From 7e845667d2d939d2c15bb6960f6099f7417edb0b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 2 Feb 2024 04:06:24 +0000
Subject: [PATCH] fix: gpt4all-training/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-6220003
---
 gpt4all-training/requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gpt4all-training/requirements.txt b/gpt4all-training/requirements.txt
index 110977d231ab..987554b0267e 100644
--- a/gpt4all-training/requirements.txt
+++ b/gpt4all-training/requirements.txt
@@ -3,7 +3,7 @@ datasets
 einops
 torchmetrics
 evaluate
-transformers>=4.28.0
+transformers>=4.37.0
 wandb
 peft
 nodelist-inflator
@@ -12,4 +12,5 @@ sentencepiece
 jsonlines
 nomic
 scikit-learn
-matplotlib
\ No newline at end of file
+matplotlib
+pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file