Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix tensorflow/keras vulnerability #13080

Open
wants to merge 1 commit into
base: 3.6.x
Choose a base branch
from
Open

fix tensorflow/keras vulnerability #13080

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5,644 changes: 3,158 additions & 2,486 deletions poetry.lock
View file
Open in desktop

Large diffs are not rendered by default.

18 changes: 9 additions & 9 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ line-length = 88
select = [ "D", "E", "F", "W", "RUF",]

[tool.poetry.dependencies]
python = ">=3.8,<3.11"
python = ">=3.9,<3.11"
boto3 = "^1.26.136"
requests = "^2.23"
matplotlib = ">=3.1,<3.6"
Expand Down Expand Up @@ -181,11 +181,11 @@ version = ">=1.19.2,<1.22.0"
python = "~=3.7.0"

[[tool.poetry.dependencies.numpy]]
version = ">=1.19.2,<1.25.0"
version = ">=1.19.2,<=1.23.5"
python = ">=3.8,<3.11"

[[tool.poetry.dependencies.numpy]]
version = "1.22.3"
version = "1.23.5"
markers = "sys_platform =='Windows' and platform_python_implementation != 'PyPy'"
python = "3.10"

Expand Down Expand Up @@ -248,19 +248,19 @@ timeout_func_only = true
asyncio_mode = "auto"

[tool.poetry.dependencies.tensorflow]
version = "2.12.0"
version = "2.14"
markers = "sys_platform != 'darwin' or platform_machine != 'arm64'"

[tool.poetry.dependencies.tensorflow-intel]
version = "2.12.0"
version = "2.14"
markers = "sys_platform == 'win32'"

[tool.poetry.dependencies.tensorflow-cpu-aws]
version = "2.12.0"
version = "2.14"
markers = "sys_platform == 'linux' and (platform_machine == 'arm64' or platform_machine == 'aarch64')"

[tool.poetry.dependencies.tensorflow-macos]
version = "2.12.0"
version = "2.14"
markers = "sys_platform == 'darwin' and platform_machine == 'arm64'"

[tool.poetry.dependencies.PyJWT]
Expand All @@ -277,15 +277,15 @@ markers = "sys_platform == 'darwin' and platform_machine == 'arm64'"
optional = true

[tool.poetry.dependencies.tensorflow-text]
version = "2.12.0"
version = "2.14"
markers = "sys_platform != 'win32' and platform_machine != 'arm64' and platform_machine != 'aarch64'"

[tool.poetry.dependencies."github3.py"]
version = "~3.2.0"
optional = true

[tool.poetry.dependencies.transformers]
version = ">=4.13.0, <=4.26.0"
version = "4.30.0"
optional = true

[tool.poetry.dependencies.sentencepiece]
Expand Down
4 changes: 2 additions & 2 deletions rasa/utils/tensorflow/layers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
import tensorflow as tf

# TODO: The following is not (yet) available via tf.keras
from keras.utils.control_flow_util import smart_cond
import tensorflow.keras.backend as K
from tensorflow.python.keras.utils.control_flow_util import smart_cond
import tensorflow.python.keras.backend as K

import rasa.utils.tensorflow.crf
from rasa.utils.tensorflow.constants import (
Expand Down
5 changes: 3 additions & 2 deletions rasa/utils/tensorflow/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from collections import defaultdict
from typing import List, Text, Dict, Tuple, Union, Optional, Any, TYPE_CHECKING

from keras.utils import tf_utils
from tensorflow.python.keras.utils import tf_utils
from keras import Model

from rasa.shared.constants import DIAGNOSTIC_DATA
Expand Down Expand Up @@ -288,7 +288,8 @@ def _rasa_predict(

# Once we take advantage of TF's distributed training, this is where
# scheduled functions will be forced to execute and return actual values.
outputs = tf_utils.sync_to_numpy_or_python_type(self._tf_predict_step(batch_in))
val = self._tf_predict_step(list(batch_in))
outputs = tf_utils.sync_to_numpy_or_python_type(val)
if DIAGNOSTIC_DATA in outputs:
outputs[DIAGNOSTIC_DATA] = self._empty_lists_to_none_in_dict(
outputs[DIAGNOSTIC_DATA]
Expand Down
4 changes: 2 additions & 2 deletions rasa/utils/tensorflow/transformer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
import tensorflow as tf

# TODO: The following is not (yet) available via tf.keras
from keras.utils.control_flow_util import smart_cond
from tensorflow.keras import backend as K
from tensorflow.python.keras.utils.control_flow_util import smart_cond
import tensorflow.python.keras.backend as K

import rasa.shared.utils.cli
from rasa.utils.tensorflow.layers import RandomlyConnectedDense
Expand Down
63 changes: 31 additions & 32 deletions tests/core/channels/test_slack.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -471,7 +471,7 @@ async def test_slackbot_send_attachment_only():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

