Fix CVE issues by pinning packages in requirements-dev.txt (opensearc…

…h-project#383) * updated req Signed-off-by: kalyanr <[email protected]> * fix Signed-off-by: kalyanr <[email protected]> * update changelog Signed-off-by: kalyanr <[email protected]> --------- Signed-off-by: kalyanr <[email protected]>
rawwar · Mar 5, 2024 · 529ee34 · 529ee34
1 parent 5bfb6fb
commit 529ee34
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -52,6 +52,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Fix conditional job execution issue in model upload workflow by @thanawan-atc in ([#294](https://github.com/opensearch-project/opensearch-py-ml/pull/294))
 - fix bug in `MLCommonClient_client.upload_model` by @rawwar in ([#336](https://github.com/opensearch-project/opensearch-py-ml/pull/336))
 - fix lint issues on main by @rawwar in ([#374](https://github.com/opensearch-project/opensearch-py-ml/pull/374))
+- fix CVE vulnerability by @rawwar in ([#383](https://github.com/opensearch-project/opensearch-py-ml/pull/383))
 
 ## [1.1.0]
 

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -5,14 +5,15 @@ pandas>=1.5.2,<2
 matplotlib>=3.6.2,<4
 numpy>=1.24.0,<2
 opensearch-py>=2.2.0
-torch==2.0.1
-onnx
-accelerate
-sentence_transformers
-tqdm
-transformers
-deprecated
-mdutils
+torch>=2.0.1,<2.1.0
+onnx>=1.15.0
+accelerate>=0.27
+sentence_transformers>=2.5.0,<2.6
+tqdm>4.66.0,<5
+transformers>=4.36.0,<5
+deprecated>=1.2.14,<2
+mdutils>=1.6.0,<2
+pillow>10.0.0,<11
 
 #
 # Testing

diff --git a/requirements.txt b/requirements.txt
@@ -5,10 +5,10 @@ pandas>=1.5.2,<2
 matplotlib>=3.6.2,<4
 numpy>=1.24.0,<2
 opensearch-py>=2.2.0
-torch==2.0.1
-onnx
-accelerate
-sentence_transformers
-tqdm
-transformers
-deprecated
+torch>=2.0.1,<2.1.0
+onnx>=1.15.0
+accelerate>=0.27
+sentence_transformers>=2.5.0,<2.6
+tqdm>4.66.0,<5
+transformers>=4.36.0,<5
+deprecated>=1.2.14,<2