From 5fb618fbf04ed26cae34d635ddf21d05100367ca Mon Sep 17 00:00:00 2001 From: Madhava Jay Date: Wed, 18 Oct 2023 13:43:32 +1000 Subject: [PATCH 1/2] Fixed security issues and bumped versions - bumped seaweedfs and mongo - bumped python libraries - bumped nodejs package --- packages/grid/default.env | 4 +- packages/grid/frontend/package.json | 7 ++- packages/grid/frontend/pnpm-lock.yaml | 80 +++++++++++++++++---------- packages/hagrid/setup.py | 8 +-- packages/syft/setup.cfg | 52 ++++++++--------- 5 files changed, 89 insertions(+), 62 deletions(-) diff --git a/packages/grid/default.env b/packages/grid/default.env index a93734e498a..1c91483c1ea 100644 --- a/packages/grid/default.env +++ b/packages/grid/default.env @@ -30,7 +30,7 @@ DOCKER_IMAGE_TRAEFIK=traefik TRAEFIK_VERSION=v2.10 REDIS_VERSION=6.2 RABBITMQ_VERSION=3 -SEAWEEDFS_VERSION="3.55" +SEAWEEDFS_VERSION="3.57" DOCKER_IMAGE_SEAWEEDFS=chrislusf/seaweedfs VERSION=latest VERSION_HASH=unknown @@ -75,7 +75,7 @@ JAX_ENABLE_X64=True # Mongo MONGO_IMAGE=mongo -MONGO_VERSION="7.0.0" +MONGO_VERSION="7.0.2" MONGO_HOST=mongo MONGO_PORT=27017 MONGO_USERNAME=root diff --git a/packages/grid/frontend/package.json b/packages/grid/frontend/package.json index b58883b0a42..f2dcd3948c7 100644 --- a/packages/grid/frontend/package.json +++ b/packages/grid/frontend/package.json @@ -15,7 +15,7 @@ "devDependencies": { "@playwright/test": "^1.36.1", "@sveltejs/adapter-node": "^1.3.1", - "@sveltejs/kit": "^1.22.3", + "@sveltejs/kit": "^1.25.2", "@types/prismjs": "^1.26.0", "@typescript-eslint/eslint-plugin": "^5.62.0", "@typescript-eslint/parser": "^5.62.0", @@ -49,5 +49,10 @@ }, "engines": { "node": ">=18.0.0" + }, + "pnpm": { + "overrides": { + "undici@<5.26.2": ">=5.26.2" + } } } diff --git a/packages/grid/frontend/pnpm-lock.yaml b/packages/grid/frontend/pnpm-lock.yaml index 4d8360635d7..4017943ad5f 100644 --- a/packages/grid/frontend/pnpm-lock.yaml +++ b/packages/grid/frontend/pnpm-lock.yaml @@ -1,5 +1,12 @@ lockfileVersion: '6.0' +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + +overrides: + undici@<5.26.2: '>=5.26.2' + dependencies: capnp-ts: specifier: ^0.7.0 @@ -32,10 +39,10 @@ devDependencies: version: 1.36.1 '@sveltejs/adapter-node': specifier: ^1.3.1 - version: 1.3.1(@sveltejs/kit@1.22.3) + version: 1.3.1(@sveltejs/kit@1.25.2) '@sveltejs/kit': - specifier: ^1.22.3 - version: 1.22.3(svelte@3.59.2)(vite@4.4.4) + specifier: ^1.25.2 + version: 1.25.2(svelte@3.59.2)(vite@4.4.4) '@types/prismjs': specifier: ^1.26.0 version: 1.26.0 @@ -416,6 +423,14 @@ packages: engines: { node: ^12.22.0 || ^14.17.0 || >=16.0.0 } dev: true + /@fastify/busboy@2.0.0: + resolution: + { + integrity: sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ== + } + engines: { node: '>=14' } + dev: true + /@humanwhocodes/config-array@0.11.11: resolution: { @@ -634,7 +649,7 @@ packages: } dev: true - /@sveltejs/adapter-node@1.3.1(@sveltejs/kit@1.22.3): + /@sveltejs/adapter-node@1.3.1(@sveltejs/kit@1.25.2): resolution: { integrity: sha512-A0VgRQDCDPzdLNoiAbcOxGw4zT1Mc+n1LwT1OmO350R7WxrEqdMUChPPOd1iMfIDWlP4ie6E2d/WQf5es2d4Zw== @@ -645,14 +660,14 @@ packages: '@rollup/plugin-commonjs': 25.0.5(rollup@3.29.4) '@rollup/plugin-json': 6.0.1(rollup@3.29.4) '@rollup/plugin-node-resolve': 15.2.2(rollup@3.29.4) - '@sveltejs/kit': 1.22.3(svelte@3.59.2)(vite@4.4.4) + '@sveltejs/kit': 1.25.2(svelte@3.59.2)(vite@4.4.4) rollup: 3.29.4 dev: true - /@sveltejs/kit@1.22.3(svelte@3.59.2)(vite@4.4.4): + /@sveltejs/kit@1.25.2(svelte@3.59.2)(vite@4.4.4): resolution: { - integrity: sha512-IpHD5wvuoOIHYaHQUBJ1zERD2Iz+fB/rBXhXjl8InKw6X4VKE9BSus+ttHhE7Ke+Ie9ecfilzX8BnWE3FeQyng== + integrity: sha512-USuuSpdAPFDiLi58N2Pwd/TG9bcUSPAlzE5iaAXaLyCTWa3l36HDKH6nV5NqBybwfeux1ZwgtIeITLZJDJ6HDg== } engines: { node: ^16.14 || >=18 } hasBin: true @@ -673,7 +688,8 @@ packages: set-cookie-parser: 2.6.0 sirv: 2.0.3 svelte: 3.59.2 - undici: 5.22.1 + tiny-glob: 0.2.9 + undici: 5.26.3 vite: 4.4.4(@types/node@20.8.2) transitivePeerDependencies: - supports-color @@ -1215,16 +1231,6 @@ packages: engines: { node: '>=6' } dev: true - /busboy@1.6.0: - resolution: - { - integrity: sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA== - } - engines: { node: '>=10.16.0' } - dependencies: - streamsearch: 1.1.0 - dev: true - /cac@6.7.14: resolution: { @@ -1942,6 +1948,13 @@ packages: type-fest: 0.20.2 dev: true + /globalyzer@0.1.0: + resolution: + { + integrity: sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q== + } + dev: true + /globby@11.1.0: resolution: { @@ -1957,6 +1970,13 @@ packages: slash: 3.0.0 dev: true + /globrex@0.1.2: + resolution: + { + integrity: sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg== + } + dev: true + /graceful-fs@4.2.11: resolution: { @@ -3061,14 +3081,6 @@ packages: } dev: true - /streamsearch@1.1.0: - resolution: - { - integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg== - } - engines: { node: '>=10.0.0' } - dev: true - /strip-ansi@6.0.1: resolution: { @@ -3287,6 +3299,16 @@ packages: any-promise: 1.3.0 dev: true + /tiny-glob@0.2.9: + resolution: + { + integrity: sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg== + } + dependencies: + globalyzer: 0.1.0 + globrex: 0.1.2 + dev: true + /tinybench@2.5.1: resolution: { @@ -3404,14 +3426,14 @@ packages: } dev: true - /undici@5.22.1: + /undici@5.26.3: resolution: { - integrity: sha512-Ji2IJhFXZY0x/0tVBXeQwgPlLWw13GVzpsWPQ3rV50IFMMof2I55PZZxtm4P6iNq+L5znYN9nSTAq0ZyE6lSJw== + integrity: sha512-H7n2zmKEWgOllKkIUkLvFmsJQj062lSm3uA4EYApG8gLuiOM0/go9bIoC3HVaSnfg4xunowDE2i9p8drkXuvDw== } engines: { node: '>=14.0' } dependencies: - busboy: 1.6.0 + '@fastify/busboy': 2.0.0 dev: true /update-browserslist-db@1.0.13(browserslist@4.22.1): diff --git a/packages/hagrid/setup.py b/packages/hagrid/setup.py index 4ba9940fcd7..20299f05c66 100644 --- a/packages/hagrid/setup.py +++ b/packages/hagrid/setup.py @@ -11,14 +11,14 @@ packages = [ "ascii_magic", - "click>=7.1", - "cryptography>=37.0.2", + "click>=8.1.7", + "cryptography>=41.0.4", "gitpython", "jinja2", "names", - "packaging>=21.3", + "packaging>=23.0", "paramiko", - "pyOpenSSL>=22.0.0", + "pyOpenSSL>=23.2.0", "requests", "rich", "setuptools", diff --git a/packages/syft/setup.cfg b/packages/syft/setup.cfg index 099992b0d2d..1c9e65d072b 100644 --- a/packages/syft/setup.cfg +++ b/packages/syft/setup.cfg @@ -27,44 +27,44 @@ package_dir = syft = bcrypt==4.0.1 - boto3==1.28.20 + boto3==1.28.65 forbiddenfruit==0.1.4 gevent==22.10.2 gipc==1.5.0 jaxlib==0.4.18 jax==0.4.18 - loguru==0.7.0 + loguru==0.7.2 networkx==2.8 - numpy>=1.22.4,<=1.24.3 + numpy>=1.23.5,<=1.26.1 opendp==0.8.0 - packaging>=21.0 + packaging>=23.0 pandas==1.5.3 pyarrow==11.0.0 pycapnp==1.3.0 - pydantic[email]==1.10.7 - pymongo==4.3.3 + pydantic[email]==1.10.13 + pymongo==4.5.0 pynacl==1.5.0 - pyzmq>=23.2.1,<=25.1.0 - redis==4.5.5 + pyzmq>=23.2.1,<=25.1.1 + redis==4.6.0 requests==2.31.0 - RestrictedPython==6.1 + RestrictedPython==6.2 result==0.10.0 - tqdm==4.65.0 + tqdm==4.66.1 typeguard==2.13.3 - typing_extensions==4.6.3 + typing_extensions==4.8.0 sherlock[redis,filelock]==0.4.1 - uvicorn[standard]==0.22.0 - fastapi==0.97.0 + uvicorn[standard]==0.23.2 + fastapi==0.103.2 hagrid>=0.3 - matplotlib==3.7.1 + matplotlib==3.8.0 dm-haiku==0.0.10 - itables==1.5.3 - safetensors==0.3.2 # Pinning as arm linux wheels, not available for safetensors in 0.3.3 - transformers==4.30.2 - evaluate==0.4.0 - torch==2.0.1 - recordlinkage==0.15 - argon2-cffi==21.3.0 + itables==1.6.2 + safetensors==0.4.0 + transformers==4.34.0 + evaluate==0.4.1 + torch==2.1.0 + recordlinkage==0.16 + argon2-cffi==23.1.0 install_requires = %(syft)s @@ -84,12 +84,12 @@ dev = %(test_plugins)s %(telemetry)s bandit==1.7.5 - ruff==0.0.283 - importlib-metadata==6.0.0 + ruff==0.1.0 + importlib-metadata==6.8.0 isort==5.12.0 - mypy==1.1.1 - pre-commit==3.1.1 - safety==2.3.5 + mypy==1.6.0 + pre-commit==3.5.0 + safety>=2.4.0b1 telemetry = opentelemetry-api==1.14.0 From 8ebf4a40617734020f1a9c1268f83c5b70cf592f Mon Sep 17 00:00:00 2001 From: Madhava Jay Date: Wed, 18 Oct 2023 14:33:09 +1000 Subject: [PATCH 2/2] Downgrading numpy due to op changes --- packages/syft/setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/syft/setup.cfg b/packages/syft/setup.cfg index 1c9e65d072b..94c5c5d9fa4 100644 --- a/packages/syft/setup.cfg +++ b/packages/syft/setup.cfg @@ -35,7 +35,7 @@ syft = jax==0.4.18 loguru==0.7.2 networkx==2.8 - numpy>=1.23.5,<=1.26.1 + numpy>=1.23.5,<=1.24.4 opendp==0.8.0 packaging>=23.0 pandas==1.5.3