[Snyk] Security upgrade torch from 1.10.0 to 2.10.0#83
Conversation
…abilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-TORCH-10332644 - https://snyk.io/vuln/SNYK-PYTHON-TORCH-10332645
There was a problem hiding this comment.
Pull request overview
This PR is an automated security upgrade created by Snyk to address 2 vulnerabilities in PyTorch by upgrading from version 1.10.0 to 2.10.0.
Changes:
- Updates torch dependency from 1.10.0 to 2.10.0 in the stable-diffusion-streamlit requirements.txt file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| transformers==4.22.2 | ||
| diffusers==0.3.0 | ||
| torch==1.10.0 | ||
| torch==2.10.0 |
There was a problem hiding this comment.
This major version upgrade of torch (from 1.10.0 to any 2.x version) may introduce breaking changes that could affect compatibility with the other dependencies in this project. Specifically:
diffusers==0.3.0is a very old version (from 2022) and may not be compatible with torch 2.xtransformers==4.22.2is also an old version that may have compatibility issues with torch 2.x
After fixing the version number issue, thoroughly test the application to ensure all components work correctly together. Consider updating diffusers and transformers to more recent versions that are known to be compatible with the target torch version.
Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
src/stable-diffusion-streamlit/requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Buffer Overflow