PyPi: Psiz

CVE-2021-37647

Transitive

Safety vulnerability ID: 48067

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 12, 2021 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.

Affected package

psiz

Latest version: 0.12.4

Toolbox for inferring psychological embeddings.

Affected versions

Fixed versions

Vulnerability changelog

Breaking Changes
* Removed deprecated classes:
* `GroupLevel`
* `Stimuli`
* `WeightedMinkowski`
* `GroupAttention`
* `GroupAttentionVariational`
* `Kernel`
* `AttentionKernel`
* `SharedEmbedding`
* Removed deprecated arguments for `Behavior` base class:
* n_group
* group_level
* Removed optional argument `verbose` from `load_trials`
* Removed `EmbeddingND` since it causes code coherency issues. This class may be added back in the future.
* Removed `matrix_comparison` and `pairwise_matrix` since these utility functions are incompatible with the more general purpose batch-processing pipeline.
* Stimuli indices are now consistent between PsiZ trial objects and TF dataset versions, calling `as_dataset` no longer increments stimuli indices by one. A `mask_zero` argument has been added to the similarity observations classes. See the docs for a discussion of this masking strategy.
* Move `wpnorm` from `keras.layers.ops` to `psiz.tf.ops`
* Remove `NegLogLikelihood` loss and metric
* Removed alias `psiz.models`, users must use `psiz.keras.models`.
* Change `psiz.datasets.load` to `psiz.datasets.load_dataset`
* Organization of information gain computations has been updated.
* A new submodule has been created: `psiz.trials.information_gain`
* The function `expected_information_gain_rank` has been renamed `ig_categorical` and moved to `psiz.trials.information_gain`.
* The input shape of information gain function has changed from `(n_sample, n_trial, n_outcome)` to `(n_trial, n_sample, n_outcome)`. This change makes the dimension semantics consistent with the output of psiz.keras.models (i.e., `(batch_size, n_sample, n_outcome)`).
* Rename `RandomAttention` initializer to `Dirichlet`.
* For trials.experimental, change `as_dataset` to `export`.
* Update plotter signature in mplot module. Update removes `fig` as an argument and makes `ax` an optional argument.
* remove `verbose` from load_trials

Major Features and Improvements
* Reorganized documentation
* Added Beginner Tutorial
* Add `random_combinations` which handles sampling k-combinations with and without replacement and leans on already existing `choice_wo_replace`.
* Add `ig_model_categorical`, which takes one or more models as an input and computes ensemble-based information gain. Assumes that models generate samples from the posterior on the forward pass (e.g, a variational inference model) and output units are categorical.
* Enhanced `RandomRank` generator:
* Added weighting functionality.
* Added `per_query` functionality.

Bug Fixes and Other Changes
* Multiple changes to docstrings.
* Fix handling of shape argument on call of Dirichlet initializer. Was only using first dimension of shape array.
* Add `docs` section to optional install that includes packages listed in `conf.py` extensions
* Add optional `rng` argument to `choice_wo_replace`.
* Add dynamic version to PsychologicalEmbedding `get_config`
* For trials.experimental make `_save` and `_load` public methods `save` and `load`.
* Add `__all__` definition to `__init__` files satisfying PEP8 and removing linter complaints "imported but unused".

Miscellaneous
* Bump tensorflow-probability requirement to 0.13.0.
* Bump minimum TensorFlow version requirement to v2.4.3 for security fixes.
* Bump maximum TensorFlow version to v2.6.x.
* Add h5py >= 3.0 to setup.cfg so that TrialDataset `_load_h5_group` can safely assume h5py `asstr()` method is available

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.5

CVSS v3 Details

MEDIUM 5.5
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
LOW
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH

CVSS v2 Details

LOW 2.1
Access Vector (AV)
LOCAL
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL