Skip to content

Commit

Permalink
Use mkstemp to replace deprecated mktemp (#23372)
Browse files Browse the repository at this point in the history 
* Use `mkstemp` to replace deprecated `mktemp`

The `tempfile.mktemp` function is [deprecated](https://docs.python.org/3/library/tempfile.html#tempfile.mktemp) due to [security issues](https://cwe.mitre.org/data/definitions/377.html).

* Update src/transformers/utils/hub.py

Co-authored-by: amyeroberts <22614925+amyeroberts@users.noreply.github.com>

---------

Co-authored-by: amyeroberts <22614925+amyeroberts@users.noreply.github.com>
  • Loading branch information
@ready-research @amyeroberts
ready-research and amyeroberts committed May 16, 2023
1 parent ba6815e commit 80ca924
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/transformers/utils/hub.py
View file
Expand Up @@ -578,7 +578,7 @@ def download_url(url, proxies=None):
" that this is not compatible with the caching system (your file will be downloaded at each execution) or"
" multiple processes (each process will download the file in a different temporary file)."
)
tmp_file = tempfile.mktemp()
tmp_file = tempfile.mkstemp()[1]
with open(tmp_file, "wb") as f:
http_get(url, f, proxies=proxies)
return tmp_file
Expand Down

2 comments on commit 80ca924

@bconsolvo
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you put this into main / a release? I guess this was a security issue.

Ben

@dhrubo-os
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any ETA to release this security fix?

Please sign in to comment.