From e265743d7894e679d6da74f69a8e23186d2dbe5d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 23 Mar 2026 06:27:32 +0000 Subject: [PATCH 1/3] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15032639 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15674561 - https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401 - https://snyk.io/vuln/SNYK-PYTHON-RSA-40541 - https://snyk.io/vuln/SNYK-PYTHON-RSA-40542 - https://snyk.io/vuln/SNYK-PYTHON-RSA-570831 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index f4ff4582b..b91018207 100644 --- a/requirements.txt +++ b/requirements.txt @@ -35,7 +35,10 @@ dagster==1.8.3 # Data orchestration platform prefect==2.20.4 # Workflow orchestration and automation modal==0.63.19 # Cloud platform for running Python code without managing infra -rsa==3.3 # vulnerability -urllib3==1.26.14 # vulnerability +rsa==4.7 # vulnerability +urllib3==2.6.3 # vulnerability dummy-project==2.0.2 boto3 +numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability +pyasn1>=0.6.3 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From 621b101f1d8b751982780d77afda6a7dab23ec11 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 23 Mar 2026 06:27:35 +0000 Subject: [PATCH 2/3] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15032639 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15674561 - https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401 - https://snyk.io/vuln/SNYK-PYTHON-RSA-40541 - https://snyk.io/vuln/SNYK-PYTHON-RSA-40542 - https://snyk.io/vuln/SNYK-PYTHON-RSA-570831 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 From 1e861385674bde69845191ff84dc06f3ac4391eb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 23 Mar 2026 06:29:01 +0000 Subject: [PATCH 3/3] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15032639 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15674561 - https://snyk.io/vuln/SNYK-PYTHON-RSA-1038401 - https://snyk.io/vuln/SNYK-PYTHON-RSA-40541 - https://snyk.io/vuln/SNYK-PYTHON-RSA-40542 - https://snyk.io/vuln/SNYK-PYTHON-RSA-570831 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899