fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899

Author: snyk-bot

CHANGELOG.md

@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [0.1.2] - 2024-08-01
+
+### Security
+- Update python dependencies
+
 ## [0.1.1] - 2024-03-14
 
 ### Added

requirements.txt

@@ -9,10 +9,12 @@ PyInstaller>=4.0
 PyYAML>=5.3.1
 aiohttp>=3.9.3
 asynctest>=0.13.0
-setuptools>=57.0.0
+setuptools>=70.0.0
 twine>=3.2.0
 build>=0.7.0
 # https://nvd.nist.gov/vuln/detail/CVE-2020-26137
-urllib3>=1.25.9
+urllib3>=2.2.2
 
-aiounittest~=1.4.1
+aiounittest~=1.4.1
+requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

tests/https/test_unit_http_ssl.py

@@ -44,7 +44,8 @@
     # "https://extended-validation.badssl.com",
     "https://rsa2048.badssl.com",
     "https://rsa4096.badssl.com",
-    "https://rsa8192.badssl.com",
+    # This is temporarily broken, see https://github.com/chromium/badssl.com/issues/501
+    # "https://rsa8192.badssl.com",
     "https://sha256.badssl.com",
     # These are temporarily broken, see https://github.com/chromium/badssl.com/issues/501
     # "https://sha384.badssl.com",