[Snyk] Fix for 5 vulnerabilities

[Smartappli]

Snyk has created this PR to fix 5 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements.txt

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Control of Generation of Code ('Code Injection')
🦉 Use After Free

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"setuptools","from":"40.5.0","to":"70.0.0"},{"name":"torch","from":"1.13.1","to":"2.2.0"},{"name":"wheel","from":"0.32.2","to":"0.38.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-SETUPTOOLS-3180412","priority_score":101,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00532},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Dec 23 2022 07:07:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.68},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":210,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jul 15 2024 08:51:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.14},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-SETUPTOOLS-3180412","priority_score":101,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00532},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Dec 23 2022 07:07:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.68},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":210,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jul 15 2024 08:51:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.14},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-SETUPTOOLS-3180412","priority_score":101,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00532},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Dec 23 2022 07:07:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.68},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":210,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jul 15 2024 08:51:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.14},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-TORCH-6619806","priority_score":167,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 18 2024 13:36:25 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":1.84},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-TORCH-6649934","priority_score":147,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 18 2024 15:01:44 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":1.61},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Heap-based Buffer Overflow"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WHEEL-3180413","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00281},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Dec 23 2022 07:19:46 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WHEEL-3180413","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00281},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Dec 23 2022 07:19:46 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WHEEL-3180413","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00281},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Dec 23 2022 07:19:46 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"6f0635e3-b8dc-413c-8fd5-c38fb09643b4","prPublicId":"6f0635e3-b8dc-413c-8fd5-c38fb09643b4","packageManager":"pip","priorityScoreList":[101,210,167,147,114],"projectPublicId":"9ae67d11-0513-456e-9168-0656f3e7a16e","projectUrl":"https://app.snyk.io/org/smartappli-f9NXMspLXpKjNPcG9gHBZD/project/9ae67d11-0513-456e-9168-0656f3e7a16e?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-3180412","SNYK-PYTHON-SETUPTOOLS-7448482","SNYK-PYTHON-TORCH-6619806","SNYK-PYTHON-TORCH-6649934","SNYK-PYTHON-WHEEL-3180413"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
Report missing for a4611ad1	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (a4611ad)	Report Missing	Report Missing	Report Missing
Head commit (f91fa55)	2127	1737	81.66%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#300)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

---

_{🚀 Don’t miss a bit, follow what’s new on Codacy.}

_{Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more}

Footnotes

1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct. ↩

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud