[Snyk] Security upgrade torch from 1.13.1 to 2.2.0 #230
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6619806 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6649934
Jimmy-INL
pushed a commit
to Jimmy-INL/causalnex
that referenced
this pull request
May 17, 2024
* temp (#242) * Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (mckinsey#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <[email protected]> * Simplifying requirements - Numpy version range (mckinsey#236) * Remove python 3.6 and 3.7 support (mckinsey#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <[email protected]> --------- Co-authored-by: GabrielAz <[email protected]> Co-authored-by: Gabriel Azevedo Ferreira <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> * unlocking numpy (mckinsey#238) Co-authored-by: Gabriel Azevedo <[email protected]> * Release 0.11.2 (mckinsey#239) Co-authored-by: Gabriel Azevedo <[email protected]> --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]> * Release Notes --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]>
Jimmy-INL
pushed a commit
to Jimmy-INL/causalnex
that referenced
this pull request
May 17, 2024
* Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (mckinsey#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <[email protected]> * Simplifying requirements - Numpy version range (mckinsey#236) * Remove python 3.6 and 3.7 support (mckinsey#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <[email protected]> --------- Co-authored-by: GabrielAz <[email protected]> Co-authored-by: Gabriel Azevedo Ferreira <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> * unlocking numpy (mckinsey#238) Co-authored-by: Gabriel Azevedo <[email protected]> * Release 0.11.2 (mckinsey#239) Co-authored-by: Gabriel Azevedo <[email protected]> * Replacing Pygraphviz with Pyvis (mckinsey#237) * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * temp (#242) * Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (mckinsey#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <[email protected]> * Simplifying requirements - Numpy version range (mckinsey#236) * Remove python 3.6 and 3.7 support (mckinsey#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <[email protected]> --------- Co-authored-by: GabrielAz <[email protected]> Co-authored-by: Gabriel Azevedo Ferreira <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> * unlocking numpy (mckinsey#238) Co-authored-by: Gabriel Azevedo <[email protected]> * Release 0.11.2 (mckinsey#239) Co-authored-by: Gabriel Azevedo <[email protected]> --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]> * adding cython to config * adding cython to config * adding cython to config * adding cython to config --------- Co-authored-by: Gabriel Azevedo <[email protected]> Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> * Replace pygraphviz plotting with pyvis (mckinsey#228) * initial draft for pyvis plotting * modify edge length and mass for strong style and return pyvis object * add pytests and fix sklearn plotting function * update to include pyvis in requirements * add in notebook check tests for test_plot_dag * downgrade pyvis for compatibility * update to latest plotting functions * update requirements to exclude pygraphviz * upgrading ipython * moving ipython as main requirement * simplify plot_structure function * remove unused code and add test cases when needed * reset pyvis version to see if .show() is working on v0.3.1 * set ipython and python versions * undo previous change (ipython version change) * remove ipython version from requirements * re-add ipython version to requirements * change ipython+python version * undo change ipython+python version * check for different ipython versions * add quotation marks in requirements.txt * revert back to ipython>=8.10.0 * try out ipython requirements from kedro * revert back to ipython>=8.10 * change ipython requirements to successfully create environments * Updated pyvis tutorials (mckinsey#232) * update tutorials and adjust default values to improve output * allow user to change layout in plot_dag function before calling .show() * display df without dataframe_image * fix dataframe_image No such file or directory * remove one cell beacause unused * incorporate windows solution from Kyle * fix typo * change plot_structure documentation * change plot_dag documentation * check and correct all notebooks * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * refactoring plot syntax and changing logic in plot_dag * addressing Gabriel's comments * removing unused IPython conditional import * refactoring code to use display * Docs - update 01-tutorial * updating first tutotiral * updating plotting tutorial * updating plotting tutorial * updating display api * fixing bug - displau * fixing notebooks * fixing notebooks * fixing notebooks * fixing notebooks * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * updating pyvis version * updating notebook * Richard Comments - batch 1 * Update tests/test_plotting.py Co-authored-by: Richard Oentaryo <[email protected]> * Update tests/test_plotting.py Co-authored-by: Richard Oentaryo <[email protected]> * Richard Comments - batch 2 * adjust node color test to include background color * docs * docs * test * fixing mdlp with cython * fixing mdlp with cython * test * removing cython from requirements * adding cython to config --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: GabrielAz <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]> Co-authored-by: Gabriel Azevedo Ferreira <[email protected]> Co-authored-by: Richard Oentaryo <[email protected]> * fix: requirements.txt to reduce vulnerabilities (#247) The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 Co-authored-by: snyk-bot <[email protected]> * test * Release Notes 0.12.0 (#249) * temp (#242) * Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (mckinsey#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <[email protected]> * Simplifying requirements - Numpy version range (mckinsey#236) * Remove python 3.6 and 3.7 support (mckinsey#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <[email protected]> --------- Co-authored-by: GabrielAz <[email protected]> Co-authored-by: Gabriel Azevedo Ferreira <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> * unlocking numpy (mckinsey#238) Co-authored-by: Gabriel Azevedo <[email protected]> * Release 0.11.2 (mckinsey#239) Co-authored-by: Gabriel Azevedo <[email protected]> --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]> * Release Notes --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]> --------- Co-authored-by: ElisabethSesterHussQB <[email protected]> Co-authored-by: kyle_lim <[email protected]> Co-authored-by: Philip Pilgerstorfer <[email protected]> Co-authored-by: Gabriel Azevedo <[email protected]> Co-authored-by: Serene Yeo <[email protected]> Co-authored-by: Richard Oentaryo <[email protected]> Co-authored-by: Leon Nallamuthu <[email protected]> Co-authored-by: snyk-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
By pinning:
Why? Recently disclosed, Has a fix available, CVSS 7.7
SNYK-PYTHON-TORCH-6619806
torch:1.13.1 -> 2.2.0Why? Recently disclosed, Has a fix available, CVSS 8.3
SNYK-PYTHON-TORCH-6649934
torch:1.13.1 -> 2.2.0(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Use After Free