Update requirements.txt to pin wheel and setuptools

nateraw / stable-diffusion-videos

Create 🔥 videos with Stable Diffusion by exploring the latent space and morphing between text prompts

Apache License 2.0

4.34k stars 413 forks source link

Update requirements.txt to pin wheel and setuptools #163

Closed Atomic-Germ closed 2 months ago

Atomic-Germ commented 1 year ago

wheel==0.38.4
setuptools==65.6.3

to avoid ReDoS

nateraw commented 1 year ago

Can you give me some more context on why this is necessary? Fine with adding it if I have a little more info. otherwise like to leave things looser

Atomic-Germ commented 1 year ago

This is only intended to keep the version numbers above the given versions, so we could also use >= probably. The reason for them is that both are requirements for requirements, and they use insecure versions themselves currently. This would be removable at a later date.

That said, I'm not sure security needs to be the biggest concern with this particular project!

nateraw commented 1 year ago

ah I see. lemme think about this one and get back to ya :)

Thinking its not needed but perhaps it would be nice to have this loosely pinned somewhere. Only concern I have is having them be too high of versions here, which could cause issues. Worth checking colab's versions, etc.