From 8e9d18821a8e58c8fad656d541ff812b8bb69d16 Mon Sep 17 00:00:00 2001
From: Colin Smith <colin.smith@wisc.edu>
Date: Tue, 4 Nov 2025 10:41:33 -0800
Subject: [PATCH] build: update brotli to address CVE

Update brotli dependency to address a CVE raised by GitHub Dependabot
---
 environment-min.yml        |  20 ++---
 environment.yml            | 149 +++++++++++++++++++------------------
 requirements.txt           |  90 +++++++++++-----------
 src/spinneret/annotator.py |   1 +
 tests/test_annotator.py    |   1 +
 5 files changed, 133 insertions(+), 128 deletions(-)

diff --git a/environment-min.yml b/environment-min.yml
index ac470d3..fe7e181 100644
--- a/environment-min.yml
+++ b/environment-min.yml
@@ -3,20 +3,20 @@ channels:
   - conda-forge
   - defaults
 dependencies:
-  - black
-  - daiquiri
   - geopandas
-  - lxml
-  - matplotlib
-  - myst-parser
-  - pandas
+  - pytest-mock
+  - daiquiri
+  - sphinx-autoapi
   - pylint
-  - pytest
+  - matplotlib
+  - lxml
   - pytest-cov
-  - pytest-mock
+  - pandas
+  - myst-parser
   - python-semantic-release
+  - sphinx
+  - pytest
   - python=3.11.11
+  - black
   - rdflib
-  - sphinx
-  - sphinx-autoapi
 prefix: /opt/miniconda3/envs/spinneret
diff --git a/environment.yml b/environment.yml
index 4764fd2..5a18f85 100644
--- a/environment.yml
+++ b/environment.yml
@@ -5,27 +5,27 @@ channels:
 dependencies:
   - alabaster=1.0.0
   - annotated-types=0.7.0
-  - anyio=4.10.0
-  - astroid=3.3.11
+  - anyio=4.11.0
+  - astroid=4.0.1
   - babel=2.17.0
   - backoff=2.2.1
   - black=25.1.0
   - blosc=1.21.6
-  - branca=0.8.1
-  - brotli=1.1.0
-  - brotli-bin=1.1.0
-  - brotli-python=1.1.0
+  - branca=0.8.2
+  - brotli=1.2.0
+  - brotli-bin=1.2.0
+  - brotli-python=1.2.0
   - bzip2=1.0.8
   - c-ares=1.34.5
-  - ca-certificates=2025.8.3
-  - certifi=2025.8.3
-  - cffi=1.17.1
-  - charset-normalizer=3.4.3
-  - click=8.2.1
+  - ca-certificates=2025.10.5
+  - certifi=2025.10.5
+  - cffi=2.0.0
+  - charset-normalizer=3.4.4
+  - click=8.1.8
   - click-option-group=0.5.6
   - colorama=0.4.6
   - contourpy=1.3.3
-  - coverage=7.10.6
+  - coverage=7.11.0
   - cycler=0.12.1
   - daiquiri=3.0.0
   - deprecated=1.2.18
@@ -34,28 +34,29 @@ dependencies:
   - dotty-dict=1.3.1
   - exceptiongroup=1.3.0
   - folium=0.20.0
-  - fonttools=4.59.2
-  - freetype=2.13.3
+  - fonttools=4.60.1
+  - freetype=2.14.1
   - freexl=2.0.0
   - geopandas=1.1.1
   - geopandas-base=1.1.1
-  - geos=3.13.1
+  - geos=3.14.1
   - giflib=5.2.2
   - gitdb=4.0.12
   - gitpython=3.1.45
   - gql=4.0.0
-  - graphql-core=3.2.6
+  - graphql-core=3.2.7
   - h2=4.3.0
   - hpack=4.1.0
   - hyperframe=6.1.0
   - icu=75.1
-  - idna=3.10
+  - idna=3.11
   - imagesize=1.4.1
+  - importlib-metadata=8.7.0
   - importlib-resources=6.5.2
   - importlib_resources=6.5.2
-  - iniconfig=2.0.0
+  - iniconfig=2.3.0
   - isodate=0.7.2
-  - isort=6.0.1
+  - isort=7.0.0
   - jinja2=3.1.6
   - joblib=1.5.2
   - json-c=0.18
@@ -63,27 +64,27 @@ dependencies:
   - krb5=1.21.3
   - lcms2=2.17
   - lerc=4.0.0
-  - libarchive=3.8.1
+  - libarchive=3.8.2
   - libblas=3.9.0
-  - libbrotlicommon=1.1.0
-  - libbrotlidec=1.1.0
-  - libbrotlienc=1.1.0
+  - libbrotlicommon=1.2.0
+  - libbrotlidec=1.2.0
+  - libbrotlienc=1.2.0
   - libcblas=3.9.0
-  - libcurl=8.14.1
-  - libcxx=21.1.0
-  - libdeflate=1.24
+  - libcurl=8.16.0
+  - libcxx=21.1.5
+  - libdeflate=1.25
   - libedit=3.1.20250104
   - libev=4.33
   - libexpat=2.7.1
-  - libffi=3.4.6
-  - libfreetype=2.13.3
-  - libfreetype6=2.13.3
-  - libgdal-core=3.11.3
-  - libgfortran=15.1.0
-  - libgfortran5=15.1.0
+  - libffi=3.5.2
+  - libfreetype=2.14.1
+  - libfreetype6=2.14.1
+  - libgdal-core=3.11.4
+  - libgfortran=15.2.0
+  - libgfortran5=15.2.0
   - libhwy=1.3.0
   - libiconv=1.18
-  - libjpeg-turbo=3.1.0
+  - libjpeg-turbo=3.1.2
   - libjxl=0.11.1
   - libkml=1.3.0
   - liblapack=3.9.0
@@ -95,21 +96,23 @@ dependencies:
   - libspatialite=5.1.0
   - libsqlite=3.50.4
   - libssh2=1.11.1
-  - libtiff=4.7.0
+  - libtiff=4.7.1
   - libwebp-base=1.6.0
   - libxcb=1.17.0
-  - libxml2=2.13.8
+  - libxml2=2.15.1
+  - libxml2-16=2.15.1
+  - libxml2-devel=2.15.1
   - libxslt=1.1.43
   - libzlib=1.3.1
-  - llvm-openmp=21.1.0
-  - lxml=6.0.1
+  - llvm-openmp=21.1.4
+  - lxml=6.0.2
   - lz4-c=1.10.0
   - lzo=2.10
   - mapclassify=2.10.0
   - markdown-it-py=3.0.0
-  - markupsafe=3.0.2
-  - matplotlib=3.10.6
-  - matplotlib-base=3.10.6
+  - markupsafe=3.0.3
+  - matplotlib=3.10.7
+  - matplotlib-base=3.10.7
   - mccabe=0.7.0
   - mdit-py-plugins=0.5.0
   - mdurl=0.1.2
@@ -121,60 +124,60 @@ dependencies:
   - myst-parser=4.0.1
   - ncurses=6.5
   - networkx=3.5
-  - numpy=2.3.2
-  - openjpeg=2.5.3
-  - openssl=3.5.2
+  - numpy=2.3.4
+  - openjpeg=2.5.4
+  - openssl=3.5.4
   - packaging=25.0
-  - pandas=2.3.2
+  - pandas=2.3.3
   - pathspec=0.12.1
-  - pcre2=10.45
-  - pillow=11.3.0
+  - pcre2=10.46
+  - pillow=12.0.0
   - pip=25.2
-  - platformdirs=4.4.0
+  - platformdirs=4.5.0
   - pluggy=1.6.0
-  - proj=9.6.2
+  - proj=9.7.0
   - propcache=0.3.1
   - pthread-stubs=0.4
   - pycparser=2.22
-  - pydantic=2.11.7
-  - pydantic-core=2.33.2
+  - pydantic=2.12.3
+  - pydantic-core=2.41.4
   - pygments=2.19.2
-  - pylint=3.3.8
+  - pylint=4.0.2
   - pyogrio=0.11.1
-  - pyparsing=3.2.3
+  - pyparsing=3.2.5
   - pyproj=3.7.2
   - pysocks=1.7.1
-  - pytest=8.4.1
-  - pytest-cov=6.2.1
-  - pytest-mock=3.14.1
+  - pytest=8.4.2
+  - pytest-cov=7.0.0
+  - pytest-mock=3.15.1
   - python=3.11.11
   - python-dateutil=2.9.0.post0
   - python-gitlab=5.6.0
   - python-json-logger=2.0.7
-  - python-semantic-release=10.3.1
