-
Notifications
You must be signed in to change notification settings - Fork 3.1k
decompressing joblib file before checking it #13732
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
c7d465e
to
5c58bff
Compare
Signed-off-by: Ssofja <sofiakostandian@gmail.com>
Signed-off-by: Ssofja <Ssofja@users.noreply.github.com> Signed-off-by: Ssofja <sofiakostandian@gmail.com>
5c58bff
to
f38724c
Compare
[🤖]: Hi @Ssofja 👋, We wanted to let you know that a CICD pipeline for this PR just finished successfully. So it might be time to merge this PR or get some approvals. |
* decompressing joblib file before checking it Signed-off-by: Ssofja <sofiakostandian@gmail.com> * Apply isort and black reformatting Signed-off-by: Ssofja <Ssofja@users.noreply.github.com> Signed-off-by: Ssofja <sofiakostandian@gmail.com> --------- Signed-off-by: Ssofja <sofiakostandian@gmail.com> Signed-off-by: Ssofja <Ssofja@users.noreply.github.com> Co-authored-by: Ssofja <Ssofja@users.noreply.github.com> Signed-off-by: jianbinc <shjwudp@gmail.com>
@Ssofja @nithinraok Unfortunately, I'm going to have to revert this change because for some reason, tests did not run on it and it's causing other tests to fail: https://github.com/NVIDIA/NeMo/actions/runs/15352659248/job/43236831756?pr=13785 |
This reverts commit 33ea12a.
This reverts commit 33ea12a. Signed-off-by: Charlie Truong <chtruong@nvidia.com>
This reverts commit 33ea12a. Signed-off-by: Charlie Truong <chtruong@nvidia.com>
* decompressing joblib file before checking it Signed-off-by: Ssofja <sofiakostandian@gmail.com> * Apply isort and black reformatting Signed-off-by: Ssofja <Ssofja@users.noreply.github.com> Signed-off-by: Ssofja <sofiakostandian@gmail.com> --------- Signed-off-by: Ssofja <sofiakostandian@gmail.com> Signed-off-by: Ssofja <Ssofja@users.noreply.github.com> Co-authored-by: Ssofja <Ssofja@users.noreply.github.com>
…)" (NVIDIA-NeMo#13791) This reverts commit 33ea12a. Signed-off-by: Charlie Truong <chtruong@nvidia.com>
Important
The
Update branch
button must only be pressed in very rare occassions.An outdated branch is never blocking the merge of a PR.
Please reach out to the automation team before pressing that button.
What does this PR do ?
This PR is fixing a security issue when loading archived joblib files
Collection: [Note which collection this PR will affect]
Changelog
_validate_fileobject_and_memmap
(or_read_fileobject
in old version) function to decompress joblib file before checking itPR Type: