From 8650824d44b2413fa6be7a036732b192b3b0d621 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 6 Mar 2025 02:05:10 +0000 Subject: [PATCH] fix: online-inference/bloom-176b/model/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-RAY-8745212 --- online-inference/bloom-176b/model/requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/online-inference/bloom-176b/model/requirements.txt b/online-inference/bloom-176b/model/requirements.txt index 4e82fff9..899674d5 100644 --- a/online-inference/bloom-176b/model/requirements.txt +++ b/online-inference/bloom-176b/model/requirements.txt @@ -1,3 +1,4 @@ accelerate==0.11.0 git+https://github.com/huggingface/transformers.git@ccc0897 # For device_map in pipelines() support -kserve==0.8.0.2 \ No newline at end of file +kserve==0.8.0.2 +ray>=2.43.0 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file