[Snyk] Fix for 41 vulnerabilities

[m-ajay]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • requirements/base.txt

⚠️ Warning

rich 13.7.0 has requirement typing-extensions<5.0,>=4.0.0; python_version < "3.9", but you have typing-extensions 3.10.0.0.
Flask 2.2.5 requires Werkzeug, which is not installed.
Flask 2.2.5 has requirement click>=8.0, but you have click 7.1.2.
Flask 2.2.5 has requirement itsdangerous>=2.0, but you have itsdangerous 1.1.0.
Flask 2.2.5 has requirement Jinja2>=3.0, but you have Jinja2 2.11.3.
Flask-Limiter 3.5.0 has requirement typing-extensions>=4, but you have typing-extensions 3.10.0.0.
Flask-JWT-Extended 3.25.1 requires Werkzeug, which is not installed.
Flask-JWT-Extended 3.25.1 has requirement Flask<2.0,>=1.0, but you have Flask 2.2.5.
Flask-JWT-Extended 3.25.1 has requirement PyJWT<2.0,>=1.6.4, but you have PyJWT 2.4.0.
Flask-AppBuilder 4.3.2 has requirement click<9,>=8, but you have click 7.1.2.
Flask-AppBuilder 4.3.2 has requirement Flask-JWT-Extended<5.0.0,>=4.0.0, but you have Flask-JWT-Extended 3.25.1.
aiohttp 3.8.6 has requirement async-timeout<5.0,>=4.0.0a3, but you have async-timeout 3.0.1.

Vulnerabilities that will be fixed

By pinning:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	HTTP Header Injection SNYK-PYTHON-AIOHTTP-1584144	aiohttp: 3.7.4.post0 -> 3.9.0	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	HTTP Request Smuggling SNYK-PYTHON-AIOHTTP-5798483	aiohttp: 3.7.4.post0 -> 3.9.0	No	Proof of Concept
	414/1000 Why? Has a fix available, CVSS 4	Inconsistent Interpretation of HTTP Messages SNYK-PYTHON-AIOHTTP-6057352	aiohttp: 3.7.4.post0 -> 3.9.0	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	HTTP Request Smuggling SNYK-PYTHON-AIOHTTP-6057353	aiohttp: 3.7.4.post0 -> 3.9.0	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Improper Input Validation SNYK-PYTHON-AIOHTTP-6091621	aiohttp: 3.7.4.post0 -> 3.9.0	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Improper Input Validation SNYK-PYTHON-AIOHTTP-6091622	aiohttp: 3.7.4.post0 -> 3.9.0	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-PYTHON-AIOHTTP-6091623	aiohttp: 3.7.4.post0 -> 3.9.0	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3172287	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Expected Behavior Violation SNYK-PYTHON-CRYPTOGRAPHY-3314966	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Use After Free SNYK-PYTHON-CRYPTOGRAPHY-3315324	cryptography: 3.4.7 -> 41.0.6	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-PYTHON-CRYPTOGRAPHY-3315328	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Timing Attack SNYK-PYTHON-CRYPTOGRAPHY-3315331	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3315452	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3315972	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3315975	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3316038	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-3316211	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-5663682	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	691/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.4	Improper Certificate Validation SNYK-PYTHON-CRYPTOGRAPHY-5777683	cryptography: 3.4.7 -> 41.0.6	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Insufficient Verification of Data Authenticity SNYK-PYTHON-CRYPTOGRAPHY-5813745	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-5813746	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-5813750	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-PYTHON-CRYPTOGRAPHY-5914629	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Missing Cryptographic Step SNYK-PYTHON-CRYPTOGRAPHY-6036192	cryptography: 3.4.7 -> 41.0.6	No	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	NULL Pointer Dereference SNYK-PYTHON-CRYPTOGRAPHY-6092044	cryptography: 3.4.7 -> 41.0.6	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-PYTHON-FLASK-5490129	flask: 1.1.4 -> 2.2.5	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Timing Attack SNYK-PYTHON-FLASKAPPBUILDER-2388976	flask-appbuilder: 3.4.1 -> 4.3.2	No	No Known Exploit
	519/1000 Why? Has a fix available, CVSS 6.1	Open Redirect SNYK-PYTHON-FLASKAPPBUILDER-2433100	flask-appbuilder: 3.4.1 -> 4.3.2	No	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Information Exposure SNYK-PYTHON-FLASKAPPBUILDER-2964179	flask-appbuilder: 3.4.1 -> 4.3.2	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Brute Force SNYK-PYTHON-FLASKAPPBUILDER-5417249	flask-appbuilder: 3.4.1 -> 4.3.2	No	No Known Exploit
	349/1000 Why? Has a fix available, CVSS 2.7	Information Exposure SNYK-PYTHON-FLASKAPPBUILDER-5734228	flask-appbuilder: 3.4.1 -> 4.3.2	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-MAKO-3017600	mako: 1.1.4 -> 1.2.2	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	NULL Pointer Dereference SNYK-PYTHON-NUMPY-2321964	numpy: 1.21.1 -> 1.22.2	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Buffer Overflow SNYK-PYTHON-NUMPY-2321966	numpy: 1.21.1 -> 1.22.2	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-PYTHON-NUMPY-2321970	numpy: 1.21.1 -> 1.22.2	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-PYTHON-PYARROW-6052811	pyarrow: 5.0.0 -> 14.0.1	No	No Known Exploit
	691/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.4	Use of a Broken or Risky Cryptographic Algorithm SNYK-PYTHON-PYJWT-2840625	pyjwt: 1.7.1 -> 2.4.0	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SETUPTOOLS-3180412	setuptools: 39.0.1 -> 65.5.1	No	No Known Exploit
	344/1000 Why? Has a fix available, CVSS 2.6	Access Restriction Bypass SNYK-PYTHON-WERKZEUG-3319935	werkzeug: 1.0.1 -> 2.3.8	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-PYTHON-WERKZEUG-3319936	werkzeug: 1.0.1 -> 2.3.8	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Inefficient Algorithmic Complexity SNYK-PYTHON-WERKZEUG-6035177	werkzeug: 1.0.1 -> 2.3.8	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Use After Free
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 More lessons are available in Snyk Learn