e624c5b959
Simplify upload data for task ( #5498 )
...
It's possible to specify only the manifest file and filename pattern for
creating task with cloud storage data.
The special characters supported now for the pattern are `*`, `?`,
`[seq]`, `[!seq]`.
Please see
[here](8898a8b264/tests/python/rest_api/test_tasks.py (L686)
3 years ago
207116705f
v2.4.0.alpha ( #5508 )
...
Co-authored-by: Maxim Zhiltsov <zhiltsov.max35@gmail.com>
Co-authored-by: Kirill Sizov <kirill.sizov@cvat.ai>
3 years ago
aeef8276c7
Updated documentation "How to use preexisting secrets for external DB and Redis" ( #5505 )
3 years ago
051f9a9ed8
Fix schema warnings and errors for Webhooks ( #5232 )
...
- Removed extra update methods from schema
- Fixed Webhooks endpoints
- Fixed Webhooks enum names
3 years ago
1ecc607286
Get preview images on the fly and keep them in cache ( #5478 )
...
Improved image preview loading for **Tasks**, **Jobs** and **Projects**
views
Backend behaviour change: creating image previews by request and storing
them in the cache
Added corresponding endpoints:
tasks/{id}/preview
projects/{id}/preview
jobs/{id}/preview
Demonstration(added random 0-1s delay for demo purposes):
https://user-images.githubusercontent.com/41117609/208106321-951b8647-6e6b-452e-910c-31c4d0b8682d.mp4
https://user-images.githubusercontent.com/41117609/208106339-2d3a5a7b-d422-4b27-9e76-08729022e1ca.mp4
3 years ago
f6d2a8fe46
Fix the missing env variable issue ( #5467 )
...
Fixes #5448 , #5453 , #5457
- Relaxed env var requirements in the images, no mandatory ones
- RQ workers now use a custom python class for remote debugging
- Factored out common remote debugging implementation
3 years ago
ac78fab0b9
Fix health check in development env ( #5454 )
3 years ago
a3b4f97f9a
Improve social authentication ( #5349 )
3 years ago
980c019427
PostgresSQL DB v15 and health check endpoint ( #5312 )
3 years ago
2ed778818a
Allow server debugging when deployed with Docker ( #5445 )
...
Closes https://github.com/opencv/cvat/issues/5327
- Added a way to debug the server in Docker-based deployments
- Added docs
3 years ago
c9f214a894
Unify error handling with the cloud storage ( #5389 )
...
Added a general solution for checking bucket and file status instead of
checking in all places. Exception information has become more
user-friendly.
3 years ago
4e97c243d6
Refactor OPA tests ( #5373 )
...
- OPA tests are now autogenerated
- Updated invocation docs
3 years ago
3f9ab7cf68
Fix loss of rotation in CVAT format ( #5407 )
...
Fix https://github.com/opencv/cvat/issues/4378
3 years ago
cacb99735f
Add job access checks for model invocations ( #5392 )
...
Fixes #4996
- Added job access checks for model launches in the interactive mode
3 years ago
192fd72680
Fix creation of tasks with Git repositories via the SDK ( #5409 )
...
Fixes #4365
3 years ago
2a2c43f6b1
Try to catch / workaround 5215 ( #5216 )
...
Fixes #5215
It's not really clear how the error can be obtained, but this PR adds a
workaround for the problem. There are 2 possible ways to get the
`message` parameter - from an error and from the operation status.
- Our status messages are always represented by a string, no any other
values is assigned.
- rq is trickier here - it receives rq data and [decodes
it](https://github.com/rq/rq/blob/master/rq/job.py#L603-L609 ) if there
is an error, but the operations can leave None as the `exc_info` value.
Maybe [this issue](https://github.com/rq/rq/issues/1633 ) is relevant
here.
3 years ago
9b0d963d1a
Fix REST API tests ( #5416 )
...
Fixed REST API tests after merging #5408 and #5396 to develop
Co-authored-by: Boris Sekachev <sekachev.bs@gmail.com>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
3e1ccc8602
Fix exception when run export for an empty task ( #5396 )
...
