search

RasaHQ / rasa

💬 Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants
https://rasa.com/docs/rasa/
Apache License 2.0
18.91k stars 4.63k forks source link

Update TensorFlow to 2.6.3 or 2.8.0 #10961

Closed venkateshpai92 closed 2 years ago

venkateshpai92 commented 2 years ago

Rasa Open Source version

3.08

Rasa SDK version

3.0.4

Rasa X version

No response

Python version

3.8

What operating system are you using?

Linux

What happened?

Rasa version - 3.0.8 has Tensorflow dependency >=2.6,<2.6.2. Tensorflow version 2.6.1 has the following Security Vulnerabilities:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

Severity | Vulnerability Id | Published On -- | -- | -- High | WS-2022-0073 | 10.02.22 High | CVE-2022-21740 | 03.02.22 High | CVE-2022-21726 | 03.02.22 High | CVE-2022-21727 | 03.02.22 High | CVE-2022-23573 | 05.02.22 High | CVE-2022-23566 | 05.02.22 High | CVE-2022-23559 | 05.02.22 High | CVE-2022-23574 | 05.02.22 High | CVE-2022-23561 | 05.02.22 High | CVE-2022-23558 | 05.02.22 High | CVE-2022-23562 | 05.02.22 High | CVE-2022-23587 | 05.02.22 High | CVE-2022-21730 | 03.02.22 High | CVE-2022-21728 | 03.02.22 High | CVE-2022-23584 | 05.02.22 High | CVE-2022-23591 | 05.02.22 High | CVE-2021-41205 | 05.11.21 High | WS-2022-0072 | 10.02.22 Medium | CVE-2022-23586 | 05.02.22 Medium | CVE-2022-21738 | 03.02.22 Medium | CVE-2022-23557 | 05.02.22 Medium | CVE-2022-23576 | 05.02.22 Medium | CVE-2022-23572 | 05.02.22 Medium | CVE-2022-23564 | 05.02.22 Medium | CVE-2022-21729 | 03.02.22 Medium | CVE-2022-23575 | 05.02.22 Medium | CVE-2022-21725 | 03.02.22 Medium | CVE-2022-23595 | 05.02.22 Medium | CVE-2022-23589 | 05.02.22 Medium | CVE-2022-23577 | 05.02.22 Medium | CVE-2022-23571 | 05.02.22 Medium | CVE-2022-23582 | 05.02.22 Medium | CVE-2022-23565 | 05.02.22 Medium | CVE-2022-21734 | 03.02.22 Medium | CVE-2022-23567 | 03.02.22 Medium | CVE-2022-21732 | 03.02.22 Medium | CVE-2022-23588 | 05.02.22 Medium | CVE-2022-21736 | 03.02.22 Medium | CVE-2022-23569 | 03.02.22 Medium | CVE-2022-23570 | 05.02.22 Medium | CVE-2022-21735 | 03.02.22 Medium | CVE-2022-21739 | 03.02.22 Medium | CVE-2022-23583 | 05.02.22 Medium | CVE-2022-21737 | 03.02.22 Medium | CVE-2022-21731 | 03.02.22 Medium | CVE-2022-23568 | 03.02.22 Medium | CVE-2022-23579 | 05.02.22 Medium | CVE-2022-21741 | 03.02.22 Medium | CVE-2022-21733 | 03.02.22 Medium | CVE-2022-23581 | 05.02.22 Medium | CVE-2022-23563 | 05.02.22 Medium | CVE-2021-41196 | 05.11.21 Medium | CVE-2021-41197 | 05.11.21 Medium | WS-2022-0071 | 10.02.22 Medium | CVE-2022-23578 | 05.02.22 Medium | CVE-2022-23585 | 05.02.22

Could TensorFlow be updated to 2.6.3 or the latest 2.8.0?

sara-tagger commented 2 years ago

Thanks for raising this issue, @JustinaPetr will get back to you about it soon✨

Please also check out the docs and the forum in case your issue was raised there too 🤗
m-vdb commented 2 years ago

Tensorflow is now updated to 2.7.1 in main. The next release of Rasa Open Source will solve this issue. Closing :)

venkateshpai92 commented 2 years ago

Hi @m-vdb

When you install rasa(3.0.9) it still has the TensorFlow dependency version 2.6.1. Is it pointing to the repository branch main or 3.0.x? In the branch 3.0.x it still has the TensorFlow dependency version >=2.6,<2.6.2.

Could you please help check and upgrade?

m-vdb commented 2 years ago

yes of course, this is expected. The new release (3.1) will contain the latest version. It's scheduled for this week, stay tuned :)