⌨️ Pin num2words

[lewtun]

What does this PR do?

Pin num2words to avoid supply chain attack: https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise

Before submitting

• This PR fixes a typo or improves the docs (you can dismiss the other checks if that's the case).
• Did you read the contributor guideline,
  Pull Request section?
• Was this discussed/approved via a GitHub issue? Please add a link
  to it if that's the case.
• Did you make sure to update the documentation with your changes?
• Did you write any new necessary tests?

Who can review?

Anyone in the community is free to review the PR once the tests have passed. Feel free to tag
members/contributors who may be interested in your PR.

[albertvillanova]

Thanks for the security fix!!!

However, I must admit I'm not sure about how to proceed in this case:

• The 0.5.15 version was already remove from PyPI (but may still live in mirrors or caches)
• Pinning to 0.5.14 has 2 potential drawbacks
  • User that need a lower version (due to other local constraints)
  • No further legitimate bug fixes are allowed

Any other opininons?

[sergiopaniego]

I've expanded the pin to the example scripts.

No strong opinions about what @albertvillanova shares. We could possibly pin this version now and review it again in a while.

[HuggingFaceDocBuilderDev]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

[lewtun]

I've expanded the pin to the example scripts.

No strong opinions about what @albertvillanova shares. We could possibly pin this version now and review it again in a while.

Thanks! I'd be in favour of pinning for now and then we relax at some future date. But no strong opinion either way :)

[qgallouedec]

No strong opinion either 😅