From a21cc4aca8d9e21b41147a37d1b624ee0b959c78 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 19 Mar 2025 01:04:28 +0000
Subject: [PATCH] fix: model-b-predict/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309091
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 model-b-predict/requirements.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/model-b-predict/requirements.txt b/model-b-predict/requirements.txt
index 341f2ff..fa75f8e 100644
--- a/model-b-predict/requirements.txt
+++ b/model-b-predict/requirements.txt
@@ -1,4 +1,4 @@
-flask==1.1.1
+flask==2.2.5
 numpy==1.18.1
 pandas==1.0.3
 pytz==2019.3
@@ -7,3 +7,5 @@ scipy==1.4.1
 sklearn==0.0
 xgboost==0.90
 xlrd==1.2.0
+werkzeug>=3.0.6 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability