From cbabcc05450dbb4d7c7df5b2f46efba0ba38320d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 6 Jan 2024 16:48:03 +0000
Subject: [PATCH] fix:
 sdks/python/apache_beam/testing/benchmarks/cloudml/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-GRPCIO-5834443
- https://snyk.io/vuln/SNYK-PYTHON-HTTPLIB2-1065795
- https://snyk.io/vuln/SNYK-PYTHON-HTTPLIB2-569758
- https://snyk.io/vuln/SNYK-PYTHON-HTTPLIB2-570767
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-3031740
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
---
 .../testing/benchmarks/cloudml/requirements.txt            | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sdks/python/apache_beam/testing/benchmarks/cloudml/requirements.txt b/sdks/python/apache_beam/testing/benchmarks/cloudml/requirements.txt
index 8ddfddece547..aade5fb9b4b1 100644
--- a/sdks/python/apache_beam/testing/benchmarks/cloudml/requirements.txt
+++ b/sdks/python/apache_beam/testing/benchmarks/cloudml/requirements.txt
@@ -17,3 +17,10 @@
 
 tfx_bsl
 tensorflow-transform
+certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability
+grpcio>=1.53.2 # not directly required, pinned by Snyk to avoid a vulnerability
+httplib2>=0.19.0 # not directly required, pinned by Snyk to avoid a vulnerability
+numpy>=1.21.0rc1 # not directly required, pinned by Snyk to avoid a vulnerability
+protobuf>=3.18.3 # not directly required, pinned by Snyk to avoid a vulnerability
+requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability