Security vulnerability caused by pinned versions of transformers #7338
Comments
KumoLiu
added a commit
to KumoLiu/MONAI
that referenced
this issue
Dec 27, 2023
Signed-off-by: YunLiu <55491388+KumoLiu@users.noreply.github.com>
KumoLiu
added a commit
that referenced
this issue
Dec 29, 2023
Fixes #7338 ### Description transformers' version is pinned to v4.22 since #5157. Updated the version refer to huggingface/transformers#21678. ### Types of changes <!--- Put an `x` in all the boxes that apply, and remove the not applicable items --> - [x] Non-breaking change (fix or new feature that would not break existing functionality). - [ ] Breaking change (fix or new feature that would cause existing functionality to change). - [ ] New tests added to cover the changes. - [ ] Integration tests passed locally by running `./runtests.sh -f -u --net --coverage`. - [ ] Quick tests passed locally by running `./runtests.sh --quick --unittests --disttests`. - [ ] In-line docstrings updated. - [ ] Documentation updated, tested `make html` command in the `docs/` folder. --------- Signed-off-by: YunLiu <55491388+KumoLiu@users.noreply.github.com>
marksgraham
pushed a commit
to marksgraham/MONAI
that referenced
this issue
Jan 30, 2024
Fixes Project-MONAI#7338 ### Description transformers' version is pinned to v4.22 since Project-MONAI#5157. Updated the version refer to huggingface/transformers#21678. ### Types of changes <!--- Put an `x` in all the boxes that apply, and remove the not applicable items --> - [x] Non-breaking change (fix or new feature that would not break existing functionality). - [ ] Breaking change (fix or new feature that would cause existing functionality to change). - [ ] New tests added to cover the changes. - [ ] Integration tests passed locally by running `./runtests.sh -f -u --net --coverage`. - [ ] Quick tests passed locally by running `./runtests.sh --quick --unittests --disttests`. - [ ] In-line docstrings updated. - [ ] Documentation updated, tested `make html` command in the `docs/` folder. --------- Signed-off-by: YunLiu <55491388+KumoLiu@users.noreply.github.com> Signed-off-by: Mark Graham <markgraham539@gmail.com>
juampatronics
pushed a commit
to juampatronics/MONAI
that referenced
this issue
Mar 25, 2024
Fixes Project-MONAI#7338 ### Description transformers' version is pinned to v4.22 since Project-MONAI#5157. Updated the version refer to huggingface/transformers#21678. ### Types of changes <!--- Put an `x` in all the boxes that apply, and remove the not applicable items --> - [x] Non-breaking change (fix or new feature that would not break existing functionality). - [ ] Breaking change (fix or new feature that would cause existing functionality to change). - [ ] New tests added to cover the changes. - [ ] Integration tests passed locally by running `./runtests.sh -f -u --net --coverage`. - [ ] Quick tests passed locally by running `./runtests.sh --quick --unittests --disttests`. - [ ] In-line docstrings updated. - [ ] Documentation updated, tested `make html` command in the `docs/` folder. --------- Signed-off-by: YunLiu <55491388+KumoLiu@users.noreply.github.com> Signed-off-by: Juan Pablo de la Cruz Gutiérrez <juampatronics@gmail.com>
Yu0610
pushed a commit
to Yu0610/MONAI
that referenced
this issue
Apr 11, 2024
Fixes Project-MONAI#7338 ### Description transformers' version is pinned to v4.22 since Project-MONAI#5157. Updated the version refer to huggingface/transformers#21678. ### Types of changes <!--- Put an `x` in all the boxes that apply, and remove the not applicable items --> - [x] Non-breaking change (fix or new feature that would not break existing functionality). - [ ] Breaking change (fix or new feature that would cause existing functionality to change). - [ ] New tests added to cover the changes. - [ ] Integration tests passed locally by running `./runtests.sh -f -u --net --coverage`. - [ ] Quick tests passed locally by running `./runtests.sh --quick --unittests --disttests`. - [ ] In-line docstrings updated. - [ ] Documentation updated, tested `make html` command in the `docs/` folder. --------- Signed-off-by: YunLiu <55491388+KumoLiu@users.noreply.github.com> Signed-off-by: Yu0610 <612410030@alum.ccu.edu.tw>
vgrau98
pushed a commit
to vgrau98/MONAI
that referenced
this issue
Apr 28, 2024
Fixes Project-MONAI#7338 ### Description transformers' version is pinned to v4.22 since Project-MONAI#5157. Updated the version refer to huggingface/transformers#21678. ### Types of changes <!--- Put an `x` in all the boxes that apply, and remove the not applicable items --> - [x] Non-breaking change (fix or new feature that would not break existing functionality). - [ ] Breaking change (fix or new feature that would cause existing functionality to change). - [ ] New tests added to cover the changes. - [ ] Integration tests passed locally by running `./runtests.sh -f -u --net --coverage`. - [ ] Quick tests passed locally by running `./runtests.sh --quick --unittests --disttests`. - [ ] In-line docstrings updated. - [ ] Documentation updated, tested `make html` command in the `docs/` folder. --------- Signed-off-by: YunLiu <55491388+KumoLiu@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
GHSA-v68g-wm8c-6x7j
As we pinned the dependency to an earlier version of
transformers, there are some known security vulnerabilities that cannot be easily resolve.Can we consider unpinning the version of
transformers? Thanks!The text was updated successfully, but these errors were encountered: