Description
🐛 Describe the bug
There is an advisory due to the future package: GHSA-v3c5-jqr6-7qm8
It seems to me like the future package serves no purpose anymore. See discussion in PythonCharmers/python-future#612.
Is it possible to solve the security problem by just removing the dependency on future and doing a new serve release?
In our project executing poetry show --tree --why future we get the output:
torchserve 0.6.1 TorchServe is a tool for serving neural net models for inference
└── future *
Error logs
See above links.
Installation instructions
poetry
Model Packaing
NA
config.properties
NA
Versions
0.6.1
Repro instructions
NA
Possible Solution
Perhaps remove future line from dependencies.