Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade requests from 2.31.0 to 2.32.0 #13039

Merged
merged 1 commit into from
May 24, 2024

Conversation

glenn-jocher
Copy link
Member

@glenn-jocher glenn-jocher commented May 22, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • requirements.txt

Vulnerabilities that will be fixed

By pinning:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 566/1000
Why? Recently disclosed, Has a fix available, CVSS 5.6
Always-Incorrect Control Flow Implementation
SNYK-PYTHON-REQUESTS-6928867
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

🛠️ PR Summary

Made with ❤️ by Ultralytics Actions

🌟 Summary

Upgrade to HTTP request handling in YOLOv5 🚀

📊 Key Changes

  • Updated the minimum required version of the requests library from 2.23.0 to 2.32.0.

🎯 Purpose & Impact

  • Enhanced Security and Stability: The update ensures that YOLOv5 uses the latest features, security patches, and stability improvements available in the requests library.
  • Better Compatibility: Users benefit from improved compatibility with other libraries and systems, reducing potential conflicts.
  • Smooth User Experience: This can lead to better performance and fewer errors when YOLOv5 communicates over the internet, resulting in a smoother experience for developers and end-users alike.

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
@glenn-jocher glenn-jocher merged commit 60dde7f into master May 24, 2024
9 checks passed
@glenn-jocher glenn-jocher deleted the snyk-fix-9313cd7d788671fe58f2e63de4582722 branch May 24, 2024 05:50
kevinconka added a commit to SEA-AI/yolov5 that referenced this pull request May 28, 2024
* Modified iou values and extended hyps

* Add pre-augmentation step for 16bit thermal imgs

* training with 16to8bit augmentation works

* Modifications to 16-to-8 bit augmentations

* minor rename

* minor changes due to usage

* Grouped training scripts in folder

* added horizon utils

* Added dataloaders

* rename to avoid confusion w/ yolov5/utils folder

* add pitch and yaw targets

* HorizonDataset working w albumentations transform

* Training loop working (needs refactoring)

* Create README.md

Signed-off-by: Kevin Serrano <[email protected]>

* refactored models.py

* Added TODOs to README

* added train.py and transforms.py to cleanup nb

* Checked some TODOs from horizon/README.md

* updated tests nb

* Save val/train loss plots as png images

* Added loss weigths for horizon training

* Added more TODOs

* Added weather augmentations to rgb

* tensorrt engine working (WIP)

* added patch for tensorRT v7

* Update README.md

Signed-off-by: Kevin Serrano <[email protected]>

* added small change for wandb run_id

* Update models.py

Signed-off-by: Kevin Serrano <[email protected]>

* Added batch support for yolotrt

* folder refactoring

* more refactoring... added "hybrids" folder

* Update yolotrt.py

Signed-off-by: Kevin Serrano <[email protected]>

* working nb for ahoy-IR.engine

* AHOYv5 and DANv5 refactored

* typing compatibility with python3.8

* get images from url and use softmax for horizon postprocessing in dan_tests

* made output_modes compatible with batched inference for ahoy

* tweakes plus extended export function for AHOY and DAN models

* Add benchmarking script for AHOY and DAN models

* fixed misspelling

* new preprocessing function

* faster preprocessing

* fast preprocess

* Add close_mosaic option to train.py and dataloaders.py

* Update hyp.sea-ai-IR.yaml

* Update hyp.sea-ai.yaml

* Update close-mosaic argument description

* increase kmeans iter for autoanchor

* added class mapping to dan

* refactored dan cls_maps

* Update Discord and Contributing Guide URLs (ultralytics#12847)

* Update Discord and Contributing Guide URLs

* Update __init__.py

Signed-off-by: Glenn Jocher <[email protected]>

---------

Signed-off-by: Glenn Jocher <[email protected]>

* refactored trt inference code after adding it to Core-Backend

* fixed bug in horizon output decoding when lr padding was added during inference

* added small comment

* add export hooks to get fp32 to fp16 done in GPU

* register hooks before dry runs when exporting hybrids

* added preprocessing operations to the model via hooks before trt export

* added hook to export process

* make dummy input int8 for trt export

* added softmax to postprocessing hook to add it to the model

* remove softmax from theta, offset postprocessing

* [Snyk] Security upgrade pillow from 9.5.0 to 10.3.0 (ultralytics#12868)

* fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866

* Update requirements.txt

Signed-off-by: Glenn Jocher <[email protected]>

---------

Signed-off-by: Glenn Jocher <[email protected]>
Co-authored-by: snyk-bot <[email protected]>

* Create cla.yml (ultralytics#12899)

Signed-off-by: Glenn Jocher <[email protected]>

* Sort imports with Ruff and iSort (ultralytics#12915)

* Sort imports with Ruff and iSort

Signed-off-by: Glenn Jocher <[email protected]>

* Auto-format by https://ultralytics.com/actions

---------

Signed-off-by: Glenn Jocher <[email protected]>
Co-authored-by: UltralyticsAssistant <[email protected]>

* Create merge-main-into-prs.yml (ultralytics#12918)

* Create merge-main-into-prs.yml

Signed-off-by: Glenn Jocher <[email protected]>

* Update merge-main-into-prs.yml

Signed-off-by: Glenn Jocher <[email protected]>

---------

Signed-off-by: Glenn Jocher <[email protected]>

* Update to `ultralytics>=8.1.47` (ultralytics#12919)

