From 532bd72c95cf4637194be6e4f7926d0c45c4b91e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 11 Jun 2025 20:13:48 +0000
Subject: [PATCH] fix: requirements-cpu.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-10305723
---
 requirements-cpu.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements-cpu.txt b/requirements-cpu.txt
index 27ca8ca5dbc5..842b55b36269 100644
--- a/requirements-cpu.txt
+++ b/requirements-cpu.txt
@@ -4,3 +4,4 @@
 # Dependencies for x86_64 CPUs
 torch == 2.4.0+cpu; platform_machine != "ppc64le"
 torchvision; platform_machine != "ppc64le"   # required for the image processor of phi3v, this must be updated alongside torch
+requests>=2.32.4 # not directly required, pinned by Snyk to avoid a vulnerability