chore(deps): update dependency urllib3 to v2.0.6 [security] #2536
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
requested review from
Vika-F,
maria-Petrova and
Alexsandruss
as code owners
napetrov
approved these changes
Oct 3, 2023
avolkov-intel
pushed a commit
to avolkov-intel/oneDAL
that referenced
this pull request
Oct 9, 2023
avolkov-intel
added a commit
that referenced
this pull request
Nov 8, 2023
* Initial commit * Add tests * Add cg_solver primitive to solve equation Ax = b * Move newton_cg primitve to optimizators primitive * Define newton_cg optimization function * Add backtracking algorithm for optimal alpha, implement newton_cg solver * Fix errors, add tests for newton-cg * Remove redundant wait_and_throw, add links to sources * Ensure code stability and fix minor issues - Add control over the number of iterations in while loops - Use l2-norm for convergence checks in cg-solver - Move QuadraticFunction to primitives section * Add sycl::fill, sycl::fabs and add specifiers for virtual functions * Remove redundant package dependency, update default values for Float parameters * Change update_x return type to event_vector, rename test function and minor fix * Initial commit * Split logloss and derivative functions, decrease the number of parameters * Delete redundant compute functions, deselect tests * Add LogLossFunction class and cover it with tests * Fix bugs, rename kernels and remove redundant, update perforamnce tests * Add wait and throw after gemv events * Minor * Fix error and add batch test * Add const qualifier for table with data * Minor * Add LogReg test to newton_cg optimizer * Add LogReg algorithm interface * Add BUILD files, vanila implementation and tmp test * Add test * Minor * Update train kernel * Add GPU infer kernels to LogReg algo * Add logistic regression dpc example * Fix GPU test failures: PCA (#2531) * Fix PCA tests * Apply clang-format * Support building reference backend with clang (#2529) * Add correct compile flags for clang reference build The clang makefile doesn't have the right includes defined for the reference backend implementation. Update this to match the defines for GCC. * Use right include directory for TBB The makefile doesn't use the most up-to-date variable for finding TBB libraries. This meant that a user-installed TBB, specified through TBBROOT, was not picked up during the build process. Now, if there is no TBB in the __deps folder, it is picked up from TBBROOT. * oneDAL development env docker image (#2513) * removing JDK deps * Fixing env and introduce docker * Creating bazel env script * adding readme for docker * updating * adding github validation * new line * remove bash invocation for scripts * fixing ci.yml * add execute permissions * fixing ci.yml * fixing github flow name * adding sudo to docker image * fixing install dpcpp script * fixing base docker deps * fixing bazelisk * fixing ci.yml * fixing windows ci with bash call * fixing bazel ci * updating bazel readme to current state * fixing bazel caching and nuget windows build * adding git binary * adding build validation and conda to env * enable larger validation in CI * fixing CLI * adding conda to docker * fixing docker * fixing docker * adding deps and build * adding docs env and more tests for nightly * not passing param * switching to conda env file * adding conda env * fixign path to env.yml * drop caching version to 1 as bazel version was fixed * bump version for spxinks-prompt to 1.8 * revert version * disabling doc reqs * switchign to latest tag * actually running code in docker * merging docker commands in one * merging docker commands in one * merging docker commands in one * installing bazel in docker image * adding build with OpenBLAS to validation * removing build with OpenBLAS to validation * Apply suggestions from code review Co-authored-by: Alexandra <alexandra.epanchinzeva@intel.com> * Apply suggestions from code review Co-authored-by: Alexander Andreev <alexander.andreev@intel.com> --------- Co-authored-by: Alexandra <alexandra.epanchinzeva@intel.com> Co-authored-by: Alexander Andreev <alexander.andreev@intel.com> * chore(deps): update actions/checkout digest to 8ade135 (#2521) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update version to 2024.0.1 (#2533) * Online interfaces for LOM (#2483) * chore(deps): update dependency urllib3 to v2.0.6 [security] (#2536) * Minor * Change task name to binary classification and update an example * Add template optimizer parameter to descriptor, add optimizer factory, change method to dense_batch * Change unimplemented error name thrown in cpu kernel * Move data to gpu before training * Minor * Change dependency graph to address error, fix tests * Add optimizer descriptor as a template parameter * Update interface, improve primitive stability -Add l1_coef, class_count getters/setters -Throw exception if l1_coef != 0.0 or class_count != 2 -Update example -Add wait_and_throw for gemv events in logloss primitive to avoid sporadic errors * Move the optimizer dispatching logic to minimize function * Minor * Remove debug output, change optimizer_impl minimize interface * Remove redundant header and fix example * Remove redundatn imports * Update makefile, remove dependency from rng_primitive * Clang format * Update makefile * Add iterations number parameter * Update devices list for logreg example * Change fp type to float * Address comments * Adress changes, change iterations_number to iterations_count * Substitute l1, l2 coefs to C - inverse regularization in the interface * Remove class_count from descriptor constructor * Fix typo in result option naming * Add skipif statement to ignore cpu testing * Remove redundant includes --------- Co-authored-by: Dmitriy Ovchinnikov <117165790+inteldimitrius@users.noreply.github.com> Co-authored-by: Keeran Rothenfusser <141222236+keeranroth@users.noreply.github.com> Co-authored-by: Nikolay Petrov <nikolay.a.petrov@intel.com> Co-authored-by: Alexandra <alexandra.epanchinzeva@intel.com> Co-authored-by: Alexander Andreev <alexander.andreev@intel.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Aleksandr Solovev <aleksandr.solovev@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.0.4->==2.0.6GitHub Vulnerability Alerts
CVE-2023-43804
urllib3 doesn't treat the
CookieHTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify aCookieheader and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.Users must handle redirects themselves instead of relying on urllib3's automatic redirects to achieve safe processing of the
Cookieheader, thus we decided to strip the header by default in order to further protect users who aren't using the correct approach.Affected usages
We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:
Cookieheader on requests, which is mostly typical for impersonating a browser.Remediation
redirects=Falsewhen sending requests.Cookieheader.Release Notes
urllib3/urllib3 (urllib3)
v2.0.6Compare Source
==================
Cookieheader to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect.v2.0.5Compare Source
==================
#​3126 <https://github.com/urllib3/urllib3/issues/3126>__)blocksizeofHTTPConnectionclasses to match high-level classes. Previously was 8KiB, now 16KiB. (#​3066 <https://github.com/urllib3/urllib3/issues/3066>__)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.