# This file contains pip version constraints that arise due to security concerns.
# This allows us to specify security-safe versions of packages even if the
# packages are not direct dependencies for us.
#
# Security constraints for direct dependencies should go in the appropriate `.in`
# file (or constraints-direct.txt) with an appropriate note.
#
# This file must use the > or >= operators to specify lower version constraints. This
# file must not contain upper version constraints (e.g. <= or <).
bleach>=3.3.0  # vulnerability in <3.3.0
lxml>=4.6.5  # https://github.com/advisories/GHSA-55x5-fj6c-h6m8
pytest>=7.2.0  # https://github.com/advisories/GHSA-w596-4wvx-j9j6
urllib3>=1.26.5  # https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
