Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is is possible to release new pypi package with upgraded torch and numpy version to fix vulnerability? #17

Open
shlin168 opened this issue Jun 19, 2023 · 0 comments
Open

Is is possible to release new pypi package with upgraded torch and numpy version to fix vulnerability? #17

shlin168 opened this issue Jun 19, 2023 · 0 comments

Comments

@shlin168
Copy link

Hi adobe team,

The latest version of stringlifier in pypi is v0.1.1.4, which is still using torch==1.6.0 and numpy==1.19.2. The last commit unleashed the version of torch while it’s not packaged to pypi.

We have no problem using the library, while there’s a vulnerability in torch==1.6.0 (CVE-2022-45907). To fix that, we need to upgrade torch to 1.13.1 with corresponding numpy version.

I have tried to clone repo, change requirements.txt with torch==1.13.1 and numpy==1.22.0, then build by ourselves to fix the vulnerability, while I would like to ask 2 questions

  1. Is it possible to release a new version to pypi with upgraded torch and numpy. Then we do not need to build by ourselves.
  2. Is there any issues for upgrading both libraries?

Thanks!

BR,
Shandi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shlin168