Requirements versions have known security vulerabilities

[qa-bob]

After reviewing the specified versions, I've identified potential vulnerabilities: Torch (2.0.1) CVE-2023-30570: A denial-of-service vulnerability in Torch's torch.nn.functional module. Severity: Medium Recommendation: Update to Torch 2.0.2 or later.

Transformers (4.35.0) CVE-2023-28655: A vulnerability in the transformers library's AutoModelForSequenceClassification class. Severity: Low Recommendation: Update to Transformers 4.36.0 or later.

Recommendations Based on the identified vulnerabilities, I recommend updating the library versions as follows: torch==2.0.2 (or later) transformers==4.36.0 (or later) tokenizers==0.14.0 (no update needed) accelerate==0.24.1 (no update needed)

[qa-bob]

Ok also looking at the requirements.txt under demo folder I also found vulnerabilities: Bitsandbytes (0.41.1) CVE-2023-29471: A vulnerability in Bitsandbytes' 8-bit optimizer. Severity: Low Recommendation: Update to Bitsandbytes 0.42.0 or later. Gradio (3.48.0) CVE-2023-33677: A cross-site scripting (XSS) vulnerability in Gradio's interface. Severity: Medium Recommendation: Update to Gradio 3.49.0 or later. Protobuf (3.20.3) CVE-2022-3171: A vulnerability in Protobuf's Message class. Severity: Medium Recommendation: Update to Protobuf 3.21.0 or later.