From 5003b178882aef071a494c320d9c561c840a57cc Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 18 Jan 2024 17:05:32 +0000
Subject: [PATCH] fix: requirements/development.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
---
 requirements/development.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/requirements/development.txt b/requirements/development.txt
index ee6d2ab5bc31b..a4911c9297e9b 100644
--- a/requirements/development.txt
+++ b/requirements/development.txt
@@ -83,3 +83,6 @@ xlrd==2.0.1
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
+flask>=2.2.5 # not directly required, pinned by Snyk to avoid a vulnerability
+jinja2>=3.1.3 # not directly required, pinned by Snyk to avoid a vulnerability
+werkzeug>=2.2.3 # not directly required, pinned by Snyk to avoid a vulnerability