fix: resolve torch security error by pinning torch 2.6.0 and updating requirements

Dockerfile

@@ -2,7 +2,7 @@ FROM python:3.10
 
 WORKDIR /app
 
-# Install system dependencies
+# System dependencies
 RUN apt-get update && apt-get install -y \
     libffi-dev \
     libsndfile1 \
@@ -10,21 +10,21 @@ RUN apt-get update && apt-get install -y \
     libxt6 \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy requirements first to leverage Docker cache
+# Copy requirements
 COPY requirements.txt .
 
-# Install PyTorch and torchaudio first (CPU version)
-RUN pip install --no-cache-dir torch==2.5.1 torchvision==0.20.1 torchaudio --index-url https://download.pytorch.org/whl/cu121
+# Upgrade pip
+RUN python -m pip install --upgrade pip
 
-# Install the rest of requirements
-RUN pip install --no-cache-dir -r requirements.txt
+# Install all Python dependencies including torch
+RUN pip install --no-cache-dir \
+    -r requirements.txt \
+    -f https://download.pytorch.org/whl/cpu/torch_stable.html
 
-# Copy application files
+# Copy app code
 COPY . .
 
 EXPOSE 7860
-
 ENV PYTHONUNBUFFERED=1
 
-# Run the application
 CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

requirements.txt

@@ -2,11 +2,13 @@
 numpy>=1.24.0,<2.0.0
 librosa>=0.10.0
 transformers>=4.38.0,<5.0
-# torch and torchaudio are to be installed separately according to the system configuration.
-# torch==2.0.1
-# torchaudio==2.0.2
+typing-extensions>=4.10.0
 
-# Audio
+# Torch pinned for CVE-2025-32434 compliance
+torch==2.6.0+cpu
+torchaudio==2.6.0+cpu
+
+# Audio processing
 soundfile>=0.12.1
 scipy>=1.11.0
 praat-parselmouth>=0.4.3
@@ -22,4 +24,4 @@ python-multipart>=0.0.18
 python-json-logger>=2.0.0
 
 # Web UI
-gradio==6.1.0
+gradio==6.1.0