fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - https://snyk.io/vuln/SNYK-PYTHON-NUMBA-1027297 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321969 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6043904 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372984 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372987 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372990 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372993 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372996 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372999 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373002 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373005 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373008 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373011 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373014 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373017 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373020 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373023 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373026 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373029 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373032 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373035 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373038 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373041 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-5291376 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413
hearbenchmark · Mar 13, 2024 · 48a53d1 · 48a53d1
1 parent 610d864
commit 48a53d1
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -2,8 +2,8 @@ black
 luigi
 # One of the requirements pulls in librosa, I believe note_seq
 # So we need to pin these, otherwise librosa breaks
-numpy==1.19.2
-numba==0.48
+numpy==1.22.2
+numba==0.49.0
 pandas
 pre-commit
 pytest
@@ -17,6 +17,12 @@ tensorflow-datasets
 tqdm
 ffmpeg-python
 note_seq
-tensorflow>=2.0
+tensorflow>=2.11.1
 schema
-patool
+patool
+ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability
+pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability
+setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
+tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability
+werkzeug>=2.3.8 # not directly required, pinned by Snyk to avoid a vulnerability
+wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability