From 10e09e5d55fbfb8cab2d9b2a0bfd7c24d2ce1d93 Mon Sep 17 00:00:00 2001
From: Kaustubh Tangsali <ktangsali@nvidia.com>
Date: Fri, 22 Aug 2025 05:22:12 +0000
Subject: [PATCH 1/2] update lower bounds

---
 CHANGELOG.md   | 2 ++
 pyproject.toml | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 614dc0f145..4f8b7b78ab 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -104,6 +104,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Dependencies
 
+- Updated lower bound for Torch, MLFlow and ONNX packages to address CVEs
+
 ## [1.1.1] - 2025-06-16
 
 ### Fixed
diff --git a/pyproject.toml b/pyproject.toml
index 9935fe771d..50a4014cb7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -15,12 +15,12 @@ dependencies = [
     "certifi>=2023.7.22",
     "fsspec>=2023.1.0",
     "numpy>=1.22.4",
-    "onnx>=1.14.0",
+    "onnx>=1.16.2",
     "packaging>=24.2",
     "s3fs>=2023.5.0",
     "setuptools>=77.0.3",
     "timm>=0.9.12",
-    "torch>=2.4.0",
+    "torch>=2.6.0",
     "tqdm>=4.60.0",
     "treelib>=1.2.5",
     "xarray>=2023.1.0",
@@ -43,7 +43,7 @@ launch = [
     "hydra-core>=1.2.0",
     "termcolor>=2.1.1",
     "wandb>=0.13.7",
-    "mlflow>=2.1.1",
+    "mlflow>=2.22.1<3.0.0",
     "pydantic>=2.4.2",
     "imageio>=2.28.1",
     "moviepy>=1.0.3",

From 85a37a288efa965d56f24741d7469460fee5df6f Mon Sep 17 00:00:00 2001
From: Kaustubh Tangsali <ktangsali@nvidia.com>
Date: Fri, 22 Aug 2025 15:21:12 +0000
Subject: [PATCH 2/2] update typo

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 50a4014cb7..298882ae53 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,7 +43,7 @@ launch = [
     "hydra-core>=1.2.0",
     "termcolor>=2.1.1",
     "wandb>=0.13.7",
-    "mlflow>=2.22.1<3.0.0",
+    "mlflow>=2.22.1,<3.0.0",
     "pydantic>=2.4.2",
     "imageio>=2.28.1",
     "moviepy>=1.0.3",