Upgrade tokenizers dependency to get rid of CVE-2026-4539 #741
Description
Describe the improvement
cohere==5.20.7 is pulling pygments 2.19.2 which has a CVE.
Found 1 known vulnerability in 1 package
Name Version ID Fix Versions
-------- ------- ------------- ------------
pygments 2.19.2 CVE-2026-4539
Pygments==2.19.2
└── rich==14.3.3 [requires: Pygments>=2.13.0,<3.0.0]
└── typer==0.24.1 [requires: rich>=12.3.0]
└── huggingface_hub==1.6.0 [requires: typer]
└── tokenizers==0.22.2 [requires: huggingface_hub>=0.16.4,<2.0]
└── cohere==5.20.7 [requires: tokenizers>=0.15,<1]