From e45a972c56bb922c733c9720faccc92382735bfd Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 21 Nov 2024 07:26:52 +0000
Subject: [PATCH] fix:
 reqs_optional/requirements_optional_langchain.metrics.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-8383923
---
 reqs_optional/requirements_optional_langchain.metrics.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reqs_optional/requirements_optional_langchain.metrics.txt b/reqs_optional/requirements_optional_langchain.metrics.txt
index 30fe6f785..7e706b430 100644
--- a/reqs_optional/requirements_optional_langchain.metrics.txt
+++ b/reqs_optional/requirements_optional_langchain.metrics.txt
@@ -6,3 +6,4 @@ nltk
 rouge_score>=0.1.2
 # below install tensorflow and downgrades numpy, so heavy dependency
 git+https://github.com/google-research/bleurt.git
+aiohttp>=3.10.11 # not directly required, pinned by Snyk to avoid a vulnerability