From d7773f52f0cfbe83b4b21324f8295e5e46db4a9d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 5 Feb 2026 18:57:05 +0000
Subject: [PATCH] fix: services/core-api/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 services/core-api/requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/core-api/requirements.txt b/services/core-api/requirements.txt
index 295ae6f0ae..fe2c95a275 100644
--- a/services/core-api/requirements.txt
+++ b/services/core-api/requirements.txt
@@ -58,5 +58,6 @@ Pillow==10.3.0
 setuptools==65.5.1
 requests_toolbelt==1.0.0
 untp_models==0.1.1
-urllib3==2.5.0
-elasticsearch==8.12.0
\ No newline at end of file
+urllib3==2.6.3
+elasticsearch==8.12.0
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file