From f8dd8caaa4f4978cfa75df0397d77125804d55e5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 1 Feb 2026 09:15:18 +0000 Subject: [PATCH] fix: handson-ml-master/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-NBCONVERT-14463457 - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-15090738 --- handson-ml-master/requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/handson-ml-master/requirements.txt b/handson-ml-master/requirements.txt index 7df1ca3..df58ac8 100644 --- a/handson-ml-master/requirements.txt +++ b/handson-ml-master/requirements.txt @@ -25,7 +25,7 @@ numexpr==2.6.3 numpy==1.13.1 pandas==0.20.3 Pillow==4.2.1 -protobuf==3.4.0 +protobuf==6.33.5 psutil==5.3.1 scikit-learn==0.19.0 scipy==0.19.1 @@ -42,3 +42,4 @@ tensorflow==1.3.0 # Optional: these are useful Jupyter extensions, in particular to display # the table of contents. https://github.com/ipython-contrib/jupyter_contrib_nbextensions/tarball/master +nbconvert>=7.17.0 # not directly required, pinned by Snyk to avoid a vulnerability