Safety vulnerability ID: 63682
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Syngen 0.5.0 updates its MLflow dependency from version 2.8.0 to 2.8.1 due to the CVE-2023-6015.
https://github.com/tdspora/syngen/pull/314/commits/351291b187276f846647544265fe577b94f11e2a
Latest version: 0.8.0
The tool uncovers patterns, trends, and correlations hidden within your production datasets.
Important
Starting with syngen v 0.5.0, Python 3.9.* is required.
Python 3.8.* is no longer supported. Ensure you are using the correct Python version to avoid compatibility issues.
What's Changed
* Merging development branch into main by serhio-k in https://github.com/tdspora/syngen/pull/312
* Epmctdm 6582 tensorflow 215 by serhio-k in https://github.com/tdspora/syngen/pull/315
* fix vulnerabilities by Anna050689 in https://github.com/tdspora/syngen/pull/314
The vulnerability CVE-2023-6015 https://github.com/advisories/GHSA-f798-qm4r-23r5 (https://github.com/advisories/GHSA-f798-qm4r-23r5) fixed by upgrade to mlflow v.2.8.1.
The vulnerability CVE-2023-47248 https://github.com/advisories/GHSA-5wvp-7f3h-6wmm (https://github.com/advisories/GHSA-5wvp-7f3h-6wmm) fixed by removing the dependency from the list of required dependencies. Now the library pyarrow will be installed in v.14.0.1 as a dependency of mlflow 2.8.1
**Full Changelog**: https://github.com/tdspora/syngen/compare/0.4.10...0.5.0
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application