[Snyk] Fix for 5 vulnerabilities

[glenn-jocher]

Snyk has created this PR to fix 5 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements.txt

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Control of Generation of Code ('Code Injection')
🦉 Use After Free

🛠️ PR Summary

_{Made with ❤️ by Ultralytics Actions}

🌟 Summary

Updated dependencies to improve compatibility, security, and performance 🔄📦.

📊 Key Changes

• Torch updated: Minimum required version of PyTorch increased to 2.2.0 (from 1.8.0).
• Wheel added: Pinned wheel>=0.38.0 to address a security vulnerability flagged by Snyk.

🎯 Purpose & Impact

• Compatibility: Updating PyTorch ensures compatibility with modern hardware and features, improving overall performance. 🚀
• Security: Fixing vulnerabilities by pinning wheel helps ensure a safer environment for users. 🔒
• Efficiency: These updates likely lead to faster training and inference for YOLOv5 models under newer hardware and optimized libraries. ⚡

[UltralyticsAssistant]

👋 Hello @glenn-jocher, thank you for submitting a ultralytics/yolov5 🚀 PR! To ensure a seamless review and integration process, kindly review the following checklist:

• ✅ Define a Purpose: Please ensure that your PR description clearly explains the purpose of these changes and references any relevant issues. This helps us understand the intent and expected impact of your modifications.
• ✅ Verify Dependency Updates: Since this PR updates dependencies (torch, wheel, etc.), carefully review and confirm that these changes do not introduce compatibility issues with existing code. It's also a good practice to test model training and inference on key datasets to ensure proper functionality.
• ✅ Ensure CI Checks Pass: Verify that all Continuous Integration (CI) checks are successful. If any checks fail, please provide an explanation or address the issues.
• ✅ Add Documentation: If these updates affect existing functionality or introduce new considerations (e.g., compatibility updates for torch>=2.2.0), kindly update our documentation accordingly.
• ✅ Sign the CLA: If you're a first-time contributor, please sign our Contributor License Agreement (CLA) by commenting "I have read the CLA Document and I sign the CLA" in this pull request.

---

🔧 Key Notes for this PR:

• Dependency Upgrades: The updates aim to improve overall security and performance by addressing vulnerabilities flagged by Snyk and ensuring compatibility with modern hardware. We recommend that you test these changes thoroughly to confirm their expected impact on the YOLOv5 workflows.
• Minimum Reproducible Example (MRE): If possible, please share a minimum reproducible example demonstrating successful functionality of YOLOv5 with the newly updated dependencies, especially with torch>=2.2.0. This will assist both our CI pipeline and the review process.

For further details on contributing or testing changes, please refer to our Contributing Guide. Feel free to leave a comment if you have any questions or need assistance. One of our engineers will review this PR shortly! 🚀