuptools>=71.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
werkzeug>=3.0.3 # not directly required, pinned by Snyk to avoid a vulnerability
urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
jinja2>=3.1.4 # not directly required, pinned by Snyk to avoid a vulnerability
idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
zipp>=3.19.2 # not directly required, pinned by Snyk to avoid a vulnerability
2 changes: 1 addition & 1 deletion tests/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
slack_bolt==1.19.0
slack_bolt==1.19.1
python_dotenv==1.0.1
gunicorn==22.0.0
flask==3.0.3
Expand Down

0 comments on commit 8b8c801

Please sign in to comment.