From 9d83224261df41245f68eac2dcb312be504d6366 Mon Sep 17 00:00:00 2001
From: jan-service-account
 <136811300+jan-service-account@users.noreply.github.com>
Date: Sun, 28 Jul 2024 16:44:12 +0700
Subject: [PATCH] fix: examples/qwen/requirements.txt to reduce vulnerabilities
 (#67)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823
- https://snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PYARROW-6052811
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6134594
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6135747
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6239525
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 examples/qwen/requirements.txt | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/qwen/requirements.txt b/examples/qwen/requirements.txt
index d3eb3660f..3f8a9f237 100644
--- a/examples/qwen/requirements.txt
+++ b/examples/qwen/requirements.txt
@@ -19,3 +19,9 @@ idna>=3.7 # not directly required, pinned by Snyk to avoid a vulnerability
 requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
 tqdm>=4.66.3 # not directly required, pinned by Snyk to avoid a vulnerability
 zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
+aiohttp>=3.9.4 # not directly required, pinned by Snyk to avoid a vulnerability
+anyio>=4.4.0 # not directly required, pinned by Snyk to avoid a vulnerability
+numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability
+pyarrow>=14.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
+transformers>=4.38.0 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability