From 2597c055484047fcdd6d49fcb47f3a7519475837 Mon Sep 17 00:00:00 2001
From: lewtun <lewis.c.tunstall@gmail.com>
Date: Tue, 16 Sep 2025 08:49:04 +0200
Subject: [PATCH] Pin num2words

Pin `num2words` to avoid supply-chain attack: https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise
---
 vision/smolvlm2/pyproject.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vision/smolvlm2/pyproject.toml b/vision/smolvlm2/pyproject.toml
index 39f184a..22e56db 100644
--- a/vision/smolvlm2/pyproject.toml
+++ b/vision/smolvlm2/pyproject.toml
@@ -25,7 +25,7 @@ dependencies = [
   "decord",
   "liger-kernel",
   "tabulate",
-  "num2words",
+  "num2words==0.5.14",
 ]
 
 [project.optional-dependencies]
@@ -43,4 +43,4 @@ build-backend = "setuptools.build_meta"
 
 [tool.setuptools.packages.find]
 where = ["."]
-include = ["smolvlm*", "scripts*"]
\ No newline at end of file
+include = ["smolvlm*", "scripts*"]