Fix https://github.com/opencv/cvat/issues/5245
The PR contains a simple fix. Just return BAD REQUEST if somebody tries
to export a task without data. It doesn't make sense. But a more complex
fix will require changing a massive amount of code. It doesn't make any
sense to support such a weird scenario.
3 years ago
f405c4acac
Fix missing source tag in project annotations ( #5408 )
3 years ago
2c63b6c7eb
Bump dependency versions to fix compatibility with Python 3.10 ( #5380 )
...
* rq 1.5.1 uses `collections.Iterable` (long deprecated and deleted in
Python 3.10). 1.5.2 fixes this issue. To avoid potential regressions,
don't bump the version further.
* av 8.0.2 was built with old Cython, which generates C code
incompatible with Python 3.10. The newest version is av 10.0.0, but that
drops support for FFmpeg<4.3, which would make it unbuildable using the
default Ubuntu 20.04 FFmpeg packages. To avoid that problem, use the
previous version, 9.2.0.
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
This makes it possible to run CVAT on Python 3.10.
Fixes #5262 .
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
I'm relying on CI.
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- ~~[ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file~~
- ~~[ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- ~~[ ] I have added tests to cover my changes~~
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- ~~[ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))~~
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
bfa00b12de
Added missing migration for shape type == Mask ( #5376 )
...
PR https://github.com/opencv/cvat/pull/4543 didn't add a new migration.
The migration wasn't critical. At least it was not led to any problems.
3 years ago
279f01b53b
Fix: Can't dump annotations with objects type is track from several jobs ( #5250 )
3 years ago
08dd27d993
Fix missed token with using social account authentication ( #5344 )
3 years ago
bc079c3129
Bump tensorflow from 2.8.1 to 2.9.3 in /cvat/requirements ( #5338 )
...
Bumps [tensorflow](https://github.com/tensorflow/tensorflow ) from 2.8.1
to 2.9.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/releases ">tensorflow's
releases</a>.</em></p>
<blockquote>
<h2>TensorFlow 2.9.3</h2>
<h1>Release 2.9.3</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887 ">CVE-2022-41887</a>)</li>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
<li>Fixes a heap OOB in <code>FractionalAvgPool</code> and
<code>FractionalMaxPool</code>(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900 ">CVE-2022-41900</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901 ">CVE-2022-41901</a>)</li>
<li>Fixes an OOB write in grappler (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902 ">CVE-2022-41902</a>)</li>
<li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907 ">CVE-2022-41907</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908 ">CVE-2022-41908</a>)</li>
<li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909 ">CVE-2022-41909</a>)</li>
<li>Fixes a invalid char to bool conversion in printing a tensor (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911 ">CVE-2022-41911</a>)</li>
<li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910 ">CVE-2022-41910</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via
missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code>
and <code>TensorListScatterV2</code> in eager mode (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
</ul>
<h2>TensorFlow 2.9.2</h2>
<h1>Release 2.9.2</h1>
<p>This releases introduces several vulnerability fixes:</p>
<ul>
<li>Fixes a <code>CHECK</code> failure in tf.reshape caused by overflows
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934 ">CVE-2022-35934</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code>
caused by missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes an OOB read in <code>Gather_nd</code> op in TF Lite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937 ">CVE-2022-35937</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>TensorListReserve</code>
caused by missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960 ">CVE-2022-35960</a>)</li>
<li>Fixes an OOB write in <code>Scatter_nd</code> op in TF Lite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939 ">CVE-2022-35939</a>)</li>
<li>Fixes an integer overflow in <code>RaggedRangeOp</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940 ">CVE-2022-35940</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>AvgPoolOp</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941 ">CVE-2022-35941</a>)</li>
<li>Fixes a <code>CHECK</code> failures in <code>UnbatchGradOp</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952 ">CVE-2022-35952</a>)</li>
<li>Fixes a segfault TFLite converter on per-channel quantized
transposed convolutions (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027 ">CVE-2022-36027</a>)</li>
<li>Fixes a <code>CHECK</code> failures in <code>AvgPool3DGrad</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959 ">CVE-2022-35959</a>)</li>
<li>Fixes a <code>CHECK</code> failures in
<code>FractionalAvgPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963 ">CVE-2022-35963</a>)</li>
<li>Fixes a segfault in <code>BlockLSTMGradV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964 ">CVE-2022-35964</a>)</li>
<li>Fixes a segfault in <code>LowerBound</code> and
<code>UpperBound</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965 ">CVE-2022-35965</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md ">tensorflow's
changelog</a>.</em></p>
<blockquote>
<h1>Release 2.9.3</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887 ">CVE-2022-41887</a>)</li>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
<li>Fixes a heap OOB in <code>FractionalAvgPool</code> and
<code>FractionalMaxPool</code>(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900 ">CVE-2022-41900</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901 ">CVE-2022-41901</a>)</li>
<li>Fixes an OOB write in grappler (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902 ">CVE-2022-41902</a>)</li>
<li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907 ">CVE-2022-41907</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908 ">CVE-2022-41908</a>)</li>
<li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909 ">CVE-2022-41909</a>)</li>
<li>Fixes a invalid char to bool conversion in printing a tensor (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911 ">CVE-2022-41911</a>)</li>
<li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910 ">CVE-2022-41910</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via
missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code>
and <code>TensorListScatterV2</code> in eager mode (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
</ul>
<h1>Release 2.8.4</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a5ed5f39b6https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584 ">#58584</a>
from tensorflow/vinila21-patch-2</li>
<li><a
href="258f9a1251cd27cfb438https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580 ">#58580</a>
from tensorflow-jenkins/version-numbers-2.9.3-24474</li>
<li><a
href="3e75385ee6bc72c39774https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482 ">#58482</a>
from tensorflow-jenkins/relnotes-2.9.3-25695</li>
<li><a
href="3506c90f5a8dcb48e3844f34ec8499https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576 ">#58576</a>
from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...</li>
<li><a
href="6fc67e408f5dbe90ad21https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570 ">#58570</a>
from tensorflow/r2.9-7b174a0f2e4</li>
<li>Additional commits viewable in <a
href="https://github.com/tensorflow/tensorflow/compare/v2.8.1...v2.9.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
969d1e0fdf
Bump pillow from 9.0.1 to 9.3.0 in /cvat/requirements ( #5340 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 9.0.1 to
9.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases ">pillow's
releases</a>.</em></p>
<blockquote>
<h2>9.3.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html ">https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html </a></p>
<h2>Changes</h2>
<ul>
<li>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
[<a
href="https://github.com/wiredfool "><code>@wiredfool</code></a>]</li>
<li>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329 ">#6329</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330 ">#6330</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695 ">#6695</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>GHA: replace deprecated set-output command with GITHUB_OUTPUT file
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6697 ">#6697</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693 ">#6693</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Upload fribidi.dll to GitHub Actions <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6532 ">#6532</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445 ">#6445</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Windows build improvements <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6562 ">#6562</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690 ">#6690</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Only use ASCII characters in C source file <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6691 ">#6691</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418 ">#6418</a>
[<a href="https://github.com/hmaarrfk "><code>@hmaarrfk</code></a>]</li>
<li>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630 ">#6630</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683 ">#6683</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674 ">#6674</a>
[<a href="https://github.com/npjg "><code>@npjg</code></a>]</li>
<li>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678 ">#6678</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>pylint warnings <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6659 ">#6659</a>
[<a
href="https://github.com/marksmayo "><code>@marksmayo</code></a>]</li>
<li>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661 ">#6661</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647 ">#6647</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644 ">#6644</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fixed seeking to an L frame in a GIF <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6576 ">#6576</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Consider all frames when selecting mode for PNG save_all <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6610 ">#6610</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Don't reassign crc on ChunkStream close <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6627 ">#6627</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Raise a warning if NumPy failed to raise an error during conversion
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6594 ">#6594</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Only read a maximum of 100 bytes at a time in IMT header <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6623 ">#6623</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Show all frames in ImageShow <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6611 ">#6611</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow FLI palette chunk to not be first <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6626 ">#6626</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>If first GIF frame has transparency for RGB_ALWAYS loading strategy,
use RGBA mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6592 ">#6592</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Round box position to integer when pasting embedded color <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6517 ">#6517</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Removed EXIF prefix when saving WebP <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6582 ">#6582</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Pad IM palette to 768 bytes when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6579 ">#6579</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added DDS BC6H reading <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6449 ">#6449</a>
