[Snyk] Security upgrade torch from 1.13.1 to 2.2.0 #230
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6619806 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-6649934
Jimmy-INL
pushed a commit
to Jimmy-INL/causalnex
that referenced
this pull request
May 17, 2024
* temp (#242) * Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> * Simplifying requirements - Numpy version range (#236) * Remove python 3.6 and 3.7 support (#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> --------- Co-authored-by: GabrielAz <gabriel.azevedoferreira@quantumblack.com> Co-authored-by: Gabriel Azevedo Ferreira <57528979+GabrielAzevedoFerreiraQB@users.noreply.github.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> * unlocking numpy (#238) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Release 0.11.2 (#239) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Release Notes --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com>
Jimmy-INL
pushed a commit
to Jimmy-INL/causalnex
that referenced
this pull request
May 17, 2024
* Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> * Simplifying requirements - Numpy version range (#236) * Remove python 3.6 and 3.7 support (#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> --------- Co-authored-by: GabrielAz <gabriel.azevedoferreira@quantumblack.com> Co-authored-by: Gabriel Azevedo Ferreira <57528979+GabrielAzevedoFerreiraQB@users.noreply.github.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> * unlocking numpy (#238) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Release 0.11.2 (#239) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Replacing Pygraphviz with Pyvis (#237) * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * temp (#242) * Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> * Simplifying requirements - Numpy version range (#236) * Remove python 3.6 and 3.7 support (#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> --------- Co-authored-by: GabrielAz <gabriel.azevedoferreira@quantumblack.com> Co-authored-by: Gabriel Azevedo Ferreira <57528979+GabrielAzevedoFerreiraQB@users.noreply.github.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> * unlocking numpy (#238) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Release 0.11.2 (#239) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * adding cython to config * adding cython to config * adding cython to config * adding cython to config --------- Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> * Replace pygraphviz plotting with pyvis (mckinsey#228) * initial draft for pyvis plotting * modify edge length and mass for strong style and return pyvis object * add pytests and fix sklearn plotting function * update to include pyvis in requirements * add in notebook check tests for test_plot_dag * downgrade pyvis for compatibility * update to latest plotting functions * update requirements to exclude pygraphviz * upgrading ipython * moving ipython as main requirement * simplify plot_structure function * remove unused code and add test cases when needed * reset pyvis version to see if .show() is working on v0.3.1 * set ipython and python versions * undo previous change (ipython version change) * remove ipython version from requirements * re-add ipython version to requirements * change ipython+python version * undo change ipython+python version * check for different ipython versions * add quotation marks in requirements.txt * revert back to ipython>=8.10.0 * try out ipython requirements from kedro * revert back to ipython>=8.10 * change ipython requirements to successfully create environments * Updated pyvis tutorials (mckinsey#232) * update tutorials and adjust default values to improve output * allow user to change layout in plot_dag function before calling .show() * display df without dataframe_image * fix dataframe_image No such file or directory * remove one cell beacause unused * incorporate windows solution from Kyle * fix typo * change plot_structure documentation * change plot_dag documentation * check and correct all notebooks * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * refactoring plot syntax and changing logic in plot_dag * addressing Gabriel's comments * removing unused IPython conditional import * refactoring code to use display * Docs - update 01-tutorial * updating first tutotiral * updating plotting tutorial * updating plotting tutorial * updating display api * fixing bug - displau * fixing notebooks * fixing notebooks * fixing notebooks * fixing notebooks * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * Replacing Pygraphviz with Pyvis * updating pyvis version * updating notebook * Richard Comments - batch 1 * Update tests/test_plotting.py Co-authored-by: Richard Oentaryo <oentaryorj@users.noreply.github.com> * Update tests/test_plotting.py Co-authored-by: Richard Oentaryo <oentaryorj@users.noreply.github.com> * Richard Comments - batch 2 * adjust node color test to include background color * docs * docs * test * fixing mdlp with cython * fixing mdlp with cython * test * removing cython from requirements * adding cython to config --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: GabrielAz <gabriel.azevedoferreira@quantumblack.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> Co-authored-by: Gabriel Azevedo Ferreira <57528979+GabrielAzevedoFerreiraQB@users.noreply.github.com> Co-authored-by: Richard Oentaryo <oentaryorj@users.noreply.github.com> * fix: requirements.txt to reduce vulnerabilities (#247) The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * test * Release Notes 0.12.0 (#249) * temp (#242) * Limiting numpy version (mckinsey#217) * adding line on yml - no effect * adding line on yml - no effect * changing req.txt * changing req.txt * changing req.txt * adding setuptools requirement (mckinsey#218) * adding setuptools requirement * adding setuptools requirement * update dictionaries to pass linting (mckinsey#230) * Refactor/unlock numpy kl (#235) * unlocking numpy * unlocking numpy * unlocking numpy * dependency fixes for docs and linters * requirement fixes : numpy <1.24 for all python versions --------- Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> * Simplifying requirements - Numpy version range (#236) * Remove python 3.6 and 3.7 support (#234) * remove python 3.6 and 3.7 support * update documentation * remove comment regarding ignoring a warning when running `make build-docs` * removing ipython from test requiremnets * Update README.md Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> --------- Co-authored-by: GabrielAz <gabriel.azevedoferreira@quantumblack.com> Co-authored-by: Gabriel Azevedo Ferreira <57528979+GabrielAzevedoFerreiraQB@users.noreply.github.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> * unlocking numpy (#238) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Release 0.11.2 (#239) Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> * Release Notes --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> --------- Co-authored-by: ElisabethSesterHussQB <92664441+ElisabethSesterHussQB@users.noreply.github.com> Co-authored-by: kyle_lim <kyle_lim@mckinsey.com> Co-authored-by: Philip Pilgerstorfer <34248114+qbphilip@users.noreply.github.com> Co-authored-by: Gabriel Azevedo <gabriel_azevedo_ferreira@mckinsey.com> Co-authored-by: Serene Yeo <118331898+SereneYeo@users.noreply.github.com> Co-authored-by: Richard Oentaryo <oentaryorj@users.noreply.github.com> Co-authored-by: Leon Nallamuthu <38660312+leonnallamuthu@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
By pinning:
Why? Recently disclosed, Has a fix available, CVSS 7.7
SNYK-PYTHON-TORCH-6619806
torch:1.13.1 -> 2.2.0Why? Recently disclosed, Has a fix available, CVSS 8.3
SNYK-PYTHON-TORCH-6649934
torch:1.13.1 -> 2.2.0(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Use After Free