From 802ab2b93613d08a6da269f4eca28e2830e3dadf Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 11 Jul 2025 03:33:02 +0000
Subject: [PATCH] fix: server/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYCARES-10365309
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-10658536
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390193
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194
---
 server/requirements.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 server/requirements.txt

diff --git a/server/requirements.txt b/server/requirements.txt
old mode 100755
new mode 100644
index 12a741f..a9c2b52
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -13,4 +13,6 @@ sentencepiece==0.1.97
 six==1.16.0
 sseclient==0.0.27
 torch==2.0.0
-transformers==4.27.1
+transformers==4.52.0
+pycares>=4.9.0 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=2.5.0 # not directly required, pinned by Snyk to avoid a vulnerability