[Snyk] Security upgrade pillow from 9.5.0 to 10.3.0 #12868
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com>
NagatoYuki0943
added a commit
to NagatoYuki0943/yolov5-ultralytics
that referenced
this pull request
Apr 7, 2024
[Snyk] Security upgrade pillow from 9.5.0 to 10.3.0 (ultralytics#12868)
kevinconka
added a commit
to SEA-AI/yolov5
that referenced
this pull request
May 28, 2024
* Modified iou values and extended hyps * Add pre-augmentation step for 16bit thermal imgs * training with 16to8bit augmentation works * Modifications to 16-to-8 bit augmentations * minor rename * minor changes due to usage * Grouped training scripts in folder * added horizon utils * Added dataloaders * rename to avoid confusion w/ yolov5/utils folder * add pitch and yaw targets * HorizonDataset working w albumentations transform * Training loop working (needs refactoring) * Create README.md Signed-off-by: Kevin Serrano <35779409+kevinconka@users.noreply.github.com> * refactored models.py * Added TODOs to README * added train.py and transforms.py to cleanup nb * Checked some TODOs from horizon/README.md * updated tests nb * Save val/train loss plots as png images * Added loss weigths for horizon training * Added more TODOs * Added weather augmentations to rgb * tensorrt engine working (WIP) * added patch for tensorRT v7 * Update README.md Signed-off-by: Kevin Serrano <35779409+kevinconka@users.noreply.github.com> * added small change for wandb run_id * Update models.py Signed-off-by: Kevin Serrano <35779409+kevinconka@users.noreply.github.com> * Added batch support for yolotrt * folder refactoring * more refactoring... added "hybrids" folder * Update yolotrt.py Signed-off-by: Kevin Serrano <35779409+kevinconka@users.noreply.github.com> * working nb for ahoy-IR.engine * AHOYv5 and DANv5 refactored * typing compatibility with python3.8 * get images from url and use softmax for horizon postprocessing in dan_tests * made output_modes compatible with batched inference for ahoy * tweakes plus extended export function for AHOY and DAN models * Add benchmarking script for AHOY and DAN models * fixed misspelling * new preprocessing function * faster preprocessing * fast preprocess * Add close_mosaic option to train.py and dataloaders.py * Update hyp.sea-ai-IR.yaml * Update hyp.sea-ai.yaml * Update close-mosaic argument description * increase kmeans iter for autoanchor * added class mapping to dan * refactored dan cls_maps * Update Discord and Contributing Guide URLs (ultralytics#12847) * Update Discord and Contributing Guide URLs * Update __init__.py Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * refactored trt inference code after adding it to Core-Backend * fixed bug in horizon output decoding when lr padding was added during inference * added small comment * add export hooks to get fp32 to fp16 done in GPU * register hooks before dry runs when exporting hybrids * added preprocessing operations to the model via hooks before trt export * added hook to export process * make dummy input int8 for trt export * added softmax to postprocessing hook to add it to the model * remove softmax from theta, offset postprocessing * [Snyk] Security upgrade pillow from 9.5.0 to 10.3.0 (ultralytics#12868) * fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866 * Update requirements.txt Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Create cla.yml (ultralytics#12899) Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Sort imports with Ruff and iSort (ultralytics#12915) * Sort imports with Ruff and iSort Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Auto-format by https://ultralytics.com/actions --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: UltralyticsAssistant <web@ultralytics.com> * Create merge-main-into-prs.yml (ultralytics#12918) * Create merge-main-into-prs.yml Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update merge-main-into-prs.yml Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update to `ultralytics>=8.1.47` (ultralytics#12919) Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update merge-main-into-prs.yml (ultralytics#12920) Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update merge-main-into-prs.yml (ultralytics#12921) Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update merge-main-into-prs.yml (ultralytics#12922) Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Bump gunicorn from 19.10.0 to 22.0.0 in /utils/google_app_engine (ultralytics#12929) * Bump gunicorn from 19.10.0 to 22.0.0 in /utils/google_app_engine Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 19.10.0 to 22.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@19.10.0...22.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * [Snyk] Security upgrade gunicorn from 19.10.0 to 22.0.0 (ultralytics#12938) fix: utils/google_app_engine/additional_requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-6615672 Co-authored-by: snyk-bot <snyk-bot@snyk.