Skip to content

[LIBX] Security dependency upgrades — 3 package(s) (2026-05-04)#17

Open
raghavmehrotra-art wants to merge 1 commit into
yl4579:mainfrom
raghavmehrotra-art:libx/security-upgrades-0504_1214
Open

[LIBX] Security dependency upgrades — 3 package(s) (2026-05-04)#17
raghavmehrotra-art wants to merge 1 commit into
yl4579:mainfrom
raghavmehrotra-art:libx/security-upgrades-0504_1214

Conversation

@raghavmehrotra-art
Copy link
Copy Markdown

@raghavmehrotra-art raghavmehrotra-art commented May 4, 2026

Security Dependency Upgrades

This PR was automatically generated by LIBX.

⚠️ WARNING: Tests are still failing after automated patching attempts.
Please review the changes carefully before merging.

Upgrades Summary

Package Old Version New Version CVEs Fixed
gradio 3.45.2 4.19.2 GHSA-26jh-r8g2-6fpr, GHSA-279j-x4gx-hfrh, GHSA-34rf-p3r3-58x2, GHSA-37qc-qgx6-9xjv, GHSA-39mp-8hj3-5c49, GHSA-3c67-5hwx-f6wx, GHSA-3gf9-wv65-gwh9, GHSA-48cq-79qq-6f7x, GHSA-4q3c-cj7g-jcwf, GHSA-576c-3j53-r9jj, GHSA-5cpq-9538-jm2j, GHSA-6qm2-wpxq-7qh2, GHSA-6v6g-j5fq-hpvw, GHSA-77xq-6g77-h274, GHSA-7v2w-h4gh-w5cv, GHSA-89v2-pqfv-c5r9, GHSA-8c87-gvhj-xm8m, GHSA-8jw3-6x8j-v96g, GHSA-973g-55hp-3frw, GHSA-f3h9-8phc-6gvh, GHSA-g6c9-f4xm-9j4x, GHSA-g9cj-cfpp-4g2x, GHSA-gqvf-3hgp-5hxv, GHSA-gvv6-33j7-884g, GHSA-hm3c-93pg-4cxw, GHSA-hmx6-r76c-85g9, GHSA-j2jg-fq62-7c3h, GHSA-j757-pf57-f8r4, GHSA-jmh7-g254-2cq9, GHSA-m842-4qm8-7gpq, GHSA-pfjf-5gxr-995x, GHSA-prpg-p95c-32fv, GHSA-qh6x-j82h-vpf9, GHSA-r364-m2j9-mf4h, GHSA-rvfh-h6c7-fc3c, GHSA-xh2x-3mrm-fwqm, PYSEC-2023-249, PYSEC-2023-255, PYSEC-2024-184, PYSEC-2024-196, PYSEC-2024-197, PYSEC-2024-198, PYSEC-2024-199, PYSEC-2024-213, PYSEC-2024-214, PYSEC-2024-215, PYSEC-2024-216, PYSEC-2024-217, PYSEC-2024-218, PYSEC-2024-219, PYSEC-2024-220, PYSEC-2024-255, GHSA-3f95-mxq2-2f63, GHSA-xcgp-r7r8-2hc9, GHSA-3x9g-xfj5-fq84
torch 2.0.0 2.4.0 GHSA-3749-ghw9-m3mg, GHSA-53q9-r3pm-6pq6, GHSA-5pcm-hx3q-hm94, GHSA-887c-mr87-cxwp, GHSA-pg7h-5qx3-wjr3, PYSEC-2024-250, PYSEC-2024-251, PYSEC-2024-252, PYSEC-2024-259, PYSEC-2025-41, GHSA-4vmg-rw8f-92f9
tqdm 4.65.0 4.65.1 GHSA-g7vv-2v7x-gj9p

Vulnerabilities Fixed

GHSA-26jh-r8g2-6fpr (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-279j-x4gx-hfrh (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-34rf-p3r3-58x2 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-37qc-qgx6-9xjv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-39mp-8hj3-5c49 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-3c67-5hwx-f6wx (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-3gf9-wv65-gwh9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-48cq-79qq-6f7x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-4q3c-cj7g-jcwf (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-576c-3j53-r9jj (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-5cpq-9538-jm2j (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-6qm2-wpxq-7qh2 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-6v6g-j5fq-hpvw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-77xq-6g77-h274 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-7v2w-h4gh-w5cv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-89v2-pqfv-c5r9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-8c87-gvhj-xm8m (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-8jw3-6x8j-v96g (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-973g-55hp-3frw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-f3h9-8phc-6gvh (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-g6c9-f4xm-9j4x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-g9cj-cfpp-4g2x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-gqvf-3hgp-5hxv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-gvv6-33j7-884g (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-hm3c-93pg-4cxw (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-hmx6-r76c-85g9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-j2jg-fq62-7c3h (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-j757-pf57-f8r4 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-jmh7-g254-2cq9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-m842-4qm8-7gpq (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-pfjf-5gxr-995x (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-prpg-p95c-32fv (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-qh6x-j82h-vpf9 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-r364-m2j9-mf4h (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-rvfh-h6c7-fc3c (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-xh2x-3mrm-fwqm (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2023-249 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2023-255 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-184 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-196 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-197 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-198 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-199 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-213 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-214 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-215 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-216 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-217 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-218 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-219 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-220 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-255 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-3f95-mxq2-2f63 (HIGH)

