From a0de6c8318e9889ff81dd97d0e172674b4e45fc2 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 30 Oct 2023 01:50:03 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
- https://snyk.io/vuln/SNYK-PYTHON-STREAMLIT-5880413
- https://snyk.io/vuln/SNYK-PYTHON-VALIDATORS-6008990
---
 requirements.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index cd8fe62..48b9e0a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,8 +4,10 @@ piecash==1.2.0
 plotly==5.3.1
 pytest==6.2.5
 scikit_learn==1.0.1
-streamlit==1.13.0
+streamlit==1.27.0
 toml==0.10.2
 pre-commit==2.17.0
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
 tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+validators>=0.21.0 # not directly required, pinned by Snyk to avoid a vulnerability