From 666bc6a58045ad3b6baa0dd3ddcaa4c2f45f9c89 Mon Sep 17 00:00:00 2001
From: "Jonathan Gonzalez V." <jonathan.abdiel@gmail.com>
Date: Wed, 5 Nov 2025 19:06:41 +0100
Subject: [PATCH] [Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 (#640)

Signed-off-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
---
 containers/sidecar-requirements.in  | 1 +
 containers/sidecar-requirements.txt | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/containers/sidecar-requirements.in b/containers/sidecar-requirements.in
index 98fa4c0..fd72735 100644
--- a/containers/sidecar-requirements.in
+++ b/containers/sidecar-requirements.in
@@ -1,2 +1,3 @@
 barman[azure,cloud,google,snappy,zstandard,lz4]==3.16.2
 setuptools==80.9.0
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/containers/sidecar-requirements.txt b/containers/sidecar-requirements.txt
index c2f6abc..5a483d6 100644
--- a/containers/sidecar-requirements.txt
+++ b/containers/sidecar-requirements.txt
@@ -679,6 +679,10 @@ urllib3==2.5.0 \
     # via
     #   botocore
     #   requests
+zipp==3.23.0 \
+    --hash=sha256:071652d6115ed432f5ce1d34c336c0adfd6a884660d1e9712a256d3d3bd4b14e \
+    --hash=sha256:a07157588a12518c9d4034df3fbbee09c814741a33ff63c05fa29d26a2404166
+    # via -r sidecar-requirements.in
 zstandard==0.25.0 \
     --hash=sha256:011d388c76b11a0c165374ce660ce2c8efa8e5d87f34996aa80f9c0816698b64 \
     --hash=sha256:01582723b3ccd6939ab7b3a78622c573799d5d8737b534b86d0e06ac18dbde4a \