# This file contains pip version constraints that arise due to security concerns.
# This allows us to specify security-safe versions of packages even if the
# packages are not direct dependencies for us.
#
# Security constraints for direct dependencies should go in the appropriate `.in`
# file (or constraints-direct.txt) with an appropriate note.
#
# This file must use the > or >= operators to specify lower version constraints. This
# file must not contain upper version constraints (e.g. <= or <).
bleach>=3.3.0  # vulnerability in <3.3.0
lxml>=4.6.5  # https://github.com/advisories/GHSA-55x5-fj6c-h6m8
pytest>=7.2.0  # https://github.com/advisories/GHSA-w596-4wvx-j9j6
urllib3>=1.26.5  # https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
jupyter-server>=2.7.2 # https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
fonttools>=4.43.0 # https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
certifi>=2023.7.22 # https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
werkzeug>=3.0.3 # https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
urllib3>=1.26.17 # https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
tornado>=6.4.1 # https://github.com/advisories/GHSA-w235-7p84-xx57
jinja2>=3.1.3 # https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
gitpython>=3.1.41 # https://github.com/advisories/GHSA-pr76-5cm5-w9cj
scipy>=1.10.0 # https://github.com/advisories/GHSA-9jx5-6pgf-crrp
requests>=2.32.0 # https://github.com/advisories/GHSA-9wx4-h78v-vm56
sqlparse>=0.5.0 # https://github.com/advisories/ghsa-2m57-hf25-phgg
idna>=3.7 # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
pydantic>=1.10.13 # https://github.com/advisories/GHSA-mr82-8j83-vxmv
tqdm>=4.66.3 # https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
