# This file contains pip version constraints that arise due to security concerns.
# This allows us to specify security-safe versions of packages even if the
# packages are not direct dependencies for us.
#
# Security constraints for direct dependencies should go in the appropriate `.in`
# file (or constraints-direct.txt) with an appropriate note.
#
# This file must use the > or >= operators to specify lower version constraints. This
# file must not contain upper version constraints (e.g. <= or <).
aiohttp>=3.10.2 # https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
bleach>=3.3.0  # vulnerability in <3.3.0
certifi>=2024.07.04  # https://github.com/advisories/GHSA-248v-346w-9cwc
fonttools>=4.43.0  # https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
gitpython>=3.1.41  # https://github.com/advisories/GHSA-pr76-5cm5-w9cj
h11>=0.16.0 # https://github.com/advisories/GHSA-vqfr-h8mv-ghfj
idna>=3.7  # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
jinja2>=3.1.6  # https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
jupyter-server>=2.7.2  # https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
lxml>=4.6.5  # https://github.com/advisories/GHSA-55x5-fj6c-h6m8
pytest>=7.2.0  # https://github.com/advisories/GHSA-w596-4wvx-j9j6
scipy>=1.10.0  # https://github.com/advisories/GHSA-9jx5-6pgf-crrp
tornado>=6.5.1  # https://github.com/advisories/GHSA-7cx3-6m66-7c5m
tqdm>=4.66.3  # https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
urllib3>=1.26.19  # https://github.com/advisories/GHSA-34jh-p97f-mpxf
werkzeug>=3.0.6  # https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
zipp>=3.19.1 # https://github.com/advisories/GHSA-jfmj-5v4g-7637
