From 023ed73fb20fb39bd90d0ae6d33d5de4286e5d23 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 2 Mar 2025 18:57:21 +0000 Subject: [PATCH] fix: online-inference/bloom-176b/model/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-RAY-9055245 --- online-inference/bloom-176b/model/requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/online-inference/bloom-176b/model/requirements.txt b/online-inference/bloom-176b/model/requirements.txt index 4e82fff9..463195e3 100644 --- a/online-inference/bloom-176b/model/requirements.txt +++ b/online-inference/bloom-176b/model/requirements.txt @@ -1,3 +1,4 @@ accelerate==0.11.0 git+https://github.com/huggingface/transformers.git@ccc0897 # For device_map in pipelines() support -kserve==0.8.0.2 \ No newline at end of file +kserve==0.8.0.2 +ray>=2.42.0 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file