# This file contains pip version constraints that arise due to security concerns.
# This allows us to specify security-safe versions of packages even if the
# packages are not direct dependencies for us.
#
# Security constraints for direct dependencies should go in the appropriate `.in`
# file (or constraints-direct.txt) with an appropriate note.
#
# This file must use the > or >= operators to specify lower version constraints. This
# file must not contain upper version constraints (e.g. <= or <).
bleach>=3.3.0  # vulnerability in <3.3.0
certifi>=2023.7.22  # https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
fonttools>=4.43.0  # https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
gitpython>=3.1.41  # https://github.com/advisories/GHSA-pr76-5cm5-w9cj
idna>=3.7  # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
jinja2>=3.1.3  # https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
jupyter-server>=2.7.2  # https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
lxml>=4.6.5  # https://github.com/advisories/GHSA-55x5-fj6c-h6m8
pytest>=7.2.0  # https://github.com/advisories/GHSA-w596-4wvx-j9j6
scipy>=1.10.0  # https://github.com/advisories/GHSA-9jx5-6pgf-crrp
tornado>=6.4.1  # https://github.com/advisories/GHSA-w235-7p84-xx57
tqdm>=4.66.3  # https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
urllib3>=1.26.19  # https://github.com/advisories/GHSA-34jh-p97f-mpxf
werkzeug>=3.0.3  # https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
