kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
8ba97906251f3a33418c0d1646498f4cfc8041c4
Aegis/backend/requirements.txt
T
kitos f54dc0d342
Aegis CI / lint-and-test (push) Has been cancelled
Details
Snyk Security Scan / Python vulnerabilities (backend) (push) Has been cancelled
Details
Snyk Security Scan / npm vulnerabilities (frontend) (push) Has been cancelled
Details
Snyk Security Scan / Docker image vulnerabilities (backend) (push) Has been cancelled
Details
fix(deps): pin minimum safe versions in requirements.txt to fix Snyk dashboard alerts 
Snyk platform was resolving unpinned deps to old vulnerable versions.
All minimum versions match current production installs (from requirements-lock.txt).
Key security fixes reflected:
- PyJWT>=2.13.0 (fixes CWE-287 Improper Authentication, CWE-326, CWE-347)
- python-multipart>=0.0.32 (fixes CWE-22 Directory Traversal, CWE-770)
- fastapi>=0.136.3 (fixes CWE-1333 ReDoS)
- requests>=2.34.2 (fixes CWE-201, CWE-377, CWE-670)
- lxml>=6.1.1 (fixes CWE-611 XXE Injection)
2026-06-12 13:02:14 +02:00

32 lines
540 B
Plaintext
Raw Blame History

fastapi>=0.136.3
uvicorn[standard]>=0.49.0
sqlalchemy>=2.0.50
psycopg2-binary>=2.9.12
alembic>=1.18.4
PyJWT>=2.13.0
passlib[bcrypt]>=1.7.4
bcrypt==4.0.1
boto3>=1.43.0
apscheduler>=3.11.0
requests>=2.34.2
pyyaml>=6.0.3
toml>=0.10.2
taxii2-client>=2.3.0
python-multipart>=0.0.32
pydantic-settings>=2.14.0
slowapi>=0.1.9
defusedxml>=0.7.1
redis>=8.0.0
atlassian-python-api>=4.0.7
tempo-api-python-client>=0.12.0
weasyprint>=69.0
docxtpl>=0.20.2
python3-saml>=1.16.0
lxml>=6.1.1
# Testing
pytest
pytest-asyncio
httpx>=0.28.0
fakeredis>=2.23.0
Reference in New Issue View Git Blame Copy Permalink