From 25415e25ccc501d501f2ed35d2ede7da864f65bb Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 20 Jan 2026 10:43:17 +0000
Subject: [PATCH] fix: services/core-api/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYASN1-15032639
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-14908843
---
 services/core-api/requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/core-api/requirements.txt b/services/core-api/requirements.txt
index 384de10582..1a5a0b0237 100644
--- a/services/core-api/requirements.txt
+++ b/services/core-api/requirements.txt
@@ -31,7 +31,7 @@ tuspy==0.2.4
 utm==0.5.0
 uWSGI==2.0.22
 uwsgitop==0.11
-Werkzeug==3.1.4
+Werkzeug==3.1.5
 marshmallow_sqlalchemy==0.23.1
 marshmallow==3.26.1
 python-docx==1.1.0
@@ -58,4 +58,5 @@ Pillow==10.3.0
 setuptools==65.5.1
 requests_toolbelt==1.0.0
 untp_models==0.1.1
-urllib3==2.5.0
\ No newline at end of file
+urllib3==2.6.3
+pyasn1>=0.6.2 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file