From 3b163daa3c7d0811c950ab21b8bd1fb55c4634ab Mon Sep 17 00:00:00 2001
From: Karan Sampath <176953591+karanataryn@users.noreply.github.com>
Date: Tue, 4 Mar 2025 18:21:27 -0800
Subject: [PATCH] improve comment

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index a04d318cc..934cce55e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -15,7 +15,7 @@ repository = "https://github.com/aryn-ai/sycamore.git"
 
 [tool.poetry.dependencies]
 # streamlit in query-ui disallows 3.9.7
-# cryptography in sycamore-ai disallows 3.9.1, 3.9.0
+# cryptography in sycamore-ai disallows 3.9.1, 3.9.0, need >44.0.1 due to CVE-2024-12797: https://github.com/aryn-ai/sycamore/security/dependabot/327
 python = ">=3.9.2,<3.9.7 || >3.9.7,<3.13"
 
 sycamore-ai = "^0.1.13"