From 59ed1611c52d2818698ff166456f5ab68fb1b421 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 25 Apr 2024 19:56:57 +0000 Subject: [PATCH] fix: reqs_optional/requirements_optional_langchain.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-FASTAPI-6228055 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 - https://snyk.io/vuln/SNYK-PYTHON-SYMPY-6084333 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6619806 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6649934 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6134594 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6135747 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6239525 --- reqs_optional/requirements_optional_langchain.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reqs_optional/requirements_optional_langchain.txt b/reqs_optional/requirements_optional_langchain.txt index 8a1e2ca9d..af9031b0f 100644 --- a/reqs_optional/requirements_optional_langchain.txt +++ b/reqs_optional/requirements_optional_langchain.txt @@ -64,7 +64,7 @@ docx2txt==0.8 python-docx==1.1.0 #pdf2image==1.16.3 #pytesseract==0.3.10 -pillow>=10.2.0 +pillow>=10.3.0 posthog pdfminer.six==20231228 @@ -106,3 +106,4 @@ numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability sympy>=1.12 # not directly required, pinned by Snyk to avoid a vulnerability wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability +transformers>=4.38.0 # not directly required, pinned by Snyk to avoid a vulnerability