[Snyk] Fix for 3 vulnerabilities

[DanielRivers]

Snyk has created this PR to fix 3 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements.txt

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Insecure Temporary File

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f0e6d172-366a-41c0-a786-36bf340ebb4f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch snyk-fix-97f19705d8ae8b2e3b0143ed6e133cd0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dtoxvanilla1991]

@copilot can you resolve branch conflicts with master branch and make sure the build and unittests CI passes? Do not open a new PR, it must be done in this same PR.

[Copilot]

@copilot can you resolve branch conflicts with master branch and make sure the build and unittests CI passes? Do not open a new PR, it must be done in this same PR.

Done in commit 285d313. Merged main into this branch and resolved the requirements.txt conflict by:

• Keeping the Python-version-specific requests split from main (~=2.32.5 for Python < 3.10, ~=2.33.0 for Python >= 3.10)
• Combining Snyk's lower bound with main's upper cap for cryptography → >=46.0.6,<47.0
• Retaining the pygments>=2.20.0 Snyk security pin and the pytest CVE-2025-71176 fix from main

All 438 unit tests pass locally.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• app.kinde.com
  • Triggering command: /usr/bin/python python -m pytest testv2/ -x -q --timeout=30 (dns block)
• example.com
  • Triggering command: /usr/bin/python python -m pytest testv2/ -x -q --timeout=30 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!