From afd49cecfac56ac671417daafe88f24b3512437a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 14 Jul 2025 04:26:45 +0000
Subject: [PATCH] fix: examples/langchain-chroma/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10645575
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10645579
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10645583
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10645585
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10645587
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10645588
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10648999
- https://snyk.io/vuln/SNYK-PYTHON-LLAMAINDEX-10691925
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-10247398
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-10658536
---
 examples/langchain-chroma/requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/examples/langchain-chroma/requirements.txt b/examples/langchain-chroma/requirements.txt
index b9e649c5a9a4..e8df32a4ab5a 100644
--- a/examples/langchain-chroma/requirements.txt
+++ b/examples/langchain-chroma/requirements.txt
@@ -1,4 +1,5 @@
 langchain==0.0.160
 openai==0.27.6
 chromadb==0.3.21
-llama-index==0.6.2
\ No newline at end of file
+llama-index==0.12.41
+transformers>=4.52.0 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file