it appeared that requirements.txt had been updated independently of requirements.in
To reconcile this I unpinned some outdated versions requirements.in and removed the corresponding entries in requirements.txt then re-ran pip-compile
Update Pillow and Sentence-Tranformer
Added Pillow to requirements.in which was compiled to a secure version (10.2.0)
The above changes allowed sentence-tranformer to compile to a secure version (2.2.0)
Note about pip-compile instructions in README: The readme specifies running the command docker-compose run --rm backend pip-compile docker/requirements.in to compile the requirements. However this method kept giving me a connection error. To run pip-compile i had to open a terminal in the backend container and run it. Wondering if this is just a me problem, or if we should update the README to include this.
Sync requirements.in with requirements.txt
requirements.txthad been updated independently ofrequirements.inrequirements.inand removed the corresponding entries inrequirements.txtthen re-ranpip-compileUpdate Pillow and Sentence-Tranformer
Pillowtorequirements.inwhich was compiled to a secure version (10.2.0)sentence-tranformerto compile to a secure version (2.2.0)Note about pip-compile instructions in README: The readme specifies running the command
docker-compose run --rm backend pip-compile docker/requirements.into compile the requirements. However this method kept giving me a connection error. To runpip-compilei had to open a terminal in the backend container and run it. Wondering if this is just a me problem, or if we should update the README to include this.