Expand All @@ -480,7 +480,7 @@ async def test_slackbot_send_attachment_only():

await bot.send_attachment("ID", attachment)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -500,7 +500,7 @@ async def test_slackbot_send_attachment_only_threaded():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

Expand All @@ -509,7 +509,7 @@ async def test_slackbot_send_attachment_only_threaded():

await bot.send_attachment("ID", attachment)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -530,7 +530,7 @@ async def test_slackbot_send_attachment_with_text():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

Expand All @@ -540,7 +540,7 @@ async def test_slackbot_send_attachment_with_text():

await bot.send_attachment("ID", attachment)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -560,7 +560,7 @@ async def test_slackbot_send_attachment_with_text_threaded():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

Expand All @@ -570,7 +570,7 @@ async def test_slackbot_send_attachment_with_text_threaded():

await bot.send_attachment("ID", attachment)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -591,15 +591,15 @@ async def test_slackbot_send_image_url():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

bot = SlackBot("DummyToken", "General")
url = "http://www.rasa.net"
url = "http://rasa.net"
await bot.send_image_url("ID", url)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -609,8 +609,8 @@ async def test_slackbot_send_image_url():
assert request_params["channel"] == "General"
assert len(request_params["blocks"]) == 1
assert request_params["blocks"][0].get("type") == "image"
assert request_params["blocks"][0].get("alt_text") == "http://www.rasa.net"
assert request_params["blocks"][0].get("image_url") == "http://www.rasa.net"
assert request_params["blocks"][0].get("alt_text") == "http://rasa.net"
assert request_params["blocks"][0].get("image_url") == "http://rasa.net"


@pytest.mark.filterwarnings("ignore:unclosed.*:ResourceWarning")
Expand All @@ -620,15 +620,15 @@ async def test_slackbot_send_image_url_threaded():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

bot = SlackBot("DummyToken", "General", thread_id="DummyThread")
url = "http://www.rasa.net"
url = "http://rasa.net"
await bot.send_image_url("ID", url)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -639,8 +639,8 @@ async def test_slackbot_send_image_url_threaded():
assert request_params["thread_ts"] == "DummyThread"
assert len(request_params["blocks"]) == 1
assert request_params["blocks"][0].get("type") == "image"
assert request_params["blocks"][0].get("alt_text") == "http://www.rasa.net"
assert request_params["blocks"][0].get("image_url") == "http://www.rasa.net"
assert request_params["blocks"][0].get("alt_text") == "http://rasa.net"
assert request_params["blocks"][0].get("image_url") == "http://rasa.net"


@pytest.mark.filterwarnings("ignore:unclosed.*:ResourceWarning")
Expand All @@ -650,14 +650,14 @@ async def test_slackbot_send_text():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

bot = SlackBot("DummyToken", "General")
await bot.send_text_message("ID", "my message")

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -678,14 +678,14 @@ async def test_slackbot_send_text_threaded():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

bot = SlackBot("DummyToken", "General", thread_id="DummyThread")
await bot.send_text_message("ID", "my message")

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -707,7 +707,7 @@ async def test_slackbot_send_text_with_buttons():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

Expand All @@ -716,7 +716,7 @@ async def test_slackbot_send_text_with_buttons():

await bot.send_text_with_buttons("ID", "my message", buttons)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand Down Expand Up @@ -751,7 +751,7 @@ async def test_slackbot_send_text_with_buttons_threaded():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

Expand All @@ -760,7 +760,7 @@ async def test_slackbot_send_text_with_buttons_threaded():

await bot.send_text_with_buttons("ID", "my message", buttons)

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand Down Expand Up @@ -796,14 +796,14 @@ async def test_slackbot_send_custom_json():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

bot = SlackBot("DummyToken", "General")
await bot.send_custom_json("ID", {"test_key": "test_value"})

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand All @@ -823,14 +823,13 @@ async def test_slackbot_send_custom_json_threaded():

with aioresponses() as mocked:
mocked.post(
"https://www.slack.com/api/chat.postMessage",
"https://slack.com/api/chat.postMessage",
payload={"ok": True, "purpose": "Testing bots"},
)

bot = SlackBot("DummyToken", "General", thread_id="DummyThread")
await bot.send_custom_json("ID", {"test_key": "test_value"})

r = latest_request(mocked, "POST", "https://www.slack.com/api/chat.postMessage")
r = latest_request(mocked, "POST", "https://slack.com/api/chat.postMessage")

assert r

Expand Down Expand Up @@ -984,4 +983,4 @@ async def test_slack_process_message_timeout():
duration = end - start

assert duration < 3
assert response.status == HTTPStatus.OK
assert response.status == HTTPStatus.OK