From 32ddcb1dd27303e2cc0096d35076744ebec587ce Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 19 Nov 2024 07:44:25 +0000 Subject: [PATCH 1/5] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 8ee592008..485850da1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,3 +5,4 @@ tqdm more-itertools tiktoken triton>=2.0.0;platform_machine=="x86_64" and sys_platform=="linux" or sys_platform=="linux2" +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability From 2cc6bcf1b053084378175f97304b4c48dd178243 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 19 Nov 2024 07:55:23 +0000 Subject: [PATCH 2/5] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 From c8128c2aa29ca8ed61e218441eeb0086e4461a25 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 25 Nov 2024 02:25:57 +0000 Subject: [PATCH 3/5] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 485850da1..2ab3ddb64 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,3 +6,4 @@ more-itertools tiktoken triton>=2.0.0;platform_machine=="x86_64" and sys_platform=="linux" or sys_platform=="linux2" setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From 55e0339342c5e688e54482055e54da4720fad06f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 25 Nov 2024 03:31:21 +0000 Subject: [PATCH 4/5] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 2ab3ddb64..d40d38e0c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,3 +7,4 @@ tiktoken triton>=2.0.0;platform_machine=="x86_64" and sys_platform=="linux" or sys_platform=="linux2" setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability +wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability From 548e3e4ab86d1826998bdf636b9b4f366fc6cc06 Mon Sep 17 00:00:00 2001 From: BraveHeart-David <168072546+BraveHeart-David@users.noreply.github.com> Date: Tue, 3 Dec 2024 22:29:54 +0800 Subject: [PATCH 5/5] Update requirements.txt To fix vulnerability per snyk, we set the minimum versions. --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index d40d38e0c..02ca09ba9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ numba -numpy -torch +numpy>=1.22.2 # minimum version requirement to fix vulnerability per snyk +torch>=2.2.0 # minimum version requirement to fix vulnerability per snyk tqdm more-itertools tiktoken