From 95009e5a938ccc8f085a2b57ba7df55cdfbe7a4a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 14 Nov 2022 19:32:24 +0000
Subject: [PATCH] fix: scrapers/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473
- https://snyk.io/vuln/SNYK-PYTHON-LXML-1047474
- https://snyk.io/vuln/SNYK-PYTHON-LXML-1088006
- https://snyk.io/vuln/SNYK-PYTHON-LXML-2316995
- https://snyk.io/vuln/SNYK-PYTHON-LXML-2940874
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904
---
 scrapers/requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scrapers/requirements.txt b/scrapers/requirements.txt
index 6d42a8c..7bedbd1 100644
--- a/scrapers/requirements.txt
+++ b/scrapers/requirements.txt
@@ -11,7 +11,7 @@ idna==2.7
 incremental==17.5.0
 isort==4.3.4
 lazy-object-proxy==1.3.1
-lxml==4.2.5
+lxml==4.9.1
 mccabe==0.6.1
 parsel==1.5.0
 pyasn1==0.4.4
@@ -31,3 +31,4 @@ typed-ast==1.1.0
 w3lib==1.19.0
 wrapt==1.10.11
 zope.interface==4.5.0
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability