Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.2.1 main #120

Merged
merged 68 commits into from
Dec 10, 2024
Merged

0.2.1 main #120

merged 68 commits into from
Dec 10, 2024

Conversation

LachsBagel
Copy link
Collaborator

No description provided.

# Linting dependencies
pre-commit==3.5.0
flake8==7.0.0
black==24.2.0

Check warning

Code scanning / Trivy

psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file Medium

Package: black
Installed Version: 24.2.0
Vulnerability CVE-2024-21503
Severity: MEDIUM
Fixed Version: 24.3.0
Link: CVE-2024-21503
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2

Check failure

Code scanning / Trivy

flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header High

Package: flask
Installed Version: 2.2.2
Vulnerability CVE-2023-30861
Severity: HIGH
Fixed Version: 2.3.2, 2.2.5
Link: CVE-2023-30861
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2

Check failure

Code scanning / Trivy

python-werkzeug: high resource usage when parsing multipart form data with many fields High

Package: Werkzeug
Installed Version: 2.2.2
Vulnerability CVE-2023-25577
Severity: HIGH
Fixed Version: 2.2.3
Link: CVE-2023-25577
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2

Check failure

Code scanning / Trivy

python-werkzeug: user may execute code on a developer's machine High

Package: Werkzeug
Installed Version: 2.2.2
Vulnerability CVE-2024-34069
Severity: HIGH
Fixed Version: 3.0.3
Link: CVE-2024-34069
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2

Check warning

Code scanning / Trivy

python-werkzeug: high resource consumption leading to denial of service Medium

Package: Werkzeug
Installed Version: 2.2.2
Vulnerability CVE-2023-46136
Severity: MEDIUM
Fixed Version: 3.0.1, 2.3.8
Link: CVE-2023-46136
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2

Check warning

Code scanning / Trivy

werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows Medium

Package: Werkzeug
Installed Version: 2.2.2
Vulnerability CVE-2024-49766
Severity: MEDIUM
Fixed Version: 3.0.6
Link: CVE-2024-49766
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2

Check failure

Code scanning / Trivy

werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms High

Package: Werkzeug
Installed Version: 2.2.2
Vulnerability CVE-2024-49767
Severity: MEDIUM
Fixed Version: 3.0.6
Link: CVE-2024-49767
@@ -1,10 +1,13 @@
llama-cpp-python==0.2.90
sentencepiece==0.2.0
protobuf==5.27.2
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2

Check notice

Code scanning / Trivy

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie Low

Package: Werkzeug
Installed Version: 2.2.2
Vulnerability CVE-2023-23934
Severity: LOW
Fixed Version: 2.2.3
Link: CVE-2023-23934
huggingface-hub==0.24.3
flask==2.2.2
Werkzeug==2.2.2
flask-cors==4.0.1

Check failure

Code scanning / Trivy

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ... High

Package: flask-cors
Installed Version: 4.0.1
Vulnerability CVE-2024-6221
Severity: HIGH
Fixed Version: 4.0.2
Link: CVE-2024-6221
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants