From 185b028ac1947c4b78f4ba40b1a63867d52990f0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 1 Dec 2024 17:16:36 +0000 Subject: [PATCH] fix: online-inference/bloom-176b/model/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-MINIO-8445269 --- online-inference/bloom-176b/model/requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/online-inference/bloom-176b/model/requirements.txt b/online-inference/bloom-176b/model/requirements.txt index 4e82fff9..dde1bb59 100644 --- a/online-inference/bloom-176b/model/requirements.txt +++ b/online-inference/bloom-176b/model/requirements.txt @@ -1,3 +1,4 @@ accelerate==0.11.0 git+https://github.com/huggingface/transformers.git@ccc0897 # For device_map in pipelines() support -kserve==0.8.0.2 \ No newline at end of file +kserve==0.8.0.2 +minio>=7.2.11 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file