From 6ab225b05a12ffad2fb55007efb4b1d13f55c7fe Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 16 Dec 2023 14:18:19 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904
- https://snyk.io/vuln/SNYK-PYTHON-SELENIUM-6062316
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
---
 requirements.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index dc3d538e..922cbfe1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,9 +11,12 @@ praw==7.7.0
 pytime==0.2.3
 pyyaml==6.0.0
 rich==13.3.5
-selenium==4.9.0
+selenium==4.15.1
 simple-youtube-api==0.2.8
 varname==0.11.1
 pandas==2.0.1
 numpy==1.24.3
 PyNaCl==1.5.0
+aiohttp>=3.9.0 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability