From 542ee9e0ec0046b8d4e81b7fc861f3235f0fdd1e Mon Sep 17 00:00:00 2001 From: malavhs Date: Tue, 29 Oct 2024 18:25:57 +0000 Subject: [PATCH 1/7] update python dependencies for HIGH vulns --- requirements.txt | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/requirements.txt b/requirements.txt index ca7522c9..fda9b0eb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,32 +1,32 @@ -Flask==1.1.1 # sagemaker-containers requires flask 1.1.1 +Flask==2.2.5 # sagemaker-containers requires flask 1.1.1 PyYAML==5.4.1 -Pillow==9.1.1 -boto3==1.17.52 -botocore==1.20.52 -cryptography==39.0.1 +Pillow==10.2.0 +boto3==1.28.57 +botocore==1.31.57 +cryptography==42.0.4 dask==2022.11.1 dask-cuda==22.12.0 -gunicorn==19.10.0 +gunicorn==22.0.0 itsdangerous==2.0.1 matplotlib==3.4.1 multi-model-server==1.1.2 numpy==1.24.1 pandas==1.2.4 -protobuf==3.20.1 +protobuf==3.20.2 psutil==5.6.7 # sagemaker-containers requires psutil 5.6.7 pynvml==11.4.1 python-dateutil==2.8.1 retrying==1.3.3 requests==2.29.0 -sagemaker-containers==2.8.6.post2 -sagemaker-inference==1.5.5 -scikit-learn==0.24.1 +sagemaker-training==4.7.4 +sagemaker-inference==1.10.1 +scikit-learn==1.2.1 scipy==1.8.0 urllib3==1.26.5 -wheel==0.36.2 +wheel==0.38.1 jinja2==2.11.3 MarkupSafe==1.1.1 -Werkzeug==0.15.6 +Werkzeug==3.0.3 certifi==2023.7.22 gevent==23.9.1 numba==0.58.1 \ No newline at end of file From e239db2f340d36d1ff765ae19fcc34c2e1edd416 Mon Sep 17 00:00:00 2001 From: malavhs Date: Tue, 29 Oct 2024 20:23:55 +0000 Subject: [PATCH 2/7] update Jinja version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fda9b0eb..14787163 100644 --- a/requirements.txt +++ b/requirements.txt @@ -24,7 +24,7 @@ scikit-learn==1.2.1 scipy==1.8.0 urllib3==1.26.5 wheel==0.38.1 -jinja2==2.11.3 +jinja2==3.1.4 MarkupSafe==1.1.1 Werkzeug==3.0.3 certifi==2023.7.22 From ad42f75514263324e00ed5d52e709920b699cf54 Mon Sep 17 00:00:00 2001 From: malavhs Date: Tue, 29 Oct 2024 22:33:44 +0000 Subject: [PATCH 3/7] update urllib3 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 14787163..31da636a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ sagemaker-training==4.7.4 sagemaker-inference==1.10.1 scikit-learn==1.2.1 scipy==1.8.0 -urllib3==1.26.5 +urllib3==2.2.3 wheel==0.38.1 jinja2==3.1.4 MarkupSafe==1.1.1 From 08f5f312961f51b098ef792676d163a0965576bc Mon Sep 17 00:00:00 2001 From: malavhs Date: Wed, 30 Oct 2024 02:39:19 +0000 Subject: [PATCH 4/7] only bump urllib3 --- requirements.txt | 28 ++++++++++++++-------------- test/resources/versions/train.py | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/requirements.txt b/requirements.txt index 31da636a..ef303a62 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,32 +1,32 @@ -Flask==2.2.5 # sagemaker-containers requires flask 1.1.1 +Flask==1.1.1 # sagemaker-containers requires flask 1.1.1 PyYAML==5.4.1 -Pillow==10.2.0 -boto3==1.28.57 -botocore==1.31.57 -cryptography==42.0.4 +Pillow==9.1.1 +boto3==1.17.52 +botocore==1.20.52 +cryptography==39.0.1 dask==2022.11.1 dask-cuda==22.12.0 -gunicorn==22.0.0 +gunicorn==19.10.0 itsdangerous==2.0.1 matplotlib==3.4.1 multi-model-server==1.1.2 numpy==1.24.1 pandas==1.2.4 -protobuf==3.20.2 +protobuf==3.20.1 psutil==5.6.7 # sagemaker-containers requires psutil 5.6.7 pynvml==11.4.1 python-dateutil==2.8.1 retrying==1.3.3 requests==2.29.0 -sagemaker-training==4.7.4 -sagemaker-inference==1.10.1 -scikit-learn==1.2.1 +sagemaker-containers==2.8.6.post2 +sagemaker-inference==1.5.5 +scikit-learn==0.24.1 scipy==1.8.0 -urllib3==2.2.3 -wheel==0.38.1 -jinja2==3.1.4 +urllib3==1.26.17 +wheel==0.36.2 +jinja2==2.11.3 MarkupSafe==1.1.1 -Werkzeug==3.0.3 +Werkzeug==0.15.6 certifi==2023.7.22 gevent==23.9.1 numba==0.58.1 \ No newline at end of file diff --git a/test/resources/versions/train.py b/test/resources/versions/train.py index a1e5b577..347bf94d 100644 --- a/test/resources/versions/train.py +++ b/test/resources/versions/train.py @@ -26,7 +26,7 @@ scikit-learn==0.24.1 scipy==1.8.0 smdebug==1.0.29 -urllib3==1.26.5 +urllib3==1.26.17 wheel==0.36.2 jinja2==2.11.3 MarkupSafe==1.1.1 From bfe688eda988d4d8054b8bb9a73eb43120f4d388 Mon Sep 17 00:00:00 2001 From: malavhs Date: Wed, 30 Oct 2024 05:14:01 +0000 Subject: [PATCH 5/7] update protobuf and wheel --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index ef303a62..b8efe1ba 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,7 @@ matplotlib==3.4.1 multi-model-server==1.1.2 numpy==1.24.1 pandas==1.2.4 -protobuf==3.20.1 +protobuf==3.20.2 psutil==5.6.7 # sagemaker-containers requires psutil 5.6.7 pynvml==11.4.1 python-dateutil==2.8.1 @@ -23,7 +23,7 @@ sagemaker-inference==1.5.5 scikit-learn==0.24.1 scipy==1.8.0 urllib3==1.26.17 -wheel==0.36.2 +wheel==0.38.1 jinja2==2.11.3 MarkupSafe==1.1.1 Werkzeug==0.15.6 From ae81138524010374c42b2abf3c50e1a716e8d452 Mon Sep 17 00:00:00 2001 From: malavhs Date: Wed, 30 Oct 2024 05:17:18 +0000 Subject: [PATCH 6/7] update pyopenssl --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index b8efe1ba..aeb4ac13 100644 --- a/requirements.txt +++ b/requirements.txt @@ -23,6 +23,7 @@ sagemaker-inference==1.5.5 scikit-learn==0.24.1 scipy==1.8.0 urllib3==1.26.17 +pyopenssl==23.2.0 wheel==0.38.1 jinja2==2.11.3 MarkupSafe==1.1.1 From 3ff58911bf99cc22f14ff6eea51635f31a0cbefb Mon Sep 17 00:00:00 2001 From: malavhs Date: Wed, 30 Oct 2024 05:19:29 +0000 Subject: [PATCH 7/7] revert urllib3 update --- requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index aeb4ac13..afa51df7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,8 +22,7 @@ sagemaker-containers==2.8.6.post2 sagemaker-inference==1.5.5 scikit-learn==0.24.1 scipy==1.8.0 -urllib3==1.26.17 -pyopenssl==23.2.0 +urllib3==1.26.5 wheel==0.38.1 jinja2==2.11.3 MarkupSafe==1.1.1