From ec89b04e16ea0086e0580599bf1abd9b5f37f83c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 21 Jun 2025 09:35:59 +0000 Subject: [PATCH] fix: online-boutique-demo/src/recommendationservice/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-10364902 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390193 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 --- .../src/recommendationservice/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/online-boutique-demo/src/recommendationservice/requirements.txt b/online-boutique-demo/src/recommendationservice/requirements.txt index bc6c363..b919e3c 100644 --- a/online-boutique-demo/src/recommendationservice/requirements.txt +++ b/online-boutique-demo/src/recommendationservice/requirements.txt @@ -25,7 +25,7 @@ opencensus-context==0.1.2 # via opencensus opencensus-ext-grpc==0.7.1 # via -r requirements.in opencensus-ext-stackdriver==0.7.3 # via -r requirements.in opencensus==0.7.11 # via -r requirements.in, opencensus-ext-grpc, opencensus-ext-stackdriver -protobuf==3.13.0 # via google-api-core, googleapis-common-protos, grpcio-health-checking +protobuf==4.25.8 # via google-api-core, googleapis-common-protos, grpcio-health-checking pyasn1-modules==0.2.8 # via google-auth pyasn1==0.4.8 # via pyasn1-modules, rsa python-json-logger==0.1.11 # via -r requirements.in @@ -35,7 +35,7 @@ requests==2.24.0 # via -r requirements.in, google-api-core rsa==4.6 # via google-auth six==1.15.0 # via google-api-core, google-api-python-client, google-auth, google-auth-httplib2, google-cloud-core, google-python-cloud-debugger, grpcio, protobuf uritemplate==3.0.1 # via google-api-python-client -urllib3==1.25.10 # via requests +urllib3==2.5.0 # via requests # The following packages are considered to be unsafe in a requirements file: # setuptools