From 529ee3441ffc0bee59ca72adf214bf61599e0901 Mon Sep 17 00:00:00 2001
From: Kalyan <kalyan.ben10@live.com>
Date: Wed, 6 Mar 2024 00:48:05 +0530
Subject: [PATCH] Fix CVE issues by pinning packages in requirements-dev.txt
 (#383)

* updated req

Signed-off-by: kalyanr <kalyan.ben10@live.com>

* fix

Signed-off-by: kalyanr <kalyan.ben10@live.com>

* update changelog

Signed-off-by: kalyanr <kalyan.ben10@live.com>

---------

Signed-off-by: kalyanr <kalyan.ben10@live.com>
---
 CHANGELOG.md         |  1 +
 requirements-dev.txt | 17 +++++++++--------
 requirements.txt     | 14 +++++++-------
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 133b0abcb..a36890909 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -52,6 +52,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Fix conditional job execution issue in model upload workflow by @thanawan-atc in ([#294](https://github.com/opensearch-project/opensearch-py-ml/pull/294))
 - fix bug in `MLCommonClient_client.upload_model` by @rawwar in ([#336](https://github.com/opensearch-project/opensearch-py-ml/pull/336))
 - fix lint issues on main by @rawwar in ([#374](https://github.com/opensearch-project/opensearch-py-ml/pull/374))
+- fix CVE vulnerability by @rawwar in ([#383](https://github.com/opensearch-project/opensearch-py-ml/pull/383))
 
 ## [1.1.0]
 
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 16640f779..e7b62bcf0 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -5,14 +5,15 @@ pandas>=1.5.2,<2
 matplotlib>=3.6.2,<4
 numpy>=1.24.0,<2
 opensearch-py>=2.2.0
-torch==2.0.1
-onnx
-accelerate
-sentence_transformers
-tqdm
-transformers
-deprecated
-mdutils
+torch>=2.0.1,<2.1.0
+onnx>=1.15.0
+accelerate>=0.27
+sentence_transformers>=2.5.0,<2.6
+tqdm>4.66.0,<5
+transformers>=4.36.0,<5
+deprecated>=1.2.14,<2
+mdutils>=1.6.0,<2
+pillow>10.0.0,<11
 
 #
 # Testing
diff --git a/requirements.txt b/requirements.txt
index ab4e94821..cddfe801c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,10 +5,10 @@ pandas>=1.5.2,<2
 matplotlib>=3.6.2,<4
 numpy>=1.24.0,<2
 opensearch-py>=2.2.0
-torch==2.0.1
-onnx
-accelerate
-sentence_transformers
-tqdm
-transformers
-deprecated
+torch>=2.0.1,<2.1.0
+onnx>=1.15.0
+accelerate>=0.27
+sentence_transformers>=2.5.0,<2.6
+tqdm>4.66.0,<5
+transformers>=4.36.0,<5
+deprecated>=1.2.14,<2