From 16431033acf6b3a2ce3bd1b2ba2cb9ec2d1b6d29 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 17 Nov 2022 18:50:31 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-1022152
- https://snyk.io/vuln/SNYK-PYTHON-UAPARSER-1298047
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
---
 requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e5e5e01caa..41563d1228 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -47,9 +47,9 @@ xlsxwriter==1.2.2
 pystache==0.5.4
 parsedatetime==2.4
 PyJWT==1.7.1
-cryptography==2.8
+cryptography==3.2
 simplejson==3.16.0
-ua-parser==0.8.0
+ua-parser==0.15.0
 user-agents==2.0
 maxminddb-geolite2==2018.703
 pypd==1.1.0
@@ -66,4 +66,5 @@ werkzeug==0.16.1
 # It is not included by default because of the GPL license conflict.
 # ldap3==2.2.4
 Authlib==0.15.5
-advocate==1.0.0
\ No newline at end of file
+advocate==1.0.0
+urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file