From 0981dc36380ee6f2f2f785ba66d7a6fd5f24a9e5 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Mon, 6 Sep 2021 21:54:40 +0200
Subject: [PATCH] [Snyk] Security upgrade urllib3 from 1.25.11 to 1.26.5
 (#3614)

* fix: cvat/requirements/base.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435

* Update requests package

Co-authored-by: Nikita Manovich <nikita.manovich@intel.com>
---
 cvat/requirements/base.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 6991003a..60569a23 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -14,7 +14,7 @@ pyunpack==0.2.1
 rcssmin==1.0.6
 redis==3.5.3
 rjsmin==1.1.0
-requests==2.24.0
+requests==2.26.0
 rq==1.5.1
 rq-scheduler==0.10.0
 sqlparse==0.3.1
@@ -54,3 +54,4 @@ google-cloud-storage==1.42.0
 # of pycocotools and tensorflow 2.4.1
 # when pycocotools is installed by wheel in python 3.8+
 datumaro==0.1.10.1 --no-binary=datumaro --no-binary=pycocotools
+urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability