# Applying Security Updates to Requirements Files *Available in safety versions `>2.3.5`* *Available for **pip** requirement file scans (poetry and pipenv support coming soon).* ***Requires a Safety API KEY*** ### Applying security updates automatically Safety can apply suggested security updates to scanned pip requirement files by including the `--apply-security-updates` flag. **Examples:** `safety check --key -r requirements.txt --apply-security-updates` will include an interactive prompt to guide you through updating package versions to more secure versions. #### Set a threshold for applying fixes automatically You can set the maximum version change that Safety will apply without user input using the `--auto-security-updates-limit` (Short alias: `-asul`) flag. This sets the maximum version update for applying fixes automatically without asking for user input. Possible values are: `major, minor, patch` (default is value `patch`). As this is an upper limit, using `major` is equivalent to automatically applying all the fixes without user input. **Examples:** `safety check --key -r requirements.txt --apply-security-updates -asul minor` This will update the requirements.txt file (and any other requirements files it references) with all the security remediations that are `minor` or `patch` updates. If a remediation requires a `major` version update, then Safety will ask for user input if they want to make this change. `safety check --key -r requirements.txt --apply-security-updates -asul major` In this case as `major` was passed, all the remediations will be automatically applied in the file and any of its recursive include files. `safety check --key -r dev.txt -r staging.txt --apply-security-updates -asul minor` Safety will update both of these files, automatically applying the remediations for `minor` and `patch` updates, and asking for confirmation for any `major` version updates. *This option can also be set using the* [*Safety policy file*](/safety-2/safety-cli-2-scanner/policy-file.md)*.* #### --no-prompt to skip any updates that require user input If you want to ensure that Safety will not wait for user input, the `--no-prompt` flag will apply all automatic fix updates that fall within the `--auto-security-updates-limit` limit, and ignore those that require user input. `safety check --key -r requirements.txt --apply-security-updates -asul minor --no-prompt` This will apply all `patch` and `minor` version security updates to `requirements.txt` and ignore any `major` version updates, with no user input prompt. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.safetycli.com/safety-2/safety-cli-2-scanner/applying-security-updates-to-requirements-files.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.