fix(deps): Update dependency deepspeed to v0.15.1 [SECURITY]#46
fix(deps): Update dependency deepspeed to v0.15.1 [SECURITY]#46williaby wants to merge 1 commit into
Conversation
|
|
Warning Review limit reached
More reviews will be available in 57 minutes and 6 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
|
There was a problem hiding this comment.
Pull request overview
Updates the deepspeed training dependency from 0.14.5 to 0.15.1 to address CVE-2024-43497 (Remote Code Execution).
Changes:
- Bump
deepspeedfrom==0.14.5to==0.15.1in thetrainoptional-dependencies group.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|



Summary
Why
Scheduled patch update, bug fixes and security patches with no API changes.
Changes
This PR contains the following updates:
==0.14.5→==0.15.1Impact
Acceptance Criteria
Testing
Notes
DeepSpeed Remote Code Execution Vulnerability
CVE-2024-43497 / GHSA-8cp5-3rf8-8gfh
More information
Details
DeepSpeed Remote Code Execution Vulnerability
Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
DeepSpeed Remote Code Execution Vulnerability
CVE-2024-43497 / GHSA-8cp5-3rf8-8gfh / PYSEC-2024-109
More information
Details
DeepSpeed Remote Code Execution Vulnerability
Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
CVE-2024-43497 / GHSA-8cp5-3rf8-8gfh / PYSEC-2024-109
More information
Details
DeepSpeed Remote Code Execution Vulnerability
Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
Release Notes
deepspeedai/DeepSpeed (deepspeed)
v0.15.1: Patch releaseCompare Source
What's Changed
CUDA_HOMEis not defined on ROCm systems by @amorehead in microsoft#6488New Contributors
Full Changelog: deepspeedai/DeepSpeed@v0.15.0...v0.15.1
v0.15.0: DeepSpeed v0.15.0Compare Source
What's Changed
New Contributors
Full Changelog: deepspeedai/DeepSpeed@v0.14.5...v0.15.0
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled because a matching PR was automerged previously.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.