From fdd963147ff6c82fbcb407de9ef5440dcee6d07f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 May 2025 22:23:43 +0000 Subject: [PATCH] fix: requirements-cpu.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-9964606 --- requirements-cpu.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements-cpu.txt b/requirements-cpu.txt index 27ca8ca5dbc5..eb120b75289b 100644 --- a/requirements-cpu.txt +++ b/requirements-cpu.txt @@ -4,3 +4,4 @@ # Dependencies for x86_64 CPUs torch == 2.4.0+cpu; platform_machine != "ppc64le" torchvision; platform_machine != "ppc64le" # required for the image processor of phi3v, this must be updated alongside torch +setuptools>=78.1.1 # not directly required, pinned by Snyk to avoid a vulnerability