From 8c457583b0079a644525d3e005f11168f35d6c99 Mon Sep 17 00:00:00 2001 From: Lingyi Zhang Date: Fri, 8 Dec 2023 13:51:59 -0500 Subject: [PATCH 1/6] resolve snyk warnings and expand model options --- vizro-ai/docs/pages/user_guides/model_config.md | 11 ++++++----- vizro-ai/pyproject.toml | 5 +++-- vizro-ai/snyk/requirements.txt | 3 ++- vizro-ai/src/vizro_ai/chains/_llm_models.py | 10 ++++++++++ 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/vizro-ai/docs/pages/user_guides/model_config.md b/vizro-ai/docs/pages/user_guides/model_config.md index c0de03fd3..c33b2fda1 100644 --- a/vizro-ai/docs/pages/user_guides/model_config.md +++ b/vizro-ai/docs/pages/user_guides/model_config.md @@ -35,14 +35,15 @@ Vizro-AI currently supports the following LLMs: ### OpenAI models -- gpt-3.5-turbo-0613 +- gpt-3.5-turbo-0613 (to be deprecated on June 13, 2024) - gpt-4-0613 +- gpt-3.5-turbo-1106 (under testing) +- gpt-4-1106-preview (under testing, not suitable for production use) These models provide different levels of performance and -cost. In general, `gpt-3.5-turbo-0613` is the most cost-effective model, which would be a good -starting point for most users. `gpt-4-0613` is more powerful than the other, like -it allows for more tokens per request. -You can refer to these models' [capabilities](https://platform.openai.com/docs/models/overview) +cost. In general, `gpt-3.5-turbo` collection provides the most cost-effective models, +which would be a good starting point for most users. `gpt-4` is more powerful than the other, like +it allows for more tokens per request. You can refer to these models' [capabilities](https://platform.openai.com/docs/models/overview) and [pricing](https://openai.com/pricing) for more information. We are working on supporting more models and more vendors. Please stay tuned! diff --git a/vizro-ai/pyproject.toml b/vizro-ai/pyproject.toml index fc1160234..13a31bcd8 100644 --- a/vizro-ai/pyproject.toml +++ b/vizro-ai/pyproject.toml @@ -16,11 +16,12 @@ dependencies = [ "pandas", "tabulate", "openai>=0.27.8,<1.0.0", # TODO add support for openai>=1.0.0 - "langchain==0.0.325", + "langchain==0.0.329", "python-dotenv>=1.0.0", # TODO decide env var management to see if we need this "vizro>=0.1.4", # TODO set upper bound later "ipython>=8.10.0", # not directly required, pinned by Snyk to avoid a vulnerability: https://app.snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - "urllib3>=2.0.7" # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 + "urllib3>=2.0.7", # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 + "aiohttp>=3.9.0" # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621 ] description = "Vizro-AI is a tool for generating data visualizations" dynamic = ["version"] diff --git a/vizro-ai/snyk/requirements.txt b/vizro-ai/snyk/requirements.txt index 3bf593347..df79ad3c0 100644 --- a/vizro-ai/snyk/requirements.txt +++ b/vizro-ai/snyk/requirements.txt @@ -1,8 +1,9 @@ pandas tabulate openai>=0.27.8,<1.0.0 -langchain==0.0.325 +langchain==0.0.329 python-dotenv>=1.0.0 vizro>=0.1.4 ipython>=8.10.0 urllib3>=2.0.7 +aiohttp>=3.9.0 diff --git a/vizro-ai/src/vizro_ai/chains/_llm_models.py b/vizro-ai/src/vizro_ai/chains/_llm_models.py index dc51ae98d..62911115d 100644 --- a/vizro-ai/src/vizro_ai/chains/_llm_models.py +++ b/vizro-ai/src/vizro_ai/chains/_llm_models.py @@ -22,6 +22,16 @@ "max_tokens": 8192, "wrapper": ChatOpenAI, }, + { + "name": "gpt-3.5-turbo-1106", + "max_tokens": 16385, + "wrapper": ChatOpenAI, + }, + { + "name": "gpt-4-1106-preview", + "max_tokens": 128000, + "wrapper": ChatOpenAI, + } ] From 53e4f0f5f41b86ab1a45176f75b8a8ec3728a78a Mon Sep 17 00:00:00 2001 From: Lingyi Zhang Date: Fri, 8 Dec 2023 14:03:23 -0500 Subject: [PATCH 2/6] update changelog and lint --- ...08_135526_lingyi_zhang_snyk_issues_1208.md | 49 +++++++++++++++++++ .../docs/pages/user_guides/model_config.md | 2 +- vizro-ai/src/vizro_ai/chains/_llm_models.py | 2 +- 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md diff --git a/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md b/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md new file mode 100644 index 000000000..cf417d437 --- /dev/null +++ b/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md @@ -0,0 +1,49 @@ + + + + + + + + + +### Security + +- Bump dependency versions suggested by snyk, i.e., langchain==0.0.329 and aiohttp>=3. + 9.0 ([#204](https://github.com/mckinsey/vizro/pull/204)) + + diff --git a/vizro-ai/docs/pages/user_guides/model_config.md b/vizro-ai/docs/pages/user_guides/model_config.md index c33b2fda1..ed2792c66 100644 --- a/vizro-ai/docs/pages/user_guides/model_config.md +++ b/vizro-ai/docs/pages/user_guides/model_config.md @@ -41,7 +41,7 @@ Vizro-AI currently supports the following LLMs: - gpt-4-1106-preview (under testing, not suitable for production use) These models provide different levels of performance and -cost. In general, `gpt-3.5-turbo` collection provides the most cost-effective models, +cost. In general, `gpt-3.5-turbo` collection provides the most cost-effective models, which would be a good starting point for most users. `gpt-4` is more powerful than the other, like it allows for more tokens per request. You can refer to these models' [capabilities](https://platform.openai.com/docs/models/overview) and [pricing](https://openai.com/pricing) for more information. diff --git a/vizro-ai/src/vizro_ai/chains/_llm_models.py b/vizro-ai/src/vizro_ai/chains/_llm_models.py index 62911115d..6c319be66 100644 --- a/vizro-ai/src/vizro_ai/chains/_llm_models.py +++ b/vizro-ai/src/vizro_ai/chains/_llm_models.py @@ -31,7 +31,7 @@ "name": "gpt-4-1106-preview", "max_tokens": 128000, "wrapper": ChatOpenAI, - } + }, ] From 5e1019f5deb158cac541543eb649837e13a7afed Mon Sep 17 00:00:00 2001 From: Lingyi Zhang Date: Fri, 8 Dec 2023 14:28:37 -0500 Subject: [PATCH 3/6] remove aiohttp --- .../20231208_135526_lingyi_zhang_snyk_issues_1208.md | 5 +---- vizro-ai/pyproject.toml | 3 +-- vizro-ai/snyk/requirements.txt | 1 - 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md b/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md index cf417d437..0ba03fcc9 100644 --- a/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md +++ b/vizro-ai/changelog.d/20231208_135526_lingyi_zhang_snyk_issues_1208.md @@ -43,7 +43,4 @@ Uncomment the section that is right (remove the HTML comment wrapper). ### Security -- Bump dependency versions suggested by snyk, i.e., langchain==0.0.329 and aiohttp>=3. - 9.0 ([#204](https://github.com/mckinsey/vizro/pull/204)) - - +- Bump langchain version to 0.0.329, suggested by snyk ([#204](https://github.com/mckinsey/vizro/pull/204)) diff --git a/vizro-ai/pyproject.toml b/vizro-ai/pyproject.toml index 13a31bcd8..0dfbf52c9 100644 --- a/vizro-ai/pyproject.toml +++ b/vizro-ai/pyproject.toml @@ -20,8 +20,7 @@ dependencies = [ "python-dotenv>=1.0.0", # TODO decide env var management to see if we need this "vizro>=0.1.4", # TODO set upper bound later "ipython>=8.10.0", # not directly required, pinned by Snyk to avoid a vulnerability: https://app.snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382 - "urllib3>=2.0.7", # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 - "aiohttp>=3.9.0" # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621 + "urllib3>=2.0.7" # not directly required, pinned by Snyk to avoid a vulnerability: https://security.snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 ] description = "Vizro-AI is a tool for generating data visualizations" dynamic = ["version"] diff --git a/vizro-ai/snyk/requirements.txt b/vizro-ai/snyk/requirements.txt index df79ad3c0..b8196cca0 100644 --- a/vizro-ai/snyk/requirements.txt +++ b/vizro-ai/snyk/requirements.txt @@ -6,4 +6,3 @@ python-dotenv>=1.0.0 vizro>=0.1.4 ipython>=8.10.0 urllib3>=2.0.7 -aiohttp>=3.9.0 From b84373bc9d0e68dba7ccbf30e01e879c1ffd9933 Mon Sep 17 00:00:00 2001 From: Lingyi Zhang Date: Tue, 12 Dec 2023 13:26:06 -0500 Subject: [PATCH 4/6] Update vizro-ai/docs/pages/user_guides/model_config.md Co-authored-by: Maximilian Schulz <83698606+maxschulz-COL@users.noreply.github.com> Signed-off-by: Lingyi Zhang --- vizro-ai/docs/pages/user_guides/model_config.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/vizro-ai/docs/pages/user_guides/model_config.md b/vizro-ai/docs/pages/user_guides/model_config.md index ed2792c66..1414c52d0 100644 --- a/vizro-ai/docs/pages/user_guides/model_config.md +++ b/vizro-ai/docs/pages/user_guides/model_config.md @@ -41,9 +41,8 @@ Vizro-AI currently supports the following LLMs: - gpt-4-1106-preview (under testing, not suitable for production use) These models provide different levels of performance and -cost. In general, `gpt-3.5-turbo` collection provides the most cost-effective models, -which would be a good starting point for most users. `gpt-4` is more powerful than the other, like -it allows for more tokens per request. You can refer to these models' [capabilities](https://platform.openai.com/docs/models/overview) +cost. In general, the `gpt-3.5-turbo` collection provides the most cost-effective models, +which would be a good starting point for most users. `gpt-4` models are more powerful than `gpt-3` models, e.g. they allow for more tokens per request. You can refer to these models' [capabilities](https://platform.openai.com/docs/models/overview) and [pricing](https://openai.com/pricing) for more information. We are working on supporting more models and more vendors. Please stay tuned! From 004cffc2d70cd7b8f2730755edaa54744a793acf Mon Sep 17 00:00:00 2001 From: Lingyi Zhang Date: Tue, 12 Dec 2023 13:57:58 -0500 Subject: [PATCH 5/6] update unit test --- .../unit/vizro/integrations/kedro/fixtures/test_catalog.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vizro-core/tests/unit/vizro/integrations/kedro/fixtures/test_catalog.yaml b/vizro-core/tests/unit/vizro/integrations/kedro/fixtures/test_catalog.yaml index 76426f741..8ae6ef952 100644 --- a/vizro-core/tests/unit/vizro/integrations/kedro/fixtures/test_catalog.yaml +++ b/vizro-core/tests/unit/vizro/integrations/kedro/fixtures/test_catalog.yaml @@ -1,7 +1,7 @@ companies: - type: pandas.JSONDataSet + type: pandas.JSONDataset filepath: companies.json reviews: - type: pickle.PickleDataSet + type: pickle.PickleDataset filepath: reviews.pkl From 1a7e973786cb1e2ecfc4d4c2e00eddbedadc9cb3 Mon Sep 17 00:00:00 2001 From: Lingyi Zhang Date: Tue, 12 Dec 2023 14:02:35 -0500 Subject: [PATCH 6/6] changelog added --- ...12_140156_lingyi_zhang_snyk_issues_1208.md | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 vizro-core/changelog.d/20231212_140156_lingyi_zhang_snyk_issues_1208.md diff --git a/vizro-core/changelog.d/20231212_140156_lingyi_zhang_snyk_issues_1208.md b/vizro-core/changelog.d/20231212_140156_lingyi_zhang_snyk_issues_1208.md new file mode 100644 index 000000000..f1f65e73c --- /dev/null +++ b/vizro-core/changelog.d/20231212_140156_lingyi_zhang_snyk_issues_1208.md @@ -0,0 +1,48 @@ + + + + + + + + +