From f9dc5bbe9ed07b7a90118fbc75a0e4ac6ad6f01f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 12 Jul 2024 08:35:28 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ONNX-6231769
- https://snyk.io/vuln/SNYK-PYTHON-ONNX-6274390
- https://snyk.io/vuln/SNYK-PYTHON-SCIKITLEARN-7217830
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 requirements.txt

diff --git a/requirements.txt b/requirements.txt
old mode 100755
new mode 100644
index 5eb6424745..8afc4a71f5
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ torchmetrics==0.8
 hydra-core>=1.2.0
 onnxruntime>=1.15.0
 # onnx 1.16.0 introduce IR 10 which is not yet supported by onnx runtime & graphsurgeon
-onnx==1.15.0
+onnx==1.16.0
 pillow>=10.2.0
 pip-tools>=6.12.1
 einops==0.3.2
@@ -36,3 +36,4 @@ fonttools>=4.43.0
 # not directly required, pinned by Snyk to avoid a vulnerability
 werkzeug>=2.3.8
 imagesize~=1.4.1
+scikit-learn>=1.5.0 # not directly required, pinned by Snyk to avoid a vulnerability