From 47dee8a4d80a67cbbc12997fecc373311d7441e9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 24 Dec 2023 14:05:18 +0000 Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 --- requirements.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/requirements.txt b/requirements.txt index e93c179f..e98c45fa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,3 +2,6 @@ sycret syft @ git+https://github.com/OpenMined/PySyft@sympc-dev#egg=syft&subdirectory=packages/syft torch>=1.6,<=1.8.1 torchcsprng<=0.2.1 +fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability +numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability +pillow>=10.0.1 # not directly required, pinned by Snyk to avoid a vulnerability