Skip to content

[LIBX] Security dependency upgrades — 3 package(s) (2026-05-04)#16

Open
raghavmehrotra-art wants to merge 1 commit into
yl4579:mainfrom
raghavmehrotra-art:libx/security-upgrades-0504_1134
Open

[LIBX] Security dependency upgrades — 3 package(s) (2026-05-04)#16
raghavmehrotra-art wants to merge 1 commit into
yl4579:mainfrom
raghavmehrotra-art:libx/security-upgrades-0504_1134

Conversation

@raghavmehrotra-art

@raghavmehrotra-art raghavmehrotra-art commented May 4, 2026

Copy link
Copy Markdown

Security Dependency Upgrades

This PR was automatically generated by LIBX.

⚠️ WARNING: Tests are still failing after automated patching attempts.
Please review the changes carefully before merging.

Upgrades Summary

Package Old Version New Version CVEs Fixed
gradio 3.45.2 4.19.2 GHSA-26jh-r8g2-6fpr, GHSA-279j-x4gx-hfrh, GHSA-34rf-p3r3-58x2, GHSA-37qc-qgx6-9xjv, GHSA-39mp-8hj3-5c49, GHSA-3c67-5hwx-f6wx, GHSA-3gf9-wv65-gwh9, GHSA-48cq-79qq-6f7x, GHSA-4q3c-cj7g-jcwf, GHSA-576c-3j53-r9jj, GHSA-5cpq-9538-jm2j, GHSA-6qm2-wpxq-7qh2, GHSA-6v6g-j5fq-hpvw, GHSA-77xq-6g77-h274, GHSA-7v2w-h4gh-w5cv, GHSA-89v2-pqfv-c5r9, GHSA-8c87-gvhj-xm8m, GHSA-8jw3-6x8j-v96g, GHSA-973g-55hp-3frw, GHSA-f3h9-8phc-6gvh, GHSA-g6c9-f4xm-9j4x, GHSA-g9cj-cfpp-4g2x, GHSA-gqvf-3hgp-5hxv, GHSA-gvv6-33j7-884g, GHSA-hm3c-93pg-4cxw, GHSA-hmx6-r76c-85g9, GHSA-j2jg-fq62-7c3h, GHSA-j757-pf57-f8r4, GHSA-jmh7-g254-2cq9, GHSA-m842-4qm8-7gpq, GHSA-pfjf-5gxr-995x, GHSA-prpg-p95c-32fv, GHSA-qh6x-j82h-vpf9, GHSA-r364-m2j9-mf4h, GHSA-rvfh-h6c7-fc3c, GHSA-xh2x-3mrm-fwqm, PYSEC-2023-249, PYSEC-2023-255, PYSEC-2024-184, PYSEC-2024-196, PYSEC-2024-197, PYSEC-2024-198, PYSEC-2024-199, PYSEC-2024-213, PYSEC-2024-214, PYSEC-2024-215, PYSEC-2024-216, PYSEC-2024-217, PYSEC-2024-218, PYSEC-2024-219, PYSEC-2024-220, PYSEC-2024-255, GHSA-3f95-mxq2-2f63, GHSA-xcgp-r7r8-2hc9, GHSA-3x9g-xfj5-fq84
torch 2.0.0 2.4.0 GHSA-3749-ghw9-m3mg, GHSA-53q9-r3pm-6pq6, GHSA-5pcm-hx3q-hm94, GHSA-887c-mr87-cxwp, GHSA-pg7h-5qx3-wjr3, PYSEC-2024-250, PYSEC-2024-251, PYSEC-2024-252, PYSEC-2024-259, PYSEC-2025-41, GHSA-4vmg-rw8f-92f9
tqdm 4.65.0 4.65.1 GHSA-g7vv-2v7x-gj9p

Vulnerabilities Fixed

GHSA-26jh-r8g2-6fpr (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-279j-x4gx-hfrh (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-34rf-p3r3-58x2 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-37qc-qgx6-9xjv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-39mp-8hj3-5c49 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-3c67-5hwx-f6wx (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-3gf9-wv65-gwh9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-48cq-79qq-6f7x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-4q3c-cj7g-jcwf (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-576c-3j53-r9jj (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-5cpq-9538-jm2j (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-6qm2-wpxq-7qh2 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-6v6g-j5fq-hpvw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-77xq-6g77-h274 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-7v2w-h4gh-w5cv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-89v2-pqfv-c5r9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-8c87-gvhj-xm8m (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-8jw3-6x8j-v96g (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-973g-55hp-3frw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-f3h9-8phc-6gvh (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-g6c9-f4xm-9j4x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-g9cj-cfpp-4g2x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-gqvf-3hgp-5hxv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-gvv6-33j7-884g (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-hm3c-93pg-4cxw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-hmx6-r76c-85g9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-j2jg-fq62-7c3h (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-j757-pf57-f8r4 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-jmh7-g254-2cq9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-m842-4qm8-7gpq (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-pfjf-5gxr-995x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-prpg-p95c-32fv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-qh6x-j82h-vpf9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-r364-m2j9-mf4h (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-rvfh-h6c7-fc3c (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-xh2x-3mrm-fwqm (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2023-249 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2023-255 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-184 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-196 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-197 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-198 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-199 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-213 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-214 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-215 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-216 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-217 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-218 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-219 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-220 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-255 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-3f95-mxq2-2f63 (HIGH)

Summary: Duplicate Advisory: Gradio Local File Inclusion vulnerability
Fixed in: 4.19.2
Source: GITHUB

GHSA-xcgp-r7r8-2hc9 (HIGH)

Summary: Gradio's CI vulnerable to Command Injection
Fixed in: 4.18.0
Source: GITHUB

GHSA-3x9g-xfj5-fq84 (MODERATE)

Summary: Duplicate Advisory: Cross-Site Request Forgery in Gradio
Fixed in: 4.19.2
Source: GITHUB

GHSA-3749-ghw9-m3mg (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-53q9-r3pm-6pq6 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-5pcm-hx3q-hm94 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-887c-mr87-cxwp (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-pg7h-5qx3-wjr3 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-250 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-251 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-252 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-259 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2025-41 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-4vmg-rw8f-92f9 (CRITICAL)

Summary: Withdrawn Advisory: PyTorch deserialization vulnerability
Fixed in: ``
Source: GITHUB

GHSA-g7vv-2v7x-gj9p (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

Verification

  • Tests: ❌ FAILED (import-check)
Test output 
Import check failed — 61 file(s) have errors after the upgrade:

[import] src\ctcmodel.py:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "C:\libx\libx_DMOSpeech2_0504_1134_3e3121\src\ctcmodel.py", line 1, in <module>
    from torch import nn
  File "C:\libx\libx_DMOSpeech2_0504_1134_3e3121\.libx_venv\Lib\site-packages\torch\__init__.py", line 442, in <module>
    from torch._C import *  # noqa: F403
    ^^^^^^^^^^^^^^^^^^^^^^
ImportError: DLL load failed while importing _C: The specified module could not be found.

[import] src\discriminator_conformer.py:
Tra
  • Lint: ✅ PASSED

Generated by LIBX

@raghavmehrotra-art
[LIBX] Security dependency upgrades + code migration
4083576 
- gradio: 3.45.2 → 4.19.2 (GHSA-26jh-r8g2-6fpr, GHSA-279j-x4gx-hfrh, GHSA-34rf-p3r3-58x2, GHSA-37qc-qgx6-9xjv, GHSA-39mp-8hj3-5c49, GHSA-3c67-5hwx-f6wx, GHSA-3gf9-wv65-gwh9, GHSA-48cq-79qq-6f7x, GHSA-4q3c-cj7g-jcwf, GHSA-576c-3j53-r9jj, GHSA-5cpq-9538-jm2j, GHSA-6qm2-wpxq-7qh2, GHSA-6v6g-j5fq-hpvw, GHSA-77xq-6g77-h274, GHSA-7v2w-h4gh-w5cv, GHSA-89v2-pqfv-c5r9, GHSA-8c87-gvhj-xm8m, GHSA-8jw3-6x8j-v96g, GHSA-973g-55hp-3frw, GHSA-f3h9-8phc-6gvh, GHSA-g6c9-f4xm-9j4x, GHSA-g9cj-cfpp-4g2x, GHSA-gqvf-3hgp-5hxv, GHSA-gvv6-33j7-884g, GHSA-hm3c-93pg-4cxw, GHSA-hmx6-r76c-85g9, GHSA-j2jg-fq62-7c3h, GHSA-j757-pf57-f8r4, GHSA-jmh7-g254-2cq9, GHSA-m842-4qm8-7gpq, GHSA-pfjf-5gxr-995x, GHSA-prpg-p95c-32fv, GHSA-qh6x-j82h-vpf9, GHSA-r364-m2j9-mf4h, GHSA-rvfh-h6c7-fc3c, GHSA-xh2x-3mrm-fwqm, PYSEC-2023-249, PYSEC-2023-255, PYSEC-2024-184, PYSEC-2024-196, PYSEC-2024-197, PYSEC-2024-198, PYSEC-2024-199, PYSEC-2024-213, PYSEC-2024-214, PYSEC-2024-215, PYSEC-2024-216, PYSEC-2024-217, PYSEC-2024-218, PYSEC-2024-219, PYSEC-2024-220, PYSEC-2024-255, GHSA-3f95-mxq2-2f63, GHSA-xcgp-r7r8-2hc9, GHSA-3x9g-xfj5-fq84)
- torch: 2.0.0 → 2.4.0 (GHSA-3749-ghw9-m3mg, GHSA-53q9-r3pm-6pq6, GHSA-5pcm-hx3q-hm94, GHSA-887c-mr87-cxwp, GHSA-pg7h-5qx3-wjr3, PYSEC-2024-250, PYSEC-2024-251, PYSEC-2024-252, PYSEC-2024-259, PYSEC-2025-41, GHSA-4vmg-rw8f-92f9)
- tqdm: 4.65.0 → 4.65.1 (GHSA-g7vv-2v7x-gj9p)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raghavmehrotra-art