Skip to content

Dependency updates for security vulnerabilities #1

Description

@agentmess

From Dependabot alerts:

LarsonLab / dnlinv
Known security vulnerabilities detected

Dependency
tornado
Version
< 6.3.2
Upgrade to
~> 6.3.2
Defined in
requirements.txt
Vulnerabilities
CVE-2024-52804 High severity
CVE-2023-28370 Moderate severity
GHSA-qppv-j76h-2rpx Moderate severity
GHSA-753j-mpmx-qq6g Moderate severity
GHSA-w235-7p84-xx57 Moderate severity
Dependency
numpy
Version
<= 1.16.0
Defined in
requirements.txt
Vulnerabilities
Dependency
certifi
Version

= 2015.4.28< 2023.7.22
Upgrade to
~> 2023.7.22
Defined in
requirements.txt
Vulnerabilities
CVE-2023-37920 High severity
Dependency
pillow
Version
= 5.2.0< 8.3.2
Upgrade to
~> 8.3.2
Defined in
requirements.txt
Vulnerabilities
CVE-2020-5310 Critical severity
CVE-2021-25289 Critical severity
CVE-2021-25289 Critical severity
CVE-2021-23437 High severity
CVE-2021-23437 High severity
View 13 more
Dependency
Pillow
Version
< 10.0.1
Upgrade to
~> 10.0.1
Defined in
requirements.txt
Vulnerabilities
CVE-2023-50447 Critical severity
CVE-2023-50447 Critical severity
CVE-2023-4863 High severity
CVE-2023-4863 High severity
Dependency
tqdm
Version
= 4.4.0< 4.66.3
Upgrade to
~> 4.66.3
Defined in
requirements.txt
Vulnerabilities
CVE-2024-34062 Low severity
Dependency
torch
Version
< 2.2.0
Upgrade to
~> 2.2.0
Defined in
requirements.txt
Vulnerabilities
CVE-2024-31580 High severity
CVE-2024-31580 High severity
CVE-2024-31583 High severity
CVE-2024-31583 High severity
Dependency
dask
Version
= 0< 2021.10.0
Upgrade to
~> 2021.10.0
Defined in
requirements.txt
Vulnerabilities
CVE-2021-42343 Critical severity

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions