From d4ad52cf8c81111e23c7fb22864a5204ac28af4f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 9 Aug 2024 12:33:05 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173 - https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129 - https://snyk.io/vuln/SNYK-PYTHON-HUGGINGFACEHUB-5591152 - https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6619806 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6649934 - https://snyk.io/vuln/SNYK-PYTHON-TQDM-6807582 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-5563628 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6134594 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6135747 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003 - https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6239525 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413 - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements.txt | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/requirements.txt b/requirements.txt index cbd7d54..543dec5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,17 +1,17 @@ -certifi==2022.12.7 +certifi==2024.7.4 charset-normalizer==3.0.1 click==8.1.3 docopt==0.6.2 ffmpeg-python==0.2.0 filelock==3.9.0 -Flask==2.2.3 +Flask==2.2.5 future==0.18.3 -huggingface-hub==0.12.1 +huggingface-hub==0.13.4 HyperPyYAML==1.1.0 -idna==3.4 +idna==3.7 importlib-metadata==6.0.0 itsdangerous==2.1.2 -Jinja2==3.1.2 +Jinja2==3.1.4 joblib==1.2.0 MarkupSafe==2.1.2 more-itertools==9.0.0 @@ -22,18 +22,20 @@ packaging==23.0 pydub==0.25.1 PyYAML==6.0 regex==2022.10.31 -requests==2.28.2 +requests==2.32.2 ruamel.yaml==0.17.21 ruamel.yaml.clib==0.2.7 scipy==1.10.1 sentencepiece==0.1.97 speechbrain==0.5.13 tokenizers==0.13.2 -torch==1.13.1 +torch==2.2.0 torchaudio==0.13.1 -tqdm==4.64.1 -transformers==4.26.1 +tqdm==4.66.3 +transformers==4.38.0 typing_extensions==4.5.0 -urllib3==1.26.14 -Werkzeug==2.2.3 -zipp==3.14.0 +urllib3==1.26.19 +Werkzeug==3.0.3 +zipp==3.19.1 +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability +wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability