Dependency updates for security vulnerabilities #1
Description
From Dependabot alerts:
LarsonLab / dnlinv
Known security vulnerabilities detected
Dependency
tornado
Version
< 6.3.2
Upgrade to
~> 6.3.2
Defined in
requirements.txt
Vulnerabilities
CVE-2024-52804 High severity
CVE-2023-28370 Moderate severity
GHSA-qppv-j76h-2rpx Moderate severity
GHSA-753j-mpmx-qq6g Moderate severity
GHSA-w235-7p84-xx57 Moderate severity
Dependency
numpy
Version
<= 1.16.0
Defined in
requirements.txt
Vulnerabilities
Dependency
certifi
Version
= 2015.4.28< 2023.7.22
Upgrade to
~> 2023.7.22
Defined in
requirements.txt
Vulnerabilities
CVE-2023-37920 High severity
Dependency
pillow
Version
= 5.2.0< 8.3.2
Upgrade to
~> 8.3.2
Defined in
requirements.txt
Vulnerabilities
CVE-2020-5310 Critical severity
CVE-2021-25289 Critical severity
CVE-2021-25289 Critical severity
CVE-2021-23437 High severity
CVE-2021-23437 High severity
View 13 more
Dependency
Pillow
Version
< 10.0.1
Upgrade to
~> 10.0.1
Defined in
requirements.txt
Vulnerabilities
CVE-2023-50447 Critical severity
CVE-2023-50447 Critical severity
CVE-2023-4863 High severity
CVE-2023-4863 High severity
Dependency
tqdm
Version
= 4.4.0< 4.66.3
Upgrade to
~> 4.66.3
Defined in
requirements.txt
Vulnerabilities
CVE-2024-34062 Low severity
Dependency
torch
Version
< 2.2.0
Upgrade to
~> 2.2.0
Defined in
requirements.txt
Vulnerabilities
CVE-2024-31580 High severity
CVE-2024-31580 High severity
CVE-2024-31583 High severity
CVE-2024-31583 High severity
Dependency
dask
Version
= 0< 2021.10.0
Upgrade to
~> 2021.10.0
Defined in
requirements.txt
Vulnerabilities
CVE-2021-42343 Critical severity