From 9561a467aabe5a198954f17e9afb8432bc5feee0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 11 Jan 2024 17:02:09 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
---
 requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ec2bfad..d070da4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,7 @@ flask==1.1.1
 Werkzeug==0.16.0
 psycopg2==2.8.4
 orcid==1.0.3
-Jinja2==3.0.3
+Jinja2==3.1.3
 itsdangerous==2.0.1
-pandas
\ No newline at end of file
+pandas
+numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file