From 46367c56adb6e88db569897552384114910a81ab Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 19 Jun 2024 01:46:56 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
---
 requirements.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 6f4c234be4..bc6554e02d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,9 +13,9 @@ ipaddress<2.0; python_version < '3.3'
 requests>=2.0.0,<3.0.0
 # transitive dependency of requests
 # 2.0 will drop EOL Python 2.7 & 3.5, just like Sopel 8 plans to
-urllib3<1.27; python_version != '3.3' and python_version != '3.4'
-urllib3<1.23; python_version == '3.3'
-urllib3<1.25; python_version == '3.4'
+urllib3<2.2.2; python_version != '3.3' and python_version != '3.4'
+urllib3<2.2.2; python_version == '3.3'
+urllib3<2.2.2; python_version == '3.4'
 # transitive dependency of requests, and geoip2 (via aiohttp)
 # requests 2.25.1 allows chardet 4.0.0;
 # aiohttp 3.7.3 has not updated