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Refactor model variable names in export.py and export_hybrid.py * Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 in /.github/workflows (ultralytics#12948) * Bump slackapi/slack-github-action in /.github/workflows Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.25.0 to 1.26.0. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](slackapi/slack-github-action@v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update ci-testing.yml Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Glenn Jocher <glenn.jocher@ultralytics.com> * ResizeIfNeeded augmentation and plot MSEs during training * Update num_workers in dataloaders.py * Add Turkish and Vietnamese Docs (ultralytics#12972) * Add Turkish and Vietnamese Docs Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update README.md Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update pyproject.toml Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Refactor horizon.py and custom.py for better readability and maintainability. * Add best_mse.pt checkpoint saving during training * Fix data type conversion issue in custom.py * Fix data type conversion issue in train.py * wandb integration working * cleaned nb * scale pitch for gt and preds when processing 320x256 imgs * fix msu_sum and better cli logging * fixed mask visualisation * cast to int32 for cv2.line * Fix formatting issue in cli logging * Backport compatibility with TensorRT version 10 from yolov8 (ultralytics#12984) Add compatibility with TensorRT version 10. Based on the is_trt10 code in yolov8. * Set `TORCH_CPP_LOG_LEVEL=ERROR` for reduced verbosity (ultralytics#12989) * modify torch cpp log level to Error to avoid annoying print * Auto-format by https://ultralytics.com/actions --------- Co-authored-by: UltralyticsAssistant <web@ultralytics.com> * Add `pip install --retries 3` to CI to resolve transients (ultralytics#13001) * Add `pip install --retries 3` to CI to resolve transients Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update ci-testing.yml Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Revert CI `pip install` retries to default (ultralytics#13002) Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Centralize ENV variable definition in utils/general.py (ultralytics#13004) * Centralize ENV variable definition in utils/general.py Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Update export.py Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Auto-format by https://ultralytics.com/actions --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: UltralyticsAssistant <web@ultralytics.com> * Bump contributor-assistant/github-action from 2.3.2 to 2.4.0 in /.github/workflows (ultralytics#13006) Bump contributor-assistant/github-action in /.github/workflows Bumps [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) from 2.3.2 to 2.4.0. - [Release notes](https://github.com/contributor-assistant/github-action/releases) - [Commits](contributor-assistant/github-action@v2.3.2...v2.4.0) --- updated-dependencies: - dependency-name: contributor-assistant/github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Reformat Markdown code blocks (ultralytics#13023) * [Snyk] Security upgrade requests from 2.31.0 to 2.32.0 (ultralytics#13039) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update Ultralytics YouTube URL (ultralytics#13046) * Update Ultralytics YouTube URL * Update README.md Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> * Auto-format by https://ultralytics.com/actions --------- Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: UltralyticsAssistant <web@ultralytics.com> * minor notebook update * Function docstrings added * Auto-format by https://ultralytics.com/actions --------- Signed-off-by: Kevin Serrano <35779409+kevinconka@users.noreply.github.com> Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: franziska-denk <denk.m.franziska@gmail.com> Co-authored-by: GilSimas <gil.simas@sea.ai> Co-authored-by: Glenn Jocher <glenn.jocher@ultralytics.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: UltralyticsAssistant <web@ultralytics.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nick Martin <284356+n1mmy@users.noreply.github.com> Co-authored-by: inisis <46103969+inisis@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
By pinning:
Why? Recently disclosed, Has a fix available, CVSS 7.3
SNYK-PYTHON-PILLOW-6514866
pillow:9.5.0 -> 10.3.0(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
🛠️ PR Summary
Made with ❤️ by Ultralytics Actions
🌟 Summary
Upgraded minimum required version of Pillow in
yolov5dependencies.📊 Key Changes
>=9.4.0to>=10.3.0.🎯 Purpose & Impact