Update to latest Brownie and other packages

[Hg347]

Overview

There are vulnerable packages in the pip dependencies that are defined by requirements.txt It should contain:

• cytools>=0.12.3
• click>=8.1.3
• pathspec>=0.12.1
• black>=24.2.0
• attrs>=23.2.0
• vyper>=0.3.10rc4 # not directly required, pinned by Snyk to avoid a vulnerability
• eth-brownie>=1.20.2
• brownie-token-tester>=0.1.0
• flake8>=3.8.4
• isort>=5.7.0

Since curve deals with a lot of money, there should be a focus on fixing known vulnerabilities quickly. Static code analysis scanners like snyk.io should be used for this purpose.

[Hg347]

Other option is to directly switch to ape framework since brownie is no longer maintained.

[Hg347]

Btw. Snyk does only analyze dependencies and python code but not vyper code. For vyper static analysis slither could be added to the build pipeline.