[Vuln Fix]: Resolve mend vulnerabilities related to requests. (#1162)

* resolved check-manifest issue * updating keras version pin to <=3.4.0 * adding comment in requirements.txt to trigger mend check --------- Co-authored-by: Armaan <[email protected]>
capitalone · Jan 10, 2025 · d42d9c1 · d42d9c1
1 parent 4e4450a
commit d42d9c1
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 7 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -48,7 +48,7 @@ repos:
             # requirements.txt
             h5py>=2.10.0,
             wheel>=0.33.1,
-            numpy>=1.22.0,
+            numpy<2.0.0,
             pandas>=1.1.2,
             python-dateutil>=2.7.5,
             pytz>=2020.1,
@@ -80,7 +80,7 @@ repos:
 
             # requirements-ml.txt
             scikit-learn>=0.23.2,
-            'keras>=2.4.3,<3.0.0',
+            'keras>=2.4.3,<=3.4.0',
             rapidfuzz>=2.6.1,
             "tensorflow>=2.6.4,<2.15.0; sys.platform != 'darwin'",
             "tensorflow>=2.6.4,<2.15.0; sys_platform == 'darwin' and platform_machine != 'arm64'",
@@ -108,7 +108,7 @@ repos:
     rev: "0.48"
     hooks:
       - id: check-manifest
-        additional_dependencies: ['h5py', 'wheel', 'future', 'numpy', 'pandas',
+        additional_dependencies: ['h5py', 'wheel', 'future', 'numpy<2.0.0', 'pandas',
         'python-dateutil', 'pytz', 'pyarrow', 'chardet', 'fastavro',
         'python-snappy', 'charset-normalizer', 'psutil', 'scipy', 'requests',
         'networkx','typing-extensions', 'HLL', 'datasketches', 'boto3']

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -1,4 +1,4 @@
-check-manifest>=0.48
+check-manifest>=0.50
 black>=24.3.0
 isort==5.12.0
 pre-commit==2.19.0

diff --git a/requirements-ml.txt b/requirements-ml.txt
@@ -1,5 +1,5 @@
 scikit-learn>=0.23.2
-keras>=3.0.0
+keras<=3.4.0
 rapidfuzz>=2.6.1
 tensorflow>=2.16.0; sys.platform != 'darwin'
 tensorflow>=2.16.0; sys_platform == 'darwin' and platform_machine != 'arm64'

diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
 h5py>=2.10.0
 wheel>=0.33.1
-numpy>=1.22.0
+numpy<2.0.0
 pandas>=1.1.2
 python-dateutil>=2.7.5
 pytz>=2020.1
@@ -11,10 +11,11 @@ python-snappy>=0.7.1
 charset-normalizer>=1.3.6
 psutil>=4.0.0
 scipy>=1.10.0
-requests>=2.28.1
+requests==2.32.*
 networkx>=2.5.1
 typing-extensions>=3.10.0.2
 HLL>=2.0.3
 datasketches>=4.1.0
 packaging>=23.0
 boto3>=1.28.61
+# adding comment to trigger mend check