From 9849293a268f8bffaf1578ee482097343615cabd Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 3 Feb 2026 01:22:20 +0000
Subject: [PATCH] fix: cvat/requirements/base.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NBCONVERT-14463457
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738
---
 cvat/requirements/base.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 0b8781152cc2..b56469a88b8e 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -52,3 +52,5 @@ datumaro==0.2.0 --no-binary=datumaro
 urllib3>=1.26.5 # not directly required, pinned by Snyk to avoid a vulnerability
 natsort==8.0.0
 mistune>=2.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+nbconvert>=7.17.0 # not directly required, pinned by Snyk to avoid a vulnerability
+protobuf>=6.33.5 # not directly required, pinned by Snyk to avoid a vulnerability