# This file contains pip version constraints that arise due to security concerns.
# This allows us to specify security-safe versions of packages even if the
# packages are not direct dependencies for us.
# Security constraints for direct dependencies should go in the appropriate `.in` file.
bleach>=3.3.0  # vulnerability in <3.3.0
lxml>=4.6.5  # https://github.com/advisories/GHSA-55x5-fj6c-h6m8
urllib3>=1.26.5  # https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