Summary: Duplicate Advisory: Gradio Local File Inclusion vulnerability
Fixed in: 4.19.2
Source: GITHUB

GHSA-xcgp-r7r8-2hc9 (HIGH)

Summary: Gradio's CI vulnerable to Command Injection
Fixed in: 4.18.0
Source: GITHUB

GHSA-3x9g-xfj5-fq84 (MODERATE)

Summary: Duplicate Advisory: Cross-Site Request Forgery in Gradio
Fixed in: 4.19.2
Source: GITHUB

GHSA-3749-ghw9-m3mg (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-53q9-r3pm-6pq6 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-5pcm-hx3q-hm94 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-887c-mr87-cxwp (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-pg7h-5qx3-wjr3 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-250 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-251 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-252 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2024-259 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

PYSEC-2025-41 (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

GHSA-4vmg-rw8f-92f9 (CRITICAL)

Summary: Withdrawn Advisory: PyTorch deserialization vulnerability
Fixed in: ``
Source: GITHUB

GHSA-g7vv-2v7x-gj9p (UNKNOWN)

Summary:
Fixed in: ``
Source: OSV

Verification

  • Tests: ❌ FAILED (import-check)
Test output 
Import check failed — 54 file(s) have errors after the upgrade:

[import] src\ctcmodel.py:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "C:\libx\libx_DMOSpeech2_0504_1214_415064\src\ctcmodel.py", line 9, in <module>
    from f5_tts.model.utils import default
ModuleNotFoundError: No module named 'f5_tts'

[import] src\discriminator_conformer.py:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "C:\libx\libx_DMOSpeech2_0504_1214_415064\src\discriminator_conformer.py", line 12, in <module>
    from f5_tts.model.utils import (
Mod
  • Lint: ✅ PASSED

Generated by LIBX

@raghavmehrotra-art
[LIBX] Security dependency upgrades + code migration
bb0d63d 
- gradio: 3.45.2 → 4.19.2 (GHSA-26jh-r8g2-6fpr, GHSA-279j-x4gx-hfrh, GHSA-34rf-p3r3-58x2, GHSA-37qc-qgx6-9xjv, GHSA-39mp-8hj3-5c49, GHSA-3c67-5hwx-f6wx, GHSA-3gf9-wv65-gwh9, GHSA-48cq-79qq-6f7x, GHSA-4q3c-cj7g-jcwf, GHSA-576c-3j53-r9jj, GHSA-5cpq-9538-jm2j, GHSA-6qm2-wpxq-7qh2, GHSA-6v6g-j5fq-hpvw, GHSA-77xq-6g77-h274, GHSA-7v2w-h4gh-w5cv, GHSA-89v2-pqfv-c5r9, GHSA-8c87-gvhj-xm8m, GHSA-8jw3-6x8j-v96g, GHSA-973g-55hp-3frw, GHSA-f3h9-8phc-6gvh, GHSA-g6c9-f4xm-9j4x, GHSA-g9cj-cfpp-4g2x, GHSA-gqvf-3hgp-5hxv, GHSA-gvv6-33j7-884g, GHSA-hm3c-93pg-4cxw, GHSA-hmx6-r76c-85g9, GHSA-j2jg-fq62-7c3h, GHSA-j757-pf57-f8r4, GHSA-jmh7-g254-2cq9, GHSA-m842-4qm8-7gpq, GHSA-pfjf-5gxr-995x, GHSA-prpg-p95c-32fv, GHSA-qh6x-j82h-vpf9, GHSA-r364-m2j9-mf4h, GHSA-rvfh-h6c7-fc3c, GHSA-xh2x-3mrm-fwqm, PYSEC-2023-249, PYSEC-2023-255, PYSEC-2024-184, PYSEC-2024-196, PYSEC-2024-197, PYSEC-2024-198, PYSEC-2024-199, PYSEC-2024-213, PYSEC-2024-214, PYSEC-2024-215, PYSEC-2024-216, PYSEC-2024-217, PYSEC-2024-218, PYSEC-2024-219, PYSEC-2024-220, PYSEC-2024-255, GHSA-3f95-mxq2-2f63, GHSA-xcgp-r7r8-2hc9, GHSA-3x9g-xfj5-fq84)
- torch: 2.0.0 → 2.4.0 (GHSA-3749-ghw9-m3mg, GHSA-53q9-r3pm-6pq6, GHSA-5pcm-hx3q-hm94, GHSA-887c-mr87-cxwp, GHSA-pg7h-5qx3-wjr3, PYSEC-2024-250, PYSEC-2024-251, PYSEC-2024-252, PYSEC-2024-259, PYSEC-2025-41, GHSA-4vmg-rw8f-92f9)
- tqdm: 4.65.0 → 4.65.1 (GHSA-g7vv-2v7x-gj9p)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raghavmehrotra-art