Safety vulnerability ID: 49462
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Clearml-agent 1.3.0 updates its dependency 'pyjwt' requirement to '>=2.4.0,<2.5.0' to include a security fix.
Latest version: 1.8.1
ClearML Agent - Auto-Magical DevOps for Deep Learning
New Features and Improvements
- Support private repos from `requirements.txt` file (107, thanks nielstenboom!)
- Bump PyJWT version due to "Key confusion through non-blocklisted public key formats" vulnerability
- Add support for additional command line arguments in k8s glue example
- Add Python 3.10 support
Bug Fixes
- Fix git unsafe directory issue (disable check on cached vcs folder)
- Fix dynamic GPUs with "all" GPUs on the same worker
- Fix broken pytorch setuptools incompatibility (force setuptools < 59 if torch is below 1.11)
- Fix setuptools requirement issue by making sure that if we have "setuptools" in the original required packages, we preserve the line in the pip freeze list
- Fix optional priority packaged always compare lower case package name
- Fix potential requirements installation failure by making `pygobject` an optional package (i.e. if installation fails continue the Task package environment setup)
- Fix repository URL contains credentials even when `agent.force_git_ssh_protocol: true`
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application