Signed-off-by: Glenn Jocher <[email protected]>

* Update merge-main-into-prs.yml (ultralytics#12920)

Signed-off-by: Glenn Jocher <[email protected]>

* Update merge-main-into-prs.yml (ultralytics#12921)

Signed-off-by: Glenn Jocher <[email protected]>

* Update merge-main-into-prs.yml (ultralytics#12922)

Signed-off-by: Glenn Jocher <[email protected]>

* Bump gunicorn from 19.10.0 to 22.0.0 in /utils/google_app_engine (ultralytics#12929)

* Bump gunicorn from 19.10.0 to 22.0.0 in /utils/google_app_engine

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 19.10.0 to 22.0.0.
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@19.10.0...22.0.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* [Snyk] Security upgrade gunicorn from 19.10.0 to 22.0.0 (ultralytics#12938)

fix: utils/google_app_engine/additional_requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672

Co-authored-by: snyk-bot <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Glenn Jocher <[email protected]>
Co-authored-by: snyk-bot <[email protected]>

* Refactor model variable names in export.py and export_hybrid.py

* Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 in /.github/workflows (ultralytics#12948)

* Bump slackapi/slack-github-action in /.github/workflows

Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.25.0 to 1.26.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update ci-testing.yml

Signed-off-by: Glenn Jocher <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Glenn Jocher <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Glenn Jocher <[email protected]>

* ResizeIfNeeded augmentation and plot MSEs during training

* Update num_workers in dataloaders.py

* Add Turkish and Vietnamese Docs (ultralytics#12972)

* Add Turkish and Vietnamese Docs

Signed-off-by: Glenn Jocher <[email protected]>

* Update README.md

Signed-off-by: Glenn Jocher <[email protected]>

* Update pyproject.toml

Signed-off-by: Glenn Jocher <[email protected]>

---------

Signed-off-by: Glenn Jocher <[email protected]>

* Refactor horizon.py and custom.py for better readability and maintainability.

* Add best_mse.pt checkpoint saving during training

* Fix data type conversion issue in custom.py

* Fix data type conversion issue in train.py

* wandb integration working

* cleaned nb

* scale pitch for gt and preds when processing 320x256 imgs

* fix msu_sum and better cli logging

* fixed mask visualisation

* cast to int32 for cv2.line

* Fix formatting issue in cli logging

* Backport compatibility with TensorRT version 10 from yolov8 (ultralytics#12984)

Add compatibility with TensorRT version 10.

Based on the is_trt10 code in yolov8.

* Set `TORCH_CPP_LOG_LEVEL=ERROR` for reduced verbosity (ultralytics#12989)

* modify torch cpp log level to Error to avoid annoying print

* Auto-format by https://ultralytics.com/actions

---------

Co-authored-by: UltralyticsAssistant <[email protected]>

* Add `pip install --retries 3` to CI to resolve transients (ultralytics#13001)

* Add `pip install --retries 3` to CI to resolve transients

Signed-off-by: Glenn Jocher <[email protected]>

* Update ci-testing.yml

Signed-off-by: Glenn Jocher <[email protected]>

---------

Signed-off-by: Glenn Jocher <[email protected]>

* Revert CI `pip install` retries to default (ultralytics#13002)

Signed-off-by: Glenn Jocher <[email protected]>

* Centralize ENV variable definition in utils/general.py (ultralytics#13004)

* Centralize ENV variable definition in utils/general.py

Signed-off-by: Glenn Jocher <[email protected]>

* Update export.py

Signed-off-by: Glenn Jocher <[email protected]>

* Auto-format by https://ultralytics.com/actions

---------

Signed-off-by: Glenn Jocher <[email protected]>
Co-authored-by: UltralyticsAssistant <[email protected]>

* Bump contributor-assistant/github-action from 2.3.2 to 2.4.0 in /.github/workflows (ultralytics#13006)

Bump contributor-assistant/github-action in /.github/workflows

Bumps [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) from 2.3.2 to 2.4.0.
- [Release notes](https://github.com/contributor-assistant/github-action/releases)
- [Commits](contributor-assistant/github-action@v2.3.2...v2.4.0)

---
updated-dependencies:
- dependency-name: contributor-assistant/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Reformat Markdown code blocks (ultralytics#13023)

* [Snyk] Security upgrade requests from 2.31.0 to 2.32.0 (ultralytics#13039)

fix: requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867

Co-authored-by: snyk-bot <[email protected]>

* Update Ultralytics YouTube URL (ultralytics#13046)

* Update Ultralytics YouTube URL

* Update README.md

Signed-off-by: Glenn Jocher <[email protected]>

* Auto-format by https://ultralytics.com/actions

---------

Signed-off-by: Glenn Jocher <[email protected]>
Co-authored-by: UltralyticsAssistant <[email protected]>

* minor notebook update

* Function docstrings added

* Auto-format by https://ultralytics.com/actions

---------

Signed-off-by: Kevin Serrano <[email protected]>
Signed-off-by: Glenn Jocher <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: franziska-denk <[email protected]>
Co-authored-by: GilSimas <[email protected]>
Co-authored-by: Glenn Jocher <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: UltralyticsAssistant <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nick Martin <[email protected]>
Co-authored-by: inisis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants