diff --git a/requirements.txt b/requirements.txt
index f8adbb1..f6f88eb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,3 +4,4 @@ SQLAlchemy==1.3.0
 psycopg2-binary==2.7.3.2
 boto3==1.4.7
 rfc3986==0.4.1
+lxml>=4.9.1 # not directly required, pinned by Snyk to avoid a vulnerability