Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump up the pytorch lightning to master branch due to vulnurability issues #55

Merged
merged 35 commits into from
Feb 7, 2022
Merged

Bump up the pytorch lightning to master branch due to vulnurability issues #55

merged 35 commits into from
Feb 7, 2022

Conversation

samet-akcay
Copy link
Contributor

@samet-akcay samet-akcay commented Dec 30, 2021
edited
Loading

Description

  • anomalib currently uses pytorch-lightning v1.3.6, which uses yaml unsafe loader, causing vulnurabilities. According to @LeonidBeynenson, this vulnurability has been addressed in the master branch v1.6.0dev, but has not been released as a package yet. Therefore we use git+https in requirements/base.txt

Known Issues

  • ScoreNormalization currently fails. Need to investigate what would be causing this issue.

Changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist:

  • My code follows the pre-commit style and check guidelines of this project.
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing tests pass locally with my changes

@samet-akcay samet-akcay added Bug Something isn't working Security labels Jan 7, 2022
@samet-akcay samet-akcay mentioned this pull request Jan 10, 2022
Closed
@samet-akcay samet-akcay marked this pull request as ready for review February 3, 2022 14:04
@samet-akcay samet-akcay requested review from ashwinvaidya17 and djdameln and removed request for ashwinvaidya17 and djdameln February 3, 2022 14:04
@samet-akcay samet-akcay self-assigned this Feb 3, 2022
ashwinvaidya17
ashwinvaidya17 approved these changes Feb 3, 2022
View reviewed changes
Copy link
Collaborator

@ashwinvaidya17 ashwinvaidya17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the efforts and chasing all the issues due to the upgrade. Since this is not backward compatible, I would have proposed a major version bump up but I am concerned it might break things in OTE.

@samet-akcay
Copy link
Contributor Author

@ashwinvaidya17, maybe we could start thinking about having a master branch.

What we could do is to merge other outstanding PRs to developmen first. We could then create a master branch. This PR could be finally merged to development. Once we ensure that OTE works with these changes, we could merge this to master as well.

@samet-akcay samet-akcay merged commit 9d1c0b7 into development Feb 7, 2022
@samet-akcay samet-akcay deleted the fix/sa/update-pytorch-lightning-to-master branch February 7, 2022 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashwinvaidya17 ashwinvaidya17 ashwinvaidya17 approved these changes

@djdameln djdameln djdameln approved these changes

Assignees

@samet-akcay samet-akcay

Labels
Bug Something isn't working Ready for Review Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@samet-akcay @ashwinvaidya17 @djdameln