From fa9979b5a36d6f0e03210a7885f3ff630b6e2c76 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 29 Jan 2026 19:54:56 +0000
Subject: [PATCH] fix: distributed/rpc/pipeline/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-TORCH-15123585
---
 distributed/rpc/pipeline/requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/distributed/rpc/pipeline/requirements.txt b/distributed/rpc/pipeline/requirements.txt
index 9a75bbd998..14e7ed32db 100644
--- a/distributed/rpc/pipeline/requirements.txt
+++ b/distributed/rpc/pipeline/requirements.txt
@@ -1,2 +1,3 @@
-torch==2.9.0
-torchvision==0.7.0
\ No newline at end of file
+torch==2.10.0
+torchvision==0.7.0
+numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file