From 6afe8205eb5e442d3ec4e33055d05b4fdc9dc113 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 6 May 2024 00:32:05 +0000
Subject: [PATCH] fix: backend_app/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767
---
 backend_app/requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend_app/requirements.txt b/backend_app/requirements.txt
index 1d128035..4fe67907 100644
--- a/backend_app/requirements.txt
+++ b/backend_app/requirements.txt
@@ -1,4 +1,4 @@
-aiohttp==3.8.1
+aiohttp==3.9.4
 amqp==2.5.2
 asgiref==3.3.4
 async-timeout==4.0.1
@@ -74,3 +74,4 @@ botocore==1.19.25
 django-cachalot==2.5.1
 python-memcached==1.59
 django-auth-adfs==1.9.5
+cryptography>=42.0.6 # not directly required, pinned by Snyk to avoid a vulnerability