From cba3403bff859f60d35e4af497929f475bf297c2 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 10 Jan 2026 10:51:57 +0000
Subject: [PATCH] fix:
 online-boutique-demo/src/recommendationservice/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14896210
---
 online-boutique-demo/src/recommendationservice/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/online-boutique-demo/src/recommendationservice/requirements.txt b/online-boutique-demo/src/recommendationservice/requirements.txt
index bc6c363..562d6ef 100644
--- a/online-boutique-demo/src/recommendationservice/requirements.txt
+++ b/online-boutique-demo/src/recommendationservice/requirements.txt
@@ -35,7 +35,7 @@ requests==2.24.0          # via -r requirements.in, google-api-core
 rsa==4.6                  # via google-auth
 six==1.15.0               # via google-api-core, google-api-python-client, google-auth, google-auth-httplib2, google-cloud-core, google-python-cloud-debugger, grpcio, protobuf
 uritemplate==3.0.1        # via google-api-python-client
-urllib3==1.25.10          # via requests
+urllib3==2.6.3          # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools