From 48a53d1ff47e1ed777294aa878f1d45f91378544 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 13 Mar 2024 00:39:16 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - https://snyk.io/vuln/SNYK-PYTHON-NUMBA-1027297 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372984 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372987 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372990 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372993 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372996 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372999 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373002 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373005 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373008 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373011 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373014 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373017 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373020 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373023 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373026 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373029 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373032 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373035 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373038 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373041 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-5291376 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413 --- requirements.txt | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index 5204985f..d3bb89d8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,8 +2,8 @@ black luigi # One of the requirements pulls in librosa, I believe note_seq # So we need to pin these, otherwise librosa breaks -numpy==1.19.2 -numba==0.48 +numpy==1.22.2 +numba==0.49.0 pandas pre-commit pytest @@ -17,6 +17,12 @@ tensorflow-datasets tqdm ffmpeg-python note_seq -tensorflow>=2.0 +tensorflow>=2.11.1 schema -patool \ No newline at end of file +patool +ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability +pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability +werkzeug>=2.3.8 # not directly required, pinned by Snyk to avoid a vulnerability +wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file