From 8bfe47f1df19b983b0b77152b99365d62116e477 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 22 Jul 2025 18:10:23 +0000
Subject: [PATCH] fix: responsibleai/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-SCIKITLEARN-7217830
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-9964606
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 responsibleai/requirements.txt | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/responsibleai/requirements.txt b/responsibleai/requirements.txt
index bdd398dc0c..0f9eb367af 100644
--- a/responsibleai/requirements.txt
+++ b/responsibleai/requirements.txt
@@ -5,11 +5,11 @@ jsonschema
 erroranalysis>=0.5.4
 interpret-community>=0.31.0
 lightgbm>=2.0.11
-numpy>=1.17.2,<=1.26.2
+numpy>=1.22.2
 numba<=0.58.1
 pandas>=0.25.1,<2.0.0
 # See PR 1429 about upper bound
-scikit-learn>=0.22.1,!=1.1,<1.4.1.post1
+scikit-learn>=1.5.0,<1.4.1.post1
 scipy>=1.4.1
 semver~=2.13.0
 ml-wrappers
@@ -19,3 +19,5 @@ networkx<=2.5
 ipykernel<=6.8.0; python_version <= '3.7'
 ipykernel>=6.22.0; python_version > '3.7'
 raiutils>=0.4.2
+setuptools>=78.1.1 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability