From e3f2479b99e0f78e424e44b14387ed78094470f8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 7 Oct 2022 20:54:53 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-42159
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-559098
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-72435
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-40792
---
 requirements.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 0fb73bea40..770917125c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,12 +28,12 @@ python-consul==0.4.7
 # utils/service_discovery/config_stores.py
 python-etcd==0.4.5
 # the libyaml bindings are optional
-pyyaml==3.11
+pyyaml==5.4
 # note: requests is also used in many checks
 # upgrade with caution
-requests==2.11.1
+requests==2.20
 # note: simplejson is used in many checks to inteface APIs
 simplejson==3.6.5
 supervisor==3.3.0
-tornado==3.2.2
+tornado==5.1
 uptime==3.0.1