Deepali
Deepali
@mwatk the keras CVE can't be fixed - https://github.com/keras-team/keras/issues/20766#issuecomment-2594031991
### Package Updates in 1.9.6, compared to OpenCE 1.9.5 | CVE | Package | 1.9.5 | 1.9.6 | | -------| -------- | ------ | ----- | | CVE-2024-49767 | werkzeug...
Posted a query wrt to this CVE in the external channel, seeking suggestions from the community.
|Package| Version in 1.11.5 |CVE |Version Fixed |Upgade/Backport| | :--------------- | :-------- |:--------------- | :-------- | :-------- | |LightGBM| 4.2.0 and 3.3.5 | CVE-2024-43598, https://github.ibm.com/ax/planning/issues/15468| 4.6.0 and 3.3.5| Backport |...
@rolweber pls suggest if we can update onnx to v1.17.0 in OpenCE v1.11.6 for CVE - https://github.com/advisories/GHSA-h36j-8vv3-cj52.
While updating langchain-core to v0.3.51 we need to update langchain-community to v0.3.21 and while doing so we have observed that this would require updating numpy to v1.16.2 due to the...
Regarding onnx CVE - the fix for https://github.com/advisories/GHSA-h36j-8vv3-cj52 is in https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f which was included in 1.11.5 as part of fix of another CVE - https://github.com/advisories/GHSA-6rq9-53c3-f7vj
Sure @mwatk. I will check these and get back to you.