# This file contains pip version constraints that arise due to security concerns.
# This allows us to specify security-safe versions of packages even if the
# packages are not direct dependencies for us.
aiohttp>=3.7.4  # https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
bleach>=3.3.0  # vulnerability in <3.3.0
cryptography>=3.3.2  # https://github.com/advisories/GHSA-rhm9-p9w5-fwm7
lxml>=4.6.5  # https://github.com/advisories/GHSA-55x5-fj6c-h6m8
nltk>=3.6.4  # https://github.com/advisories/GHSA-2ww3-fxvq-293j
notebook>=6.4.1  # https://github.com/advisories/GHSA-hwvq-6gjx-j797
Pillow>=8.3.2  # https://github.com/advisories/GHSA-98vv-pw6r-q6q4
PyYAML>=5.4  # https://github.com/advisories/GHSA-8q59-q68h-6hv4
urllib3>=1.26.5  # vulnerability in < 1.26.5; https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
