Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates to address vulnerabilities detected by Snyk.io #2465

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Updates to address vulnerabilities detected by Snyk.io #2465

wants to merge 11 commits into from
+5 −2

Conversation

BraveHeart-David
Copy link

These updates are to address vulnerabilities detected by Snyk.io. Updating the requirements to at least versions indicated will address the vulnerabilities.

snyk-bot and others added 11 commits November 19, 2024 07:44
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
32ddcb1 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
@BraveHeart-David
Merge pull request #1 from BraveHeart-David/snyk-fix-f5bed9b1d80526c3…
3c45fc4 
…62f894e8f534d5da

[Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
2cc6bcf 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
@BraveHeart-David
Merge pull request #2 from BraveHeart-David/snyk-fix-71bb6be8e11062d4…
16c2821 
…50fdc7647bf71544

[Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
c8128c2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
@BraveHeart-David
Merge pull request #3 from BraveHeart-David/snyk-fix-bdbd0a69a2d19272…
e9c1f7f 
…85019fd18ae29429

[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
55e0339 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413
@BraveHeart-David
Merge pull request #4 from BraveHeart-David/snyk-fix-5bd06031a0ec037f…
3a2366e 
…3049b211dde2b777

[Snyk] Security upgrade wheel from 0.32.2 to 0.38.0
@BraveHeart-David
Merge pull request #5 from openai/main
dc7b532 
Updating README and doc strings to reflect that n_mels can now be 128…
@BraveHeart-David
Merge pull request #6 from openai/main
458b053 
Bugfix: Illogical "Avoid computing higher temperatures on no_speech" …
@BraveHeart-David
Update requirements.txt
548e3e4 
To fix vulnerability per snyk, we set the minimum versions.
@CodiumAI-Agent
Copy link

Title

Updates to address vulnerabilities detected by Snyk.io

User description

These updates are to address vulnerabilities detected by Snyk.io. Updating the requirements to at least versions indicated will address the vulnerabilities.

PR Type

Bug fix, Enhancement

Description

  • Updated requirements.txt to address vulnerabilities detected by Snyk.io.
  • Pinned numpy to version >=1.22.2 and torch to version >=2.2.0 to fix vulnerabilities.
  • Added specific versions for setuptools, zipp, and wheel to mitigate vulnerabilities as identified by Snyk.
  • Ensured compatibility and security by updating transitive dependencies.

Changes walkthrough 📝

Relevant files
Bug fix
requirements.txt
Updated dependencies in `requirements.txt` to address vulnerabilities

requirements.txt

  • Updated numpy to version >=1.22.2 to address vulnerabilities.
  • Updated torch to version >=2.2.0 to address vulnerabilities.
  • Added setuptools>=70.0.0 to address a Snyk-detected vulnerability.
  • Added zipp>=3.19.1 to address a Snyk-detected vulnerability.
  • Added wheel>=0.38.0 to address a Snyk-detected vulnerability.
    		• +5/-2     

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @chungocchien
    Copy link

    Preparing review...

    1 similar comment
    @chungocchien
    Copy link

    Preparing review...

    @chungocchien
    Copy link

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    4 participants
    @BraveHeart-David @CodiumAI-Agent @chungocchien @snyk-bot