Spaces:
Running
Running
Commit Β·
9d87e29
1
Parent(s): b27bf8a
fix: update all vulnerable dependencies (Dependabot alerts)
Browse filesCritical:
- torch 2.1.0 β 2.6.0 (RCE via torch.load, heap overflow, use-after-free)
High:
- transformers 4.36.0 β 4.53.0 (deserialization, ReDoS, input validation)
- cryptography 41.0.7 β 44.0.1 (subgroup attack, null pointer - linux/windows)
- Pillow 10.x β 11.1.0 (buffer overflow, PSD out-of-bounds write)
- python-multipart β 0.0.22 (arbitrary file write, ReDoS)
- scikit-learn 1.4.0 β 1.5.0 (sensitive data leakage)
- starlette 0.35.1 β 0.46.2 (DoS via multipart, in lock file)
Applied to: requirements.txt, requirements-linux.txt,
requirements-windows.txt, requirements-lock.txt, Dockerfile
- Dockerfile +5 -5
- backend/requirements-linux.txt +7 -7
- backend/requirements-lock.txt +2 -2
- backend/requirements-windows.txt +7 -7
- backend/requirements.txt +6 -6
Dockerfile
CHANGED
|
@@ -16,8 +16,8 @@ RUN pip install --no-cache-dir --upgrade pip && \
|
|
| 16 |
pydantic-settings==2.1.0 \
|
| 17 |
python-dotenv==1.0.0 \
|
| 18 |
python-magic==0.4.27 \
|
| 19 |
-
python-multipart==0.0.
|
| 20 |
-
Pillow==
|
| 21 |
imagehash==4.3.1 \
|
| 22 |
numpy==1.26.3 \
|
| 23 |
scipy==1.11.4 \
|
|
@@ -29,9 +29,9 @@ RUN pip install --no-cache-dir --upgrade pip && \
|
|
| 29 |
cryptography==41.0.7 \
|
| 30 |
psutil==5.9.8 && \
|
| 31 |
pip install --no-cache-dir \
|
| 32 |
-
torch==2.
|
| 33 |
-
torchvision==0.
|
| 34 |
-
transformers==4.
|
| 35 |
diffusers==0.25.0 \
|
| 36 |
accelerate==0.25.0 \
|
| 37 |
huggingface_hub==0.20.0 \
|
|
|
|
| 16 |
pydantic-settings==2.1.0 \
|
| 17 |
python-dotenv==1.0.0 \
|
| 18 |
python-magic==0.4.27 \
|
| 19 |
+
python-multipart==0.0.22 \
|
| 20 |
+
Pillow==11.1.0 \
|
| 21 |
imagehash==4.3.1 \
|
| 22 |
numpy==1.26.3 \
|
| 23 |
scipy==1.11.4 \
|
|
|
|
| 29 |
cryptography==41.0.7 \
|
| 30 |
psutil==5.9.8 && \
|
| 31 |
pip install --no-cache-dir \
|
| 32 |
+
torch==2.6.0 \
|
| 33 |
+
torchvision==0.21.0 \
|
| 34 |
+
transformers==4.53.0 \
|
| 35 |
diffusers==0.25.0 \
|
| 36 |
accelerate==0.25.0 \
|
| 37 |
huggingface_hub==0.20.0 \
|
backend/requirements-linux.txt
CHANGED
|
@@ -13,7 +13,7 @@ python-dotenv==1.0.0
|
|
| 13 |
|
| 14 |
# File Processing
|
| 15 |
python-magic==0.4.27 # Linux-specific (cross-platform)
|
| 16 |
-
python-multipart==0.0.
|
| 17 |
|
| 18 |
# Testing
|
| 19 |
pytest==7.4.3
|
|
@@ -23,13 +23,13 @@ pytest-cov==4.1.0
|
|
| 23 |
psutil==5.9.8
|
| 24 |
|
| 25 |
# Image Processing & Forensics
|
| 26 |
-
Pillow==
|
| 27 |
imagehash==4.3.1
|
| 28 |
|
| 29 |
# AI Detection & Analysis
|
| 30 |
numpy==1.26.3
|
| 31 |
scipy==1.11.4
|
| 32 |
-
scikit-learn==1.
|
| 33 |
opencv-python==4.9.0.80
|
| 34 |
slowapi==0.1.9
|
| 35 |
|
|
@@ -38,13 +38,13 @@ PyWavelets==1.4.1
|
|
| 38 |
scikit-image==0.22.0
|
| 39 |
|
| 40 |
# Cryptography
|
| 41 |
-
cryptography==
|
| 42 |
|
| 43 |
# Deep Learning Detection
|
| 44 |
-
torch==2.
|
| 45 |
-
torchvision==0.
|
| 46 |
diffusers==0.25.0
|
| 47 |
-
transformers==4.
|
| 48 |
accelerate==0.25.0
|
| 49 |
huggingface_hub==0.20.0
|
| 50 |
safetensors==0.4.1
|
|
|
|
| 13 |
|
| 14 |
# File Processing
|
| 15 |
python-magic==0.4.27 # Linux-specific (cross-platform)
|
| 16 |
+
python-multipart==0.0.22
|
| 17 |
|
| 18 |
# Testing
|
| 19 |
pytest==7.4.3
|
|
|
|
| 23 |
psutil==5.9.8
|
| 24 |
|
| 25 |
# Image Processing & Forensics
|
| 26 |
+
Pillow==11.1.0
|
| 27 |
imagehash==4.3.1
|
| 28 |
|
| 29 |
# AI Detection & Analysis
|
| 30 |
numpy==1.26.3
|
| 31 |
scipy==1.11.4
|
| 32 |
+
scikit-learn==1.5.0
|
| 33 |
opencv-python==4.9.0.80
|
| 34 |
slowapi==0.1.9
|
| 35 |
|
|
|
|
| 38 |
scikit-image==0.22.0
|
| 39 |
|
| 40 |
# Cryptography
|
| 41 |
+
cryptography==44.0.1
|
| 42 |
|
| 43 |
# Deep Learning Detection
|
| 44 |
+
torch==2.6.0
|
| 45 |
+
torchvision==0.21.0
|
| 46 |
diffusers==0.25.0
|
| 47 |
+
transformers==4.53.0
|
| 48 |
accelerate==0.25.0
|
| 49 |
huggingface_hub==0.20.0
|
| 50 |
safetensors==0.4.1
|
backend/requirements-lock.txt
CHANGED
|
@@ -20,10 +20,10 @@ pytest==9.0.2
|
|
| 20 |
pytest-asyncio==1.3.0
|
| 21 |
python-dotenv==1.0.0
|
| 22 |
python-magic==0.4.27
|
| 23 |
-
python-multipart==0.0.
|
| 24 |
PyYAML==6.0.3
|
| 25 |
sniffio==1.3.1
|
| 26 |
-
starlette==0.
|
| 27 |
typing_extensions==4.15.0
|
| 28 |
uvicorn==0.27.0
|
| 29 |
watchfiles==1.1.1
|
|
|
|
| 20 |
pytest-asyncio==1.3.0
|
| 21 |
python-dotenv==1.0.0
|
| 22 |
python-magic==0.4.27
|
| 23 |
+
python-multipart==0.0.22
|
| 24 |
PyYAML==6.0.3
|
| 25 |
sniffio==1.3.1
|
| 26 |
+
starlette==0.46.2
|
| 27 |
typing_extensions==4.15.0
|
| 28 |
uvicorn==0.27.0
|
| 29 |
watchfiles==1.1.1
|
backend/requirements-windows.txt
CHANGED
|
@@ -12,7 +12,7 @@ python-dotenv==1.0.0
|
|
| 12 |
|
| 13 |
# File Processing
|
| 14 |
python-magic-bin==0.4.14 # Windows-specific
|
| 15 |
-
python-multipart==0.0.
|
| 16 |
|
| 17 |
# Testing
|
| 18 |
pytest==7.4.3
|
|
@@ -22,13 +22,13 @@ pytest-cov==4.1.0
|
|
| 22 |
psutil==5.9.8
|
| 23 |
|
| 24 |
# Image Processing & Forensics
|
| 25 |
-
Pillow==
|
| 26 |
imagehash==4.3.1
|
| 27 |
|
| 28 |
# AI Detection & Analysis
|
| 29 |
numpy==1.26.3
|
| 30 |
scipy==1.11.4
|
| 31 |
-
scikit-learn==1.
|
| 32 |
opencv-python==4.9.0.80
|
| 33 |
slowapi==0.1.9
|
| 34 |
|
|
@@ -37,13 +37,13 @@ PyWavelets==1.4.1
|
|
| 37 |
scikit-image==0.22.0
|
| 38 |
|
| 39 |
# Cryptography
|
| 40 |
-
cryptography==
|
| 41 |
|
| 42 |
# Deep Learning Detection
|
| 43 |
-
torch==2.
|
| 44 |
-
torchvision==0.
