From 99f1330244e43adc2b2b5bb6647356f559f31c4b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 20 Jun 2025 20:42:08 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-10364902
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390193
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index c57977bdf7..63da795fe2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -127,7 +127,7 @@ tqdm==4.65.0
 tweepy==4.14.0
 typing-inspect==0.8.0
 ujson==5.7.0
-urllib3==1.26.16
+urllib3==2.5.0
 uvicorn==0.22.0
 vine==5.0.0
 w3lib==2.1.1
@@ -154,3 +154,4 @@ html2text==2020.1.16
 duckduckgo-search==3.8.3 
 google-generativeai==0.1.0
 unstructured==0.8.1
+protobuf>=4.25.8 # not directly required, pinned by Snyk to avoid a vulnerability