From eceb479174cb1dd941706fbc35032f2991af1418 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 9 Feb 2024 08:17:09 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-5798483
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6057353
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091623
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407
- https://snyk.io/vuln/SNYK-PYTHON-AIOPIKA-5880689
- https://snyk.io/vuln/SNYK-PYTHON-FASTAPI-6228055
- https://snyk.io/vuln/SNYK-PYTHON-GEVENT-5906371
- https://snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-5926697
- https://snyk.io/vuln/SNYK-PYTHON-NLTK-5926698
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-PROMPTTOOLKIT-6141120
- https://snyk.io/vuln/SNYK-PYTHON-RASA-5665551
- https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195
- https://snyk.io/vuln/SNYK-PYTHON-SANIC-2404810
- https://snyk.io/vuln/SNYK-PYTHON-SANIC-5500163
- https://snyk.io/vuln/SNYK-PYTHON-SENTRYSDK-3367401
- https://snyk.io/vuln/SNYK-PYTHON-SENTRYSDK-5812122
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-5538332
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-5563628
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6134594
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6135747
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2359034
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2940619
- https://snyk.io/vuln/SNYK-PYTHON-UJSON-2942122
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
- https://snyk.io/vuln/SNYK-PYTHON-VALIDATORS-6008990
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
---
 requirements.txt | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 5072745c5..b757eeb0a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,8 +2,8 @@ torchvision==0.14.1
 sentence-transformers==2.2.2
 pyyaml
 torch==1.13.1
-rasa[full]==2.8.15
-fastapi~=0.78.0
+rasa==3.5.6
+fastapi~=0.109.1
 mongomock==4.1.2
 pytest==6.1.2
 pytest-html==3.0.0
@@ -18,11 +18,11 @@ python-multipart==0.0.5
 py3dns==3.2.1
 black==21.12b0
 uvicorn>=0.18.2
-validators==0.20.0
+validators==0.21.0
 secure
 password-strength==0.0.3.post2
 loguru
-transformers==4.23.0
+transformers==4.37.0
 smart-config==0.1.3
 moto==3.1.18
 botocore==1.23.23
@@ -41,15 +41,15 @@ cryptography
 pyparsing==2.4.7
 nlpaug
 websockets==10.1
-aiohttp==3.8.0
+aiohttp==3.9.2
 networkx==2.6
 fastapi_sso
 pytest-httpx==0.15.0
 json2html
-numpy==1.22.0
+numpy==1.22.2
 protobuf==3.20.2
 google-api-python-client
-nltk==3.6.6
+nltk==3.8.1
 blinker
 jira
 zenpy==2.0.36
@@ -70,7 +70,7 @@ boto3==1.26.100
 APScheduler
 croniter
 faiss-cpu
-urllib3==1.26.15
+urllib3==1.26.18
 pytest-metadata==2.0.4
 tiktoken
 RestrictedPython
@@ -86,3 +86,14 @@ pydantic==1.10.13
 google-businessmessages==1.0.5
 google-apitools==0.5.32
 orjson==3.9.12
+aio-pika>=9.1.5 # not directly required, pinned by Snyk to avoid a vulnerability
+gevent>=23.9.0 # not directly required, pinned by Snyk to avoid a vulnerability
+joblib>=1.1.1 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability
+prompt-toolkit>=3.0.13 # not directly required, pinned by Snyk to avoid a vulnerability
+redis>=4.3.6 # not directly required, pinned by Snyk to avoid a vulnerability
+sanic>=20.12.6 # not directly required, pinned by Snyk to avoid a vulnerability
+sentry-sdk>=1.14.0 # not directly required, pinned by Snyk to avoid a vulnerability
+starlette>=0.27.0 # not directly required, pinned by Snyk to avoid a vulnerability
+ujson>=5.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
+werkzeug>=2.3.8 # not directly required, pinned by Snyk to avoid a vulnerability