[<a
href="https://github.com/ShadelessFox "><code>@ShadelessFox</code></a>]</li>
<li>Added support for opening WhiteIsZero 16-bit integer TIFF images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6642 ">#6642</a>
[<a href="https://github.com/JayWiz "><code>@JayWiz</code></a>]</li>
<li>Raise an error when allocating translucent color to RGB palette <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6654 ">#6654</a>
[<a href="https://github.com/jsbueno "><code>@jsbueno</code></a>]</li>
<li>Moved mode check outside of loops <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6650 ">#6650</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added reading of TIFF child images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6569 ">#6569</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Improved ImageOps palette handling <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6596 ">#6596</a>
[<a
href="https://github.com/PososikTeam "><code>@PososikTeam</code></a>]</li>
<li>Defer parsing of palette into colors <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6567 ">#6567</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Apply transparency to P images in ImageTk.PhotoImage <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6559 ">#6559</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use rounding in ImageOps contain() and pad() <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6522 ">#6522</a>
[<a
href="https://github.com/bibinhashley "><code>@bibinhashley</code></a>]</li>
<li>Fixed GIF remapping to palette with duplicate entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6548 ">#6548</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow remap_palette() to return an image with less than 256 palette
entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6543 ">#6543</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Corrected BMP and TGA palette size when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6500 ">#6500</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst ">pillow's
changelog</a>.</em></p>
<blockquote>
<h2>9.3.0 (2022-10-29)</h2>
<ul>
<li>
<p>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
[wiredfool]</p>
</li>
<li>
<p>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
[radarhere]</p>
</li>
<li>
<p>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329 ">#6329</a>
[nulano]</p>
</li>
<li>
<p>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330 ">#6330</a>
[nulano]</p>
</li>
<li>
<p>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695 ">#6695</a>
[hugovk]</p>
</li>
<li>
<p>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693 ">#6693</a>
[cgohlke]</p>
</li>
<li>
<p>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445 ">#6445</a>
[radarhere]</p>
</li>
<li>
<p>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690 ">#6690</a>
[cgohlke]</p>
</li>
<li>
<p>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418 ">#6418</a>
[hmaarrfk]</p>
</li>
<li>
<p>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630 ">#6630</a>
[radarhere]</p>
</li>
<li>
<p>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683 ">#6683</a>
[radarhere]</p>
</li>
<li>
<p>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674 ">#6674</a>
[npjg, radarhere]</p>
</li>
<li>
<p>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678 ">#6678</a>
[radarhere]</p>
</li>
<li>
<p>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661 ">#6661</a>
[radarhere]</p>
</li>
<li>
<p>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647 ">#6647</a>
[radarhere]</p>
</li>
<li>
<p>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644 ">#6644</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d594f4cb8d909dc64ed51a51ce7b95https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
from hugovk/security-libtiff_buffer</li>
<li><a
href="2444cddab2https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
from hugovk/security-samples_per_pixel-sec</li>
<li><a
href="744f4558300846bfae48799a6a010500b25fd3ac05b175ef8813f2c5ae14https://github.com/python-pillow/Pillow/compare/9.0.1...9.3.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
f47c98ebe9
Fix SDK build ( #5326 )
3 years ago
ec7acee315
<h3>Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.</h3> ( #5321 )
...
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- cvat/requirements/development.txt
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **441/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-PYTHON-SETUPTOOLS-3113904](https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904 ) | `setuptools:` <br> `39.0.1 -> 65.5.1` <br> | No | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4ZGY3ZmVkNy02YjNjLTQyZTYtOWE0YS02MDYwY2E0NjM0ZmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhkZjdmZWQ3LTZiM2MtNDJlNi05YTRhLTYwNjBjYTQ2MzRmYiJ9fQ== " width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr )
🛠 [Adjust project settings](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr/settings )
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities )
[//]: # (snyk:metadata:{"prId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","prPublicId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","dependencies":[{"name":"setuptools","from":"39.0.1","to":"65.5.1"}],"packageManager":"pip","projectPublicId":"2b5f3b5d-0400-48e2-b4b8-776842affe28","projectUrl":"https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr ","type":"auto","patch":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-3113904"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[441]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr )
3 years ago
4ad7e2f74f
Fix bug with nuclio env variables ( #4712 )
...
Co-authored-by: ar.kravchuk <ar.kravchuk@2gis.ru>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
7383c17c8e
python-logstash-async upgrade ( #4574 )
...
Co-authored-by: Andrey Zhavoronkov <andrey@cvat.ai>
3 years ago
25503a35d2
Fix export job ( #5282 )
3 years ago
23257a2a26
Significantly reduced the number of queries to DB from api/jobs, api/tasks, and api/projects endpoints. ( #5304 )
3 years ago
10baa5f135
Fix: visibility and ignored information fail to be loaded (MOT dataset format) ( #5270 )
3 years ago
7265553654
Supported type for all labels ( #5273 )
...
* Supported type for all labels
* Multiple fixes in UI for new type scheme
* Fixed on 3d annotation view
* Fixed tests
* Updated version && changelog
* Fixed test
* Added type
* Fixed typos
* Fixed minor comments
3 years ago
0b7fb04a09
fix pascal_voc import bug ( #4647 )
...
* fix pascal_voc import bug
* Add tests
* Fix black
* Small fixes
* Fix test
* Fix black
* Update Changelog
* Fix Changelog
* Fixes
* Remove unnecessary changes
* Remove unnecessary changes
* Join tests
* Small fix
* Fixes
* Fix pylint
* Remove unused import
* Small fix
Co-authored-by: yasakova-anastasia <yasakova_anastasiya@mail.ru>
3 years ago
ba74709c40
Add tests for export job dataset ( #5160 )
3 years ago
bb487165dd
CVAT authentication ( #5147 )
3 years ago
445bc34013
Revert "Fix linter warnings ( #5188 )" ( #5241 )
...
This reverts commit 85f9fbdb3a
3 years ago
b37232c079
Revert "Refactor server enums ( #5062 )" ( #5239 )
...
This reverts commit 43df70b08b
3 years ago
43df70b08b
Refactor server enums ( #5062 )
...
* Refactor server enums
3 years ago
85f9fbdb3a
Fix linter warnings ( #5188 )
3 years ago
bca5bb6cae
Fixed: Oriented bounding boxes broken with COCO format ( #5219 )
...
* Fixed: Oriented bounding boxes broken with COCO format
* Updated changelog
3 years ago
f62aa276cd
Added paint brush tools ( #4543 )
3 years ago
49bdef01f1
IAM OPA bundle for dev environment ( #5190 )
3 years ago
db6bbbab6a
Fix dataset import for Datumaro format ( #4544 )
...
* Datumaro format: add load_data_callback
* add test
* fix test
* fix project dataset uploading for some formats
* Fix black
* Update Changelog
* Update README.md
* Update README.md
Co-authored-by: Maxim Zhiltsov <zhiltsov.max35@gmail.com>
* Fixes
* Remove useless trailing backslashes
* Fix tests
* Fix test
* Join tests
* Small fix
* Fix remark
Co-authored-by: kirill.sizov <kirill.sizov@intel.com>
Co-authored-by: yasakova-anastasia <yasakova_anastasiya@mail.ru>
Co-authored-by: Maxim Zhiltsov <zhiltsov.max35@gmail.com>
3 years ago
43e22c2cce
Updated rego rules, job assignee can resolve an issue ( #5167 )
3 years ago
9cf2989546
Init OPA rules with API instead of file binding ( #5047 )
3 years ago
2311b10b80
Fix an issue with Imagenet dataset import ( #4861 )
3 years ago
a215547270
Upgrade datumaro dependency ( #5148 )
3 years ago
ce09f28512
Fix SDK tests: login once per class ( #5123 )
3 years ago
94eb6cb5f1
Bump Datumaro commit ( #5122 )
3 years ago
Maria Khrustaleva
Nikita Manovich
Andrey Zhavoronkov
Maxim Zhiltsov
Anastasia Yasakova
Roman Donchenko
dependabot[bot]
Kirill Sizov
Artem
PMazarovich
Boris Sekachev
magician
