[Snyk] Fix for 30 vulnerabilities

[q1blue]

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • requirements.txt

⚠️ Warning

trl 0.9.4 requires transformers, which is not installed.
trl 0.9.4 requires torch, which is not installed.
trl 0.9.4 requires accelerate, which is not installed.
py7zr 0.21.0 requires pyppmd, which is not installed.
py7zr 0.21.0 requires inflate64, which is not installed.
invisible-watermark 0.2.0 requires torch, which is not installed.
datasets 2.13.2 has requirement dill<0.3.7,>=0.3.0, but you have dill 0.3.7.

Vulnerabilities that will be fixed

By pinning:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 330, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.64, Score Version: V5	Improper Input Validation SNYK-PYTHON-AIOHTTP-6091621	aiohttp: 3.8.6 -> 3.10.2	No	Proof of Concept
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 330, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.64, Score Version: V5	Improper Input Validation SNYK-PYTHON-AIOHTTP-6091622	aiohttp: 3.8.6 -> 3.10.2	No	Proof of Concept
	171/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.10259, Social Trends: No, Days since published: 267, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.84, Score Version: V5	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SNYK-PYTHON-AIOHTTP-6209406	aiohttp: 3.8.6 -> 3.10.2	No	Proof of Concept
	118/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00073, Social Trends: No, Days since published: 267, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.81, Score Version: V5	HTTP Request Smuggling SNYK-PYTHON-AIOHTTP-6209407	aiohttp: 3.8.6 -> 3.10.2	No	Proof of Concept
	64/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 188, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.54, Likelihood: 1.39, Score Version: V5	Cross-site Scripting (XSS) SNYK-PYTHON-AIOHTTP-6645291	aiohttp: 3.8.6 -> 3.10.2	No	No Known Exploit
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 171, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Infinite loop SNYK-PYTHON-AIOHTTP-6808823	aiohttp: 3.8.6 -> 3.10.2	No	No Known Exploit
	77/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 73, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 1.84, Score Version: V5	UNIX Symbolic Link (Symlink) Following SNYK-PYTHON-AIOHTTP-7675597	aiohttp: 3.8.6 -> 3.10.2	No	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 197, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-PYTHON-CRYPTOGRAPHY-6592767	cryptography: 42.0.5 -> 43.0.1	No	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 157, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5	Uncontrolled Resource Consumption SNYK-PYTHON-CRYPTOGRAPHY-6913422	cryptography: 42.0.5 -> 43.0.1	No	No Known Exploit
	147/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 49, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.45, Score Version: V5	Type Confusion SNYK-PYTHON-CRYPTOGRAPHY-7886970	cryptography: 42.0.5 -> 43.0.1	No	No Known Exploit
	124/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00072, Social Trends: No, Days since published: 308, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	XML External Entity (XXE) Injection SNYK-PYTHON-FONTTOOLS-6133203	fonttools: 4.38.0 -> 4.43.0	No	No Known Exploit
	137/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.39, Score Version: V5	Remote Code Execution (RCE) SNYK-PYTHON-NLTK-7411380	nltk: 3.8.1 -> 3.8.2	No	No Known Exploit
	57/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00074, Social Trends: No, Days since published: 1039, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5	NULL Pointer Dereference SNYK-PYTHON-NUMPY-2321964	numpy: 1.21.3 -> 1.22.2	No	Proof of Concept
	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00042, Social Trends: No, Days since published: 1039, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.67, Score Version: V5	Buffer Overflow SNYK-PYTHON-NUMPY-2321966	numpy: 1.21.3 -> 1.22.2	No	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 1039, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5	Denial of Service (DoS) SNYK-PYTHON-NUMPY-2321970	numpy: 1.21.3 -> 1.22.2	No	Proof of Concept
	649/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.6295, Social Trends: No, Days since published: 407, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 96, Impact: 10.1, Likelihood: 6.43, Score Version: V5	Heap-based Buffer Overflow SNYK-PYTHON-PILLOW-5918878	pillow: 9.5.0 -> 10.3.0	No	Mature
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00065, Social Trends: No, Days since published: 355, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-PYTHON-PILLOW-6043904	pillow: 9.5.0 -> 10.3.0	No	No Known Exploit
	254/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00074, Social Trends: No, Days since published: 276, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.59, Score Version: V5	Eval Injection SNYK-PYTHON-PILLOW-6182918	pillow: 9.5.0 -> 10.3.0	No	Proof of Concept
	125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 265, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Denial of Service (DoS) SNYK-PYTHON-PILLOW-6219984	pillow: 9.5.0 -> 10.3.0	No	No Known Exploit
	125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 265, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Denial of Service (DoS) SNYK-PYTHON-PILLOW-6219986	pillow: 9.5.0 -> 10.3.0	No	No Known Exploit
	116/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 205, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.06, Score Version: V5	Buffer Overflow SNYK-PYTHON-PILLOW-6514866	pillow: 9.5.0 -> 10.3.0	No	No Known Exploit
	203/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0052, Social Trends: No, Days since published: 349, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.07, Score Version: V5	Deserialization of Untrusted Data SNYK-PYTHON-PYARROW-6052811	pyarrow: 12.0.1 -> 14.0.1	No	No Known Exploit
	60/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Local, EPSS: 0.00045, Social Trends: No, Days since published: 155, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 8.63, Likelihood: 0.69, Score Version: V5	Always-Incorrect Control Flow Implementation SNYK-PYTHON-REQUESTS-6928867	requests: 2.31.0 -> 2.32.2	No	No Known Exploit
	101/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00532, Social Trends: No, Days since published: 670, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.68, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SETUPTOOLS-3180412	setuptools: 40.5.0 -> 70.0.0	No	No Known Exploit
	210/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 100, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.14, Score Version: V5	Improper Control of Generation of Code ('Code Injection') SNYK-PYTHON-SETUPTOOLS-7448482	setuptools: 40.5.0 -> 70.0.0	No	Proof of Concept
	167/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 188, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.08, Likelihood: 1.84, Score Version: V5	Use After Free SNYK-PYTHON-TORCH-6619806	torch: 1.13.1 -> 2.2.0	No	No Known Exploit
	147/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 188, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.08, Likelihood: 1.61, Score Version: V5	Heap-based Buffer Overflow SNYK-PYTHON-TORCH-6649934	torch: 1.13.1 -> 2.2.0	No	No Known Exploit
	101/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 127, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 100, Impact: 5.99, Likelihood: 1.67, Score Version: V5	Improper Removal of Sensitive Information Before Storage or Transfer SNYK-PYTHON-URLLIB3-7267250	urllib3: 2.0.7 -> 2.2.2	No	No Known Exploit
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00345, Social Trends: No, Days since published: 670, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-WHEEL-3180413	wheel: 0.32.2 -> 0.38.0	No	No Known Exploit
	140/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00043, Social Trends: No, Days since published: 106, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.33, Score Version: V5	Infinite loop SNYK-PYTHON-ZIPP-7430899	zipp: 3.15.0 -> 3.19.1	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

[restack-app]

No applications have been configured for previews targeting branch: main. To do so go to restack console and configure your applications for previews.