Could you help upgrade the vulnerble dependency in mmedit?

[MikeWazoWski123]

Hi, @Yshuo-Li , @hejm37 , I'd like to report a vulnerability issue in mmedit_0.14.0.

Issue Description

I noticed that mmedit_0.14.0 directly depends on opencv-python_4.5.4.60.
However, opencv-python_4.5.4.60 sufferes from the vulnerabilites which the C libraries exposed as following dependency graph shows. Refer to issue.

Dependency Graph between Python and Shared Libraries

Suggested Vulnerability Patch Versions

opencv-python has upgraded these vulnerable C libraries to patch versions in its release 4.5.4.64.

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (mmedit has 3,342 downloads per month), could you please upgrade this vulnerable dependency?

Thanks for your help~
Best regards,
MikeWazowski

[wangruohui]

Hello, we will investigate soon. But based on my memory, there are memory bugs in higher versions. Thus we need to check.

BTW, may I know if you are using mmediting in some security-critical environment?

[wangruohui]

Did you mean 4.5.5.64 ?

[MikeWazoWski123]

Did you mean 4.5.5.64 ?

Oh, My mistake. Thanks @wangruohui .
I have revised the issue report.

[wangruohui]

We limited its version because of another bug. OpenCV with newer version will introduce segfault. You can check the log of CI in #833. It seems this problem is still not solved in 4.5.5.64.

Moreover, may I know where did you get the number of downloads per-month of this repo?