Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump up pytorch-lightning version to 1.6.0 or higher #193

Merged
merged 17 commits into from
Apr 8, 2022
Merged

Bump up pytorch-lightning version to 1.6.0 or higher #193

merged 17 commits into from
Apr 8, 2022

Conversation

samet-akcay
Copy link
Contributor

Description

  • Current version of pytorch_lightning library has vulnerability to code injection (code read from environment variables started with PL_ could be evaluated.)

    • bump up pytorch-lightning version to 1.6.0 would avoid this vulnerability.

  • Fixes Fix the pytorch_lightning env vars vulnerability #191

Changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist

  • My code follows the pre-commit style and check guidelines of this project.
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing tests pass locally with my changes

@samet-akcay
bump up pytorch-lightning version
8ccf8f6
@samet-akcay
bump up to 1.6.0 or higher
1c5203d
@samet-akcay
Merge branch 'development' of github.com:openvinotoolkit/anomalib int…
0011e16 
…o fix/sa/pytorch-lightning-vulnerability
@samet-akcay
🛠 Fix typo.
6913bf4
@samet-akcay
Merge branch 'development' of github.com:openvinotoolkit/anomalib int…
a5f981a 
…o fix/sa/pytorch-lightning-vulnerability
@samet-akcay
🛠 Fix mypy issues.
de21af5
@samet-akcay
Merge branch 'development' of github.com:openvinotoolkit/anomalib int…
cef5fb8 
…o fix/sa/pytorch-lightning-vulnerability
@samet-akcay
🔄 Switch soft permutation to false by default since this radically
403ce71 
slows down the training.
@samet-akcay
Merge branch 'fix/sa/cflow-switch-to-hard-permutation-by-default' of …
f82f16b 
…github.com:openvinotoolkit/anomalib into fix/sa/pytorch-lightning-vulnerability
@samet-akcay
Merge branch 'development' of github.com:openvinotoolkit/anomalib int…
b8ff5d7 
…o fix/sa/pytorch-lightning-vulnerability
@samet-akcay samet-akcay mentioned this pull request Apr 7, 2022
Closed
djdameln
djdameln reviewed Apr 8, 2022
View reviewed changes
anomalib/utils/callbacks/visualizer_callback.py
@@ -68,7 +69,7 @@ def _add_images(
for log_to in module.hparams.project.log_images_to:
if log_to in loggers.AVAILABLE_LOGGERS:
# check if logger object is same as the requested object
if log_to in logger_type and module.logger is not None:
if log_to in logger_type and module.logger is not None and isinstance(module.logger, ImageLoggerBase):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain why this is needed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is to silence mypy. Some typings have changed in pl 1.6, causing some mypy issues.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, so no functional changes to the visualizer callback then

@samet-akcay samet-akcay mentioned this pull request Apr 8, 2022
Merged
11 tasks
@samet-akcay samet-akcay merged commit ce00b50 into development Apr 8, 2022
@samet-akcay samet-akcay deleted the fix/sa/pytorch-lightning-vulnerability branch April 8, 2022 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djdameln djdameln djdameln approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix the pytorch_lightning env vars vulnerability
2 participants
@samet-akcay @djdameln