fix: cvat/requirements/base.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966 - https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3136280 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372984 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372987 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372990 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372993 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372996 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3372999 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373002 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373005 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373008 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373011 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373014 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373017 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373020 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373023 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373026 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373029 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373032 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373035 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373038 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-3373041 - https://snyk.io/vuln/SNYK-PYTHON-TENSORFLOW-5291376 - https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413
humanprotocol · Jul 16, 2023 · dd66eb9 · dd66eb9
1 parent 33c624a
commit dd66eb9
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
@@ -7,14 +7,14 @@ django-compressor==2.4
 django-rq==2.3.2
 EasyProcess==0.3
 Pillow==9.3.0
-numpy==1.22.0
+numpy==1.22.2
 python-ldap==3.4.0
 pytz==2020.1
 pyunpack==0.2.1
 rcssmin==1.0.6
 redis==3.5.3
 rjsmin==1.1.0
-requests==2.26.0
+requests==2.31.0
 rq==1.5.2
 rq-scheduler==0.10.0
 sqlparse==0.4.2
@@ -37,7 +37,7 @@ h5py==3.6.0
 django-cors-headers==3.5.0
 furl==2.1.0
 av==9.2.0 --no-binary=av
-tensorflow==2.9.3 # Optional requirement of Datumaro. Use tensorflow-macos==2.8.0 for Mac M1
+tensorflow==2.11.1 # Optional requirement of Datumaro. Use tensorflow-macos==2.8.0 for Mac M1
 # The package is used by pyunpack as a command line tool to support multiple
 # archives. Don't use as a python module because it has GPL license.
 patool==1.12
@@ -53,3 +53,4 @@ dnspython==2.2.0
 setuptools==65.5.1
 django-health-check==3.17.0
 psutil==5.9.4
+wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability