From 5157330792dd5583bb7de68c38109ab14fe58aac Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 13 Feb 2026 08:46:42 +0000
Subject: [PATCH] fix: python/requirements_linux_container_heavy.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-KERAS-15268069
- https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 python/requirements_linux_container_heavy.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/python/requirements_linux_container_heavy.txt b/python/requirements_linux_container_heavy.txt
index b99469bd..464a5642 100644
--- a/python/requirements_linux_container_heavy.txt
+++ b/python/requirements_linux_container_heavy.txt
@@ -4,8 +4,8 @@ Pillow==8.2.0
 opencv-python-headless==4.5.3.56
 tensorflow==2.0.3
 # tensorflow-gpu==2.0.3
-Keras==2.3.1
-protobuf==3.6.1
+Keras==3.13.2
+protobuf==5.29.6
 scikit-learn==0.22.1
 scikit-image==0.16.2
 imutils==0.5.3
@@ -13,4 +13,5 @@ psycopg2==2.8.4
 insightface==0.1.5
 mxnet==1.6.0
 mxnet-cu100==1.5.0
-setuptools==41.0.0
\ No newline at end of file
+setuptools==41.0.0
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file