From ee3f5d8476e571e0fb0ff77e819a4ec97c83fabb Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 12 Apr 2025 06:16:01 +0000
Subject: [PATCH] fix: pip-sample/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548181
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548987
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-9292516
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-7411380
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217829
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-8400708
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309091
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092
---
 pip-sample/requirements.txt | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/pip-sample/requirements.txt b/pip-sample/requirements.txt
index 680d08166..89edccc54 100644
--- a/pip-sample/requirements.txt
+++ b/pip-sample/requirements.txt
@@ -17,7 +17,7 @@ ipython-genutils==0.2.0
 ipywidgets==7.4.2
 itsdangerous==1.1.0
 jedi==0.12.1
-Jinja2==2.10
+Jinja2==3.1.6
 jsonschema==2.6.0
 jupyter==1.0.0
 jupyter-client==5.2.3
@@ -28,7 +28,7 @@ matplotlib==2.2.2
 mistune==0.8.3
 nbconvert==5.4.0
 nbformat==4.4.0
-nltk==3.3
+nltk==3.8.2
 notebook==5.7.0
 numpy==1.15.3
 oauthlib==2.1.0
@@ -48,20 +48,21 @@ python-dateutil==2.7.3
 pytz==2018.5
 pyzmq==17.1.2
 qtconsole==4.4.1
-requests==2.19.1
+requests==2.32.2
 requests-oauthlib==1.0.0
 Send2Trash==1.5.0
 simplegeneric==0.8.1
 six==1.11.0
 terminado==0.8.1
 testpath==0.4.1
-tornado==5.1.1
+tornado==6.4.2
 traitlets==4.3.2
 tweepy==3.6.0
-urllib3==1.23
+urllib3==1.26.19
 virtualenv==16.0.0
 wcwidth==0.1.7
 webencodings==0.5.1
-Werkzeug==0.14.1
+Werkzeug==3.0.6
 widgetsnbextension==3.4.2
 xlrd==1.1.0
+setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability