From f7e42f77764a9582af7949304e6e61149f1c67b9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 27 Jan 2026 06:11:16 +0000 Subject: [PATCH] fix: extra/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SENTENCEPIECE-15091567 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-10332644 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-10332645 - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-15053866 --- extra/requirements.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/extra/requirements.txt b/extra/requirements.txt index fb3cc0122a9b..97ad484e1e14 100644 --- a/extra/requirements.txt +++ b/extra/requirements.txt @@ -4,4 +4,7 @@ google protobuf six omegaconf -compel \ No newline at end of file +compel +sentencepiece>=0.2.1 # not directly required, pinned by Snyk to avoid a vulnerability +torch>=2.10.0 # not directly required, pinned by Snyk to avoid a vulnerability +wheel>=0.46.2 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file