CVE-2022-24758

Advisory

Xaitk-saliency 0.6.0 updates its dependency 'notebook' to version '6.4.10' to include a security fix.
https://github.com/XAITK/xaitk-saliency/commit/0c511d896afb55ab35be5715e82bde8db7a7af90

Affected package

Affected versions

Fixed versions

Vulnerability changelog

======
This minor release notably adds new high-level interfaces for black-box object
detector and image similarity saliency generation.
We provide some reference implementations for these interfaces, notably the
D-RISE and SBSM algorithms, respectively.

Other improvements include the addition of more examples notebooks,
improvements/fixes to existing implementations and a revision to the CLI object
detection saliency generation tool.

See below for more details.

Updates / New Features
----------------------

CI

* Added the ATARI example notebook to the list of notebooks to run during CI.

Documentation

* Update saliency algorithms table with perturbation-based saliency for reinforcement learning
and add corresponding section to README.

* Added a lighter color version of the logo that will appear better is both
light- and dark-theme contexts. The main README file has been updated to refer
to this image.

* Added introductory sentence to the style sheet document.

* Updated the release process to be incrementally more comprehensive and now
includes the specification of a ``release`` branch with better patch release
instructions. This also now includes a step to update the version referenced
in the xaitk.org source.

Examples

* Updated demo resource download links from Google Drive to data.kitware.com

* Added example using saliency to qualitatively compare two object detection
models.

* Updated SimilarityScoring example to use new high-level image similarity
saliency interface and follow new similarity interface inputs.

Interfaces

* Added new high-level interface for black-box object detector saliency,
``GenerateObjectDetectorBlackboxSaliency``.

* Updated image similarity interface ``GenerateDescriptorSimilaritySaliency`` to
accept multiple query images and compute a saliency map for each one, relative
to the reference image.

* Added new high-level interface for image similarity saliency,
``GenerateImageSimilarityBlackboxSaliency``.

Implementations

* Added three ``GenerateObjectDetectorBlackboxSaliency`` implementations: the
generic ``PerturbationOcclusion``, and two usable classes ``DRISEStack``
and ``RandomGridStack``.

* Updated behavior of the ``SlidingWindow`` ``PerturbImage`` implementation. For
a given stride, the number of masks generated is now agnostic to the window
size.

* Updated ``SimilarityScoring`` to return [N x H x W] instead of [1 x H x W]
saliency heatmaps matrix. This is inline with the similarity interface update.

* Added two implementations of ``GenerateImageSimilarityBlackboxSaliency``:
``PerturbationOcclusion`` and ``SBSMStack``.

Misc.

* Updated `poetry-core` build backend to version `1.0.8`, which now supports
`pip` editable installs (`pip install -e .`).

Utils

* Updated COCO utility functions to use new high-level detector interface.
`gen_coco_sal()` is now deprecated in exchange for `parse_coco_dset()` which
parses a `kwcoco.CocoDataset` object into the inputs used with an
implementation of `GenerateObjectDetectorBlackboxSaliency`.

Fixes
-----

Dependency Versions

* Update pinned jupyter notebook transitive dependency version due to
vulnerability warning.

Examples

* Fixed inconsistency of dependency package installs at the head of the
``examples/SerializedDetectionSaliency.ipynb`` notebook.

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24758