Safety vulnerability ID: 59105
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Smqtk-descriptors 0.19.0 updates its dependency 'pillow' to version '8.3.2' to include a security fix.
https://github.com/Kitware/SMQTK-Descriptors/commit/805be76a831b33802b6ebd9ac90496fd93d60a9f
Latest version: 0.19.0
Algorithms, data structures and utilities around computingdescriptor vectors from data.
=======
This minor release updates the mimumum supported python to `python = "^3.8"`, addresses dependency vulnerabilities, and updates typing to conform with current mypy and pytest standards.
Updates / New Features
----------------------
Python
* New minimum supported python changed to `python = "^3.8"`.
CI
* Added workflow to inherit the smqtk-core publish workflow.
* Updated CI unittests workflow to include codecov reporting.
Reduced CodeCov report submission by skipping this step on scheduled runs.
* Updated CI unittests to reflect new minimum support `python = "^3.8"`.
Miscellaneous
* Added a wrapper script to pull the versioning/changelog update helper from
smqtk-core to use here without duplication.
Misc.
* Added PyTorch descriptor generator implementation.
Testing
* Updated pytest configuration to cover package + tests and added report output
options.
* Removed or no-cover mark dead lines of code.
Documentation
* Updated CONTRIBUTING.md to reference smqtk-core's CONTRIBUTING.md file.
Fixes
-----
CI
* Modified CI unittests workflow to run for PRs targetting branches that match
the `release*` glob.
Dependency Versions
* Updated the locked version of urllib3 to address a security vulnerability.
* Updated the locked version of pillow to address a security vulnerability.
* Updated the developer dependency and locked version of ipython to address a
security vulnerability.
* Removed `jedi = "^0.17.2"` requirement since recent `ipython = "^7.17.3"`
update appropriately addresses the dependency.
* Updated the locked versions of dependencies to reflect new minimum support `python = "^3.8"`.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application