From aaf9383b366ec9dc77b59432757ab0480b164d0b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 12 Dec 2025 20:22:56 +0000
Subject: [PATCH] fix: requirements-common.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443
---
 requirements-common.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements-common.txt b/requirements-common.txt
index aa165ff6d6a5..c07c3ae67323 100644
--- a/requirements-common.txt
+++ b/requirements-common.txt
@@ -31,3 +31,4 @@ pyyaml
 six>=1.16.0; python_version > '3.11' # transitive dependency of pandas that needs to be the latest version for python 3.12
 setuptools>=74.1.1; python_version > '3.11' # Setuptools is used by triton, we need to ensure a modern version is installed for 3.12+ so that it does not try to import distutils, which was removed in 3.12
 einops # Required for Qwen2-VL.
+urllib3>=2.6.0 # not directly required, pinned by Snyk to avoid a vulnerability