Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency requests to v2.32.2 [SECURITY] (master) #128

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency requests to v2.32.2 [SECURITY]

d9e0752
Select commit
Loading
Failed to load commit list.
Open

Update dependency requests to v2.32.2 [SECURITY] (master) #128

Update dependency requests to v2.32.2 [SECURITY]
d9e0752
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Sep 26, 2024 in 4m 21s

Security Report

You have successfully remediated 10 vulnerabilities, but introduced 21 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-41419

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ gevent-1.4.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.8 gevent-1.4.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: gevent - 23.9.0 None
CVE-2024-25128

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Critical 9.1 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.3.11 None
CVE-2021-41265

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

High 8.1 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.3.4 #104
CVE-2023-46136

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 8.0 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: werkzeug - 2.3.8,3.0.1 None
CVE-2024-34069

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 3.0.3 None
CVE-2023-30861

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask-1.1.4-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Flask-1.1.4-py2.py3-none-any.whl Upgrade to version: flask - 2.2.5,2.3.2 None
CVE-2023-29005

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

High 7.5 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.3.0 None
CVE-2023-25577

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 2.2.3 None
CVE-2024-1135

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ gunicorn-20.0.4-py2.py3-none-any.whl (Vulnerable Library)

High 7.4 gunicorn-20.0.4-py2.py3-none-any.whl Upgrade to version: gunicorn - 20.0.1 None
CVE-2022-29217

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ PyJWT-1.7.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.4 PyJWT-1.7.1-py2.py3-none-any.whl Upgrade to version: PyJWT - 2.4.0 None
CVE-2021-32805

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

High 7.2 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.3.2 #105
CVE-2024-6345

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ setuptools-68.0.0-py3-none-any.whl (Vulnerable Library)

High 7.0 setuptools-68.0.0-py3-none-any.whl Upgrade to version: setuptools - 70.0.0 None
CVE-2022-24776

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Medium 6.1 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.4.5 None
CVE-2024-34064

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Jinja2-2.11.3-py2.py3-none-any.whl (Vulnerable Library)

Medium 5.4 Jinja2-2.11.3-py2.py3-none-any.whl Upgrade to version: Jinja2 - 3.1.4 None
CVE-2024-22195

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Jinja2-2.11.3-py2.py3-none-any.whl (Vulnerable Library)

Medium 5.4