Safety vulnerability ID: 49693
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Clearml 1.4.2rc0 updates its dependency 'pyjwt' requirement to versions '>=2.4.0,<2.5.0' to include a security fix.
Latest version: 1.16.5
ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI
New Features and Improvements
- Support private repos from `requirements.txt` file (107, thanks nielstenboom!)
- Bump PyJWT version due to "Key confusion through non-blocklisted public key formats" vulnerability
- Add support for additional command line arguments in k8s glue example
- Add Python 3.10 support
Bug Fixes
- Fix git unsafe directory issue (disable check on cached vcs folder)
- Fix dynamic GPUs with "all" GPUs on the same worker
- Fix broken pytorch setuptools incompatibility (force setuptools < 59 if torch is below 1.11)
- Fix setuptools requirement issue by making sure that if we have "setuptools" in the original required packages, we preserve the line in the pip freeze list
- Fix optional priority packaged always compare lower case package name
- Fix potential requirements installation failure by making `pygobject` an optional package (i.e. if installation fails continue the Task package environment setup)
- Fix repository URL contains credentials even when `agent.force_git_ssh_protocol: true`
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application