-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub CVE warning for flask #6
Comments
GitHub sent another ping about this. Can you please fix in the various branches? Thanks! |
I started to test the new flask version. I checked the error message and for Flask < 2.2,5 we can also use version 2.2.5 as a solution: I will test that next and hope that this will work. Let you know afterwards. Test details: |
Thanks so much! If 2.2.5 does the job, we can move conservatively at first, and then when we have the new ODH environment (which will upgrade LOTS of dependencies) we can see how much needs to be done to upgrade to 2.3.2 (or later). |
Hi Michael, Seems that this is a real showstopper for the new flask version. |
Thanks for your continued diligence into this problem. Maybe it's time to take the past discussion to heart and either switch from Farm to Haystack or consider other methods for training models. @Shreyanand how have folks on your team dealt with this question? |
@MichaelTiemannOSC thanks for the tag! We have not encountered the exact Flask problem in this issue but when we were implementing the sparsity models, we ran into incompatibilities with the old Farm version. In order to train the sparse models, we had to port the training and inference code to use the Huggingface transformers package. The notebook here shows how it can work in this use case. |
Think this issue needs some priority; I will try and talk to Michael about it this week. |
GitHub warns that flask < 2.3.2 in
requirements.txt
suffers from CVE-2023-30861. flask ~> 2.3.2 is a fix (but may require other libraries be updated, depending on dependencies).@HeatherAck
The text was updated successfully, but these errors were encountered: