Hi adobe team,
The latest version of stringlifier in pypi is v0.1.1.4, which is still using torch==1.6.0 and numpy==1.19.2. The last commit unleashed the version of torch while it’s not packaged to pypi.
We have no problem using the library, while there’s a vulnerability in torch==1.6.0 (CVE-2022-45907). To fix that, we need to upgrade torch to 1.13.1 with corresponding numpy version.
I have tried to clone repo, change requirements.txt with torch==1.13.1 and numpy==1.22.0, then build by ourselves to fix the vulnerability, while I would like to ask 2 questions
- Is it possible to release a new version to pypi with upgraded
torch and numpy. Then we do not need to build by ourselves.
- Is there any issues for upgrading both libraries?
Thanks!
BR,
Shandi
Hi adobe team,
The latest version of stringlifier in pypi is
v0.1.1.4, which is still usingtorch==1.6.0andnumpy==1.19.2. The last commit unleashed the version of torch while it’s not packaged to pypi.We have no problem using the library, while there’s a vulnerability in
torch==1.6.0(CVE-2022-45907). To fix that, we need to upgradetorchto1.13.1with correspondingnumpyversion.I have tried to clone repo, change
requirements.txtwithtorch==1.13.1andnumpy==1.22.0, then build by ourselves to fix the vulnerability, while I would like to ask 2 questionstorchandnumpy. Then we do not need to build by ourselves.Thanks!
BR,
Shandi