René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Is is possible to release new pypi package with upgraded torch and numpy version to fix vulnerability?","articleBody":"Hi adobe team,\r\n\r\nThe latest version of [stringlifier in pypi](https://pypi.org/project/stringlifier/#history) is `v0.1.1.4`, which is still using `torch==1.6.0` and `numpy==1.19.2`. The last commit unleashed the version of torch while it’s not packaged to pypi.\r\n\r\nWe have no problem using the library, while there’s a vulnerability in `torch==1.6.0` (CVE-2022-45907). To fix that, we need to upgrade `torch` to `1.13.1` with corresponding `numpy` version.\r\n\r\nI have tried to clone repo, change `requirements.txt` with `torch==1.13.1` and `numpy==1.22.0`, then build by ourselves to fix the vulnerability, while I would like to ask 2 questions\r\n\r\n1. Is it possible to release a new version to pypi with upgraded `torch` and `numpy`. Then we do not need to build by ourselves.\r\n2. Is there any issues for upgrading both libraries?\r\n\r\nThanks!\r\n\r\nBR,\r\nShandi","author":{"url":"https://github.com/shlin168","@type":"Person","name":"shlin168"},"datePublished":"2023-06-19T03:27:09.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/17/stringlifier/issues/17"}