From 994ceabfb18c85bf287da418e45a5bb9b453c031 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 16 Jan 2025 08:37:24 +0000
Subject: [PATCH] fix:
 reqs_optional/requirements_optional_langchain.metrics.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-8400820
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-8400822
- https://snyk.io/vuln/SNYK-PYTHON-TRANSFORMERS-8400823
---
 reqs_optional/requirements_optional_langchain.metrics.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reqs_optional/requirements_optional_langchain.metrics.txt b/reqs_optional/requirements_optional_langchain.metrics.txt
index 30fe6f785..3fd837fae 100644
--- a/reqs_optional/requirements_optional_langchain.metrics.txt
+++ b/reqs_optional/requirements_optional_langchain.metrics.txt
@@ -6,3 +6,4 @@ nltk
 rouge_score>=0.1.2
 # below install tensorflow and downgrades numpy, so heavy dependency
 git+https://github.com/google-research/bleurt.git
+transformers>=4.48.0 # not directly required, pinned by Snyk to avoid a vulnerability