From 69a1b1117e45c89ae8ea9ca42f0875248ab3b4d4 Mon Sep 17 00:00:00 2001
From: Pablo Gomez <Pablo.Gomez@esa.int>
Date: Thu, 5 Feb 2026 10:10:03 +0100
Subject: [PATCH] Bump PyTorch minimum version to >=2.6 (security fix)

Addresses CVE in GHSA-53q9-r3pm-6pq6 by requiring PyTorch >=2.6
in environment.yml, environment_CI.yml, and pyproject.toml.
---
 environment.yml    | 2 +-
 environment_CI.yml | 2 +-
 pyproject.toml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/environment.yml b/environment.yml
index 870dc52..f9cacce 100644
--- a/environment.yml
+++ b/environment.yml
@@ -22,7 +22,7 @@ dependencies:
   - numpy
   - pandas<3
   - python=3.11
-  - pytorch
+  - pytorch>=2.6
   - pytorch-cuda=12.4
   - pyturbojpeg
   - scikit-learn
diff --git a/environment_CI.yml b/environment_CI.yml
index 3af1cad..edb3021 100644
--- a/environment_CI.yml
+++ b/environment_CI.yml
@@ -21,7 +21,7 @@ dependencies:
   - numpy
   - pandas<3
   - python=3.11
-  - pytorch
+  - pytorch>=2.6
   - pytest
   - pytest-asyncio>=0.23.0
   - pyturbojpeg
diff --git a/pyproject.toml b/pyproject.toml
index 6ce65ff..031d175 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -50,7 +50,7 @@ dependencies = [
     "scikit-image",
     "fitsbolt>=0.1.6",
     "toml",
-    "torch",
+    "torch>=2.6",
     "torchvision",
     "tqdm",
     "zarr>=3.0.0b0",