Skip to content

Remove upper bound on urllib in the requirements #4362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jmahlik opened this issue Jan 8, 2024 · 0 comments · Fixed by #4364
Closed

Remove upper bound on urllib in the requirements #4362

jmahlik opened this issue Jan 8, 2024 · 0 comments · Fixed by #4364
Labels
type: bug

Comments

@jmahlik
Copy link
Contributor

jmahlik commented Jan 8, 2024

Describe the bug
#4168 previously fixed this.

The changes to the setup.py in 68ff700#diff-60f61ab7a8d1910d86d9fda2261620314edcae5894d5aaa236b821c7256badd7R67-R72 reintroduced the old versions of urllib. Relax the restriction on the version.

I've also opened #4361 for the pinned versions of fast api and uvcorn separately.

To reproduce
This was introduced in release 2.199.0.

python -m pip install sagemaker==2.203.0 results in unresolvable deps since urilib is restricted to above version two in many other projects.

Expected behavior
Install to succeed, project to be clear of CVE from transitive deps.

Screenshots or logs
If applicable, add screenshots or logs to help explain your problem.

System information
A description of your system. Please provide:

  • SageMaker Python SDK version: 2.203.0
  • Framework name (eg. PyTorch) or algorithm (eg. KMeans): n/a
  • Framework version: n/a
  • Python version: 3.12/3.11/3.10/3.9
  • CPU or GPU: cpu
  • Custom Docker image (Y/N): N

Additional context
Add any other context about the problem here.
jmahlik added a commit to StateFarmIns/sagemaker-python-sdk that referenced this issue Jan 8, 2024
@jmahlik
fix: relax upper bound for urllib dependency
1d3d230 
Closes aws#4362
@jmahlik jmahlik mentioned this issue Jan 8, 2024
Merged
9 tasks
@jmahlik jmahlik changed the title Remove upper bound on urllib in the requirements for CVE-2023-43804 Remove upper bound on urllib in the requirements Jan 8, 2024
jmahlik added a commit to StateFarmIns/sagemaker-python-sdk that referenced this issue Jan 19, 2024
@jmahlik
fix: relax upper bound for urllib dependency
3f0f033 
Closes aws#4362
jmahlik added a commit to StateFarmIns/sagemaker-python-sdk that referenced this issue Jan 19, 2024
@jmahlik
fix: relax upper bound for urllib dependency
38f74cb 
Closes aws#4362
jmahlik added a commit to StateFarmIns/sagemaker-python-sdk that referenced this issue Jan 22, 2024
@jmahlik
fix: relax upper bound for urllib dependency
8da8b49 
Closes aws#4362
jmahlik added a commit to StateFarmIns/sagemaker-python-sdk that referenced this issue Jan 24, 2024
@jmahlik
fix: relax upper bound for urllib dependency
7facc6c 
Closes aws#4362
jmahlik added a commit to StateFarmIns/sagemaker-python-sdk that referenced this issue Jan 31, 2024
@jmahlik
fix: relax upper bound for urllib dependency
259ed3e 
Closes aws#4362
knikure pushed a commit that referenced this issue Feb 1, 2024
@jmahlik
fix: relax upper bound for urllib dependency (#4364)
f8d90ce 
Closes #4362
@mohanasudhan mohanasudhan mentioned this issue Feb 26, 2024
Merged
9 tasks
Captainia pushed a commit to Captainia/sagemaker-python-sdk that referenced this issue Feb 29, 2024
@jmahlik
fix: relax upper bound for urllib dependency (aws#4364)
7d4e65c 
Closes aws#4362
jiapinw pushed a commit to jiapinw/sagemaker-python-sdk that referenced this issue Jun 25, 2024
@jmahlik @jiapinw
fix: relax upper bound for urllib dependency (aws#4364)
e4135d7 
Closes aws#4362
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: relax upper bound for urllib dependency StateFarmIns/sagemaker-python-sdk
1 participant
@jmahlik