+  - python-semantic-release=10.4.1
   - python-tzdata=2025.2
   - python_abi=3.11
   - pytz=2025.2
-  - pyyaml=6.0.2
+  - pyyaml=6.0.3
   - qhull=2020.2
-  - rdflib=7.1.4
+  - rdflib=7.4.0
   - readline=8.2
   - requests=2.32.5
   - requests-toolbelt=1.0.0
-  - rich=14.1.0
+  - rich=14.2.0
   - roman-numerals-py=3.1.0
-  - scikit-learn=1.7.1
-  - scipy=1.16.1
+  - scikit-learn=1.7.2
+  - scipy=1.16.3
   - setuptools=80.9.0
-  - shapely=2.1.1
+  - shapely=2.1.2
   - shellingham=1.5.4
   - six=1.17.0
   - smmap=5.0.2
   - snappy=1.2.2
   - sniffio=1.3.1
   - snowballstemmer=3.0.1
-  - sphinx=8.3.0
-  - sphinx-autoapi=3.6.0
+  - sphinx=8.2.3
+  - sphinx-autoapi=3.6.1
   - sphinxcontrib-applehelp=2.0.0
   - sphinxcontrib-devhelp=2.0.0
   - sphinxcontrib-htmlhelp=2.1.0
@@ -182,30 +185,30 @@ dependencies:
   - sphinxcontrib-qthelp=2.0.0
   - sphinxcontrib-serializinghtml=1.1.10
   - sqlite=3.50.4
-  - stdlib-list=0.11.1
+  - stdlib-list=0.12.0
   - threadpoolctl=3.6.0
   - tk=8.6.13
-  - toml=0.10.2
-  - tomli=2.2.1
+  - tomli=2.3.0
   - tomlkit=0.13.3
   - tornado=6.5.2
   - typing-extensions=4.15.0
-  - typing-inspection=0.4.1
+  - typing-inspection=0.4.2
   - typing_extensions=4.15.0
   - tzdata=2025b
-  - unicodedata2=16.0.0
+  - unicodedata2=17.0.0
   - uriparser=0.9.8
   - urllib3=2.5.0
   - wheel=0.45.1
   - wrapt=1.17.3
-  - xerces-c=3.2.5
+  - xerces-c=3.3.0
   - xorg-libxau=1.0.12
   - xorg-libxdmcp=1.1.5
-  - xyzservices=2025.4.0
+  - xyzservices=2025.10.0
   - yaml=0.2.5
-  - yarl=1.20.1
+  - yarl=1.22.0
   - zipp=3.23.0
   - zlib=1.3.1
-  - zstandard=0.24.0
+  - zlib-ng=2.2.5
+  - zstandard=0.25.0
   - zstd=1.5.7
 prefix: /opt/miniconda3/envs/spinneret
diff --git a/requirements.txt b/requirements.txt
index 6a56e84..2b792e7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,20 +1,20 @@
 alabaster==1.0.0
 annotated-types==0.7.0
-anyio==4.10.0
-astroid==3.3.11
+anyio==4.11.0
+astroid==4.0.1
 babel==2.17.0
 backoff==2.2.1
 black==25.1.0
-branca==0.8.1
-Brotli==1.1.0
-certifi==2025.8.3
-cffi==1.17.1
-charset-normalizer==3.4.3
-click==8.2.1
+branca==0.8.2
+Brotli==1.2.0
+certifi==2025.10.5
+cffi==2.0.0
+charset-normalizer==3.4.4
+click==8.1.8
 click-option-group==0.5.6
 colorama==0.4.6
 contourpy==1.3.3
-coverage==7.10.6
+coverage==7.11.0
 cycler==0.12.1
 daiquiri==3.0.0
 Deprecated==1.2.18
@@ -23,29 +23,30 @@ docutils==0.21.2
 dotty_dict==1.3.1
 exceptiongroup==1.3.0
 folium==0.20.0
-fonttools==4.59.2
+fonttools==4.60.1
 geopandas==1.1.1
 gitdb==4.0.12
 GitPython==3.1.45
 gql==4.0.0
-graphql-core==3.2.6
+graphql-core==3.2.7
 h2==4.3.0
 hpack==4.1.0
 hyperframe==6.1.0
-idna==3.10
+idna==3.11
 imagesize==1.4.1
+importlib_metadata==8.7.0
 importlib_resources==6.5.2
-iniconfig==2.0.0
+iniconfig==2.3.0
 isodate==0.7.2
-isort==6.0.1
+isort==7.0.0
 Jinja2==3.1.6
 joblib==1.5.2
 kiwisolver==1.4.9
-lxml==6.0.1
+lxml==6.0.2
 mapclassify==2.10.0
 markdown-it-py==3.0.0
-MarkupSafe==3.0.2
-matplotlib==3.10.6
+MarkupSafe==3.0.3
+matplotlib==3.10.7
 mccabe==0.7.0
 mdit-py-plugins==0.5.0
 mdurl==0.1.2
@@ -54,69 +55,68 @@ munkres==1.1.4
 mypy_extensions==1.1.0
 myst-parser==4.0.1
 networkx==3.5
-numpy==2.3.2
+numpy==2.3.4
 packaging==25.0
-pandas==2.3.2
+pandas==2.3.3
 pathspec==0.12.1
-pillow==11.3.0
+pillow==12.0.0
 pip==25.2
-platformdirs==4.4.0
+platformdirs==4.5.0
 pluggy==1.6.0
 propcache==0.3.1
 pycparser==2.22
-pydantic==2.11.7
-pydantic_core==2.33.2
+pydantic==2.12.3
+pydantic_core==2.41.4
 Pygments==2.19.2
-pylint==3.3.8
+pylint==4.0.2
 pyogrio==0.11.1
-pyparsing==3.2.3
+pyparsing==3.2.5
 pyproj==3.7.2
 PySocks==1.7.1
-pytest==8.4.1
-pytest-cov==6.2.1
-pytest-mock==3.14.1
+pytest==8.4.2
+pytest-cov==7.0.0
+pytest-mock==3.15.1
 python-dateutil==2.9.0.post0
 python-gitlab==5.6.0
 python-json-logger==2.0.7
-python-semantic-release==10.3.1
+python-semantic-release==10.4.1
 pytz==2025.2
-PyYAML==6.0.2
-rdflib==7.1.4
+PyYAML==6.0.3
+rdflib==7.4.0
 requests==2.32.5
 requests-toolbelt==1.0.0
-rich==14.1.0
+rich==14.2.0
 roman-numerals-py==3.1.0
-scikit-learn==1.7.1
-scipy==1.16.1
+scikit-learn==1.7.2
+scipy==1.16.3
 setuptools==80.9.0
-shapely==2.1.1
+shapely==2.1.2
 shellingham==1.5.4
 six==1.17.0
 smmap==5.0.2
 sniffio==1.3.1
 snowballstemmer==3.0.1
-Sphinx==8.3.0
-sphinx-autoapi==3.6.0
+Sphinx==8.2.3
+sphinx-autoapi==3.6.1
 sphinxcontrib-applehelp==2.0.0
 sphinxcontrib-devhelp==2.0.0
 sphinxcontrib-htmlhelp==2.1.0
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==1.1.10
-stdlib-list==0.11.1
+stdlib-list==0.12.0
 threadpoolctl==3.6.0
-toml==0.10.2
-tomli==2.2.1
+tomli==2.3.0
 tomlkit==0.13.3
 tornado==6.5.2
 typing_extensions==4.15.0
-typing-inspection==0.4.1
+typing-inspection==0.4.2
 tzdata==2025.2
-unicodedata2==16.0.0
+unicodedata2==17.0.0
 urllib3==2.5.0
 wheel==0.45.1
 wrapt==1.17.3
-xyzservices==2025.4.0
-yarl==1.20.1
+xyzservices==2025.10.0
+yarl==1.22.0
 zipp==3.23.0
-zstandard==0.24.0
+zstandard==0.25.0
diff --git a/src/spinneret/annotator.py b/src/spinneret/annotator.py
index 26045d3..4c3359d 100644
--- a/src/spinneret/annotator.py
+++ b/src/spinneret/annotator.py
@@ -33,6 +33,7 @@
     get_template_for_predicate,
     get_predicate_id_for_predicate,
 )
+
 # FIXME: Refactor to use geoenv (https://github.com/clnsmth/geoenv)
 from spinneret.eml import get_geographic_coverage
 
diff --git a/tests/test_annotator.py b/tests/test_annotator.py
index 60833bf..3a4f7a1 100644
--- a/tests/test_annotator.py
+++ b/tests/test_annotator.py
@@ -1,6 +1,7 @@
 """Test annotator code"""
 
 import os
+
 # FIXME: Refactor to use geoenv (https://github.com/clnsmth/geoenv)
 # from importlib.resources import files
 from shutil import copyfile