File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -41,7 +41,7 @@ dependencies = [
4141 " matplotlib" ,
4242 " plotly" ,
4343 " sympy>=1.14.0" ,
44- " pillow>=11.3.0 " ,
44+ " pillow>=12.1.1 " ,
4545 " torchvision==0.25.0" ,
4646 " transformers==5.3.0" ,
4747 " num2words>=0.5.14" , # for SmolVLM
@@ -148,7 +148,7 @@ dev = [
148148 " pyrefly==0.24.2" ,
149149]
150150test = [
151- " pytest>=7.0.0 " ,
151+ " pytest>=8.4.2 " ,
152152 " pytest-timeout" ,
153153 " pytest-cov" ,
154154 " pytest-asyncio" ,
@@ -263,6 +263,8 @@ override-dependencies = [
263263 # vLLM 0.17.0 code is compatible with transformers v5 but the PyPI metadata still declares <5.
264264 # Override until vllm officially relaxes the constraint (https://github.com/vllm-project/vllm/issues/30466).
265265 " transformers==5.3.0" ,
266+ # Override till we can upgrade sglang version to address CVE GHSA-7rgv-gqhr-fxg3
267+ " xgrammar==0.1.33" ,
266268]
267269# CVE fixes
268270constraint-dependencies = [
@@ -274,6 +276,10 @@ constraint-dependencies = [
274276 " wheel>=0.46.2" , # Address CVE GHSA-8rrh-rw8j-w5fx
275277 " protobuf>=6.33.5" , # Address CVE GHSA-7gcm-g887-7qv7
276278 " python-multipart>=0.0.22" , # Address CVE GHSA-wp53-j4wj-2cfg
279+ " pygments>=2.20.0" , # Address CVE GHSA-5239-wwwm-4pmq
280+ " cbor2>=5.9.0" , # Address CVE GHSA-3c37-wwvx-h642
281+ " onnx>=1.21.0rc4" , # Address CVE GHSA-hqmj-h5c6-369m
282+ " cryptography>=46.0.6" , # Address CVE GHSA-6w46-j5rx-g56g
277283]
278284
279285conflicts = [
You can’t perform that action at this time.
0 commit comments