Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency nltk to v3.9 #52

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

chore(deps): update dependency nltk to v3.9

95d7fb7
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency nltk to v3.9 #52

chore(deps): update dependency nltk to v3.9
95d7fb7
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Mar 21, 2025 in 10m 41s

Security Report

You have successfully remediated 21 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2025-2148

Path to dependency file: /packages/bert/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250321045959_LSRHAM/python_QPYIRC/202503210501351/env/lib/python3.9/site-packages/torch-2.6.0.dist-info

Dependency Hierarchy:

-> bert_score-0.3.13-py3-none-any.whl (Root Library)

   -> ❌ torch-2.6.0-cp39-cp39-manylinux1_x86_64.whl (Vulnerable Library)

Medium 5.0 torch-2.6.0-cp39-cp39-manylinux1_x86_64.whl Upgrade to version: torch - no_fix #7
CVE-2025-2149

Path to dependency file: /packages/bert/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250321045959_LSRHAM/python_QPYIRC/202503210501351/env/lib/python3.9/site-packages/torch-2.6.0.dist-info

Dependency Hierarchy:

-> bert_score-0.3.13-py3-none-any.whl (Root Library)

   -> ❌ torch-2.6.0-cp39-cp39-manylinux1_x86_64.whl (Vulnerable Library)

Low 2.5 torch-2.6.0-cp39-cp39-manylinux1_x86_64.whl Upgrade to version: pytorch - no_fix #7

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-35195 requests-2.31.0-py3-none-any.whl
CVE-2025-2148 torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl
CVE-2024-39705 nltk-3.8.1-py3-none-any.whl
CVE-2024-37891 urllib3-2.0.7-py3-none-any.whl
CVE-2023-44271 Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl
CVE-2025-2149 torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl
CVE-2024-11392 transformers-4.30.2-py3-none-any.whl
CVE-2023-7018 transformers-4.30.2-py3-none-any.whl
CVE-2023-6730 transformers-4.30.2-py3-none-any.whl
CVE-2023-45139 fonttools-4.38.0-py3-none-any.whl
CVE-2021-34141 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2024-3568 transformers-4.30.2-py3-none-any.whl
CVE-2024-5569 zipp-3.15.0-py3-none-any.whl
CVE-2024-31584 torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl
CVE-2024-12720 transformers-4.30.2-py3-none-any.whl
CVE-2024-31583 torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl
CVE-2024-11394 transformers-4.30.2-py3-none-any.whl
CVE-2024-6345 setuptools-68.0.0-py3-none-any.whl
CVE-2023-50447 Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl
CVE-2024-31580 torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl
CVE-2024-11393 transformers-4.30.2-py3-none-any.whl

Base branch total remaining vulnerabilities: 34
Base branch commit: 4eb009871afeb33b45c5852a5ff24335e8fa0814


Total libraries scanned: 596

Scan token: 5ea5b836ac3a4d6f961e7e52bacf3fa6

View more details on Mend for GitHub.com