|
| 45 |
diffusers==0.25.0
|
| 46 |
-
transformers==4.
|
| 47 |
accelerate==0.25.0
|
| 48 |
huggingface_hub==0.20.0
|
| 49 |
safetensors==0.4.1
|
|
|
|
| 12 |
|
| 13 |
# File Processing
|
| 14 |
python-magic-bin==0.4.14 # Windows-specific
|
| 15 |
+
python-multipart==0.0.22
|
| 16 |
|
| 17 |
# Testing
|
| 18 |
pytest==7.4.3
|
|
|
|
| 22 |
psutil==5.9.8
|
| 23 |
|
| 24 |
# Image Processing & Forensics
|
| 25 |
+
Pillow==11.1.0
|
| 26 |
imagehash==4.3.1
|
| 27 |
|
| 28 |
# AI Detection & Analysis
|
| 29 |
numpy==1.26.3
|
| 30 |
scipy==1.11.4
|
| 31 |
+
scikit-learn==1.5.0
|
| 32 |
opencv-python==4.9.0.80
|
| 33 |
slowapi==0.1.9
|
| 34 |
|
|
|
|
| 37 |
scikit-image==0.22.0
|
| 38 |
|
| 39 |
# Cryptography
|
| 40 |
+
cryptography==44.0.1
|
| 41 |
|
| 42 |
# Deep Learning Detection
|
| 43 |
+
torch==2.6.0
|
| 44 |
+
torchvision==0.21.0
|
| 45 |
diffusers==0.25.0
|
| 46 |
+
transformers==4.53.0
|
| 47 |
accelerate==0.25.0
|
| 48 |
huggingface_hub==0.20.0
|
| 49 |
safetensors==0.4.1
|
backend/requirements.txt
CHANGED
|
@@ -9,7 +9,7 @@ python-dotenv==1.0.0
|
|
| 9 |
|
| 10 |
# File Processing
|
| 11 |
python-magic==0.4.27
|
| 12 |
-
python-multipart==0.0.
|
| 13 |
|
| 14 |
# Testing
|
| 15 |
pytest==7.4.3
|
|
@@ -19,13 +19,13 @@ pytest-cov==4.1.0
|
|
| 19 |
psutil==5.9.8
|
| 20 |
|
| 21 |
# Image Processing & Forensics
|
| 22 |
-
Pillow==
|
| 23 |
imagehash==4.3.1
|
| 24 |
|
| 25 |
# AI Detection & Analysis
|
| 26 |
numpy==1.26.3
|
| 27 |
scipy==1.11.4
|
| 28 |
-
scikit-learn==1.
|
| 29 |
opencv-python==4.9.0.80
|
| 30 |
slowapi==0.1.9
|
| 31 |
|
|
@@ -37,10 +37,10 @@ scikit-image==0.22.0
|
|
| 37 |
cryptography==43.0.1
|
| 38 |
|
| 39 |
# Deep Learning Detection
|
| 40 |
-
torch==2.
|
| 41 |
-
torchvision==0.
|
| 42 |
diffusers==0.25.0
|
| 43 |
-
transformers==4.
|
| 44 |
accelerate==0.25.0
|
| 45 |
huggingface_hub==0.20.0
|
| 46 |
safetensors==0.4.1
|
|
|
|
| 9 |
|
| 10 |
# File Processing
|
| 11 |
python-magic==0.4.27
|
| 12 |
+
python-multipart==0.0.22
|
| 13 |
|
| 14 |
# Testing
|
| 15 |
pytest==7.4.3
|
|
|
|
| 19 |
psutil==5.9.8
|
| 20 |
|
| 21 |
# Image Processing & Forensics
|
| 22 |
+
Pillow==11.1.0
|
| 23 |
imagehash==4.3.1
|
| 24 |
|
| 25 |
# AI Detection & Analysis
|
| 26 |
numpy==1.26.3
|
| 27 |
scipy==1.11.4
|
| 28 |
+
scikit-learn==1.5.0
|
| 29 |
opencv-python==4.9.0.80
|
| 30 |
slowapi==0.1.9
|
| 31 |
|
|
|
|
| 37 |
cryptography==43.0.1
|
| 38 |
|
| 39 |
# Deep Learning Detection
|
| 40 |
+
torch==2.6.0
|
| 41 |
+
torchvision==0.21.0
|
| 42 |
diffusers==0.25.0
|
| 43 |
+
transformers==4.53.0
|
| 44 |
accelerate==0.25.0
|
| 45 |
huggingface_hub==0.20.0
|
| 46 |
safetensors==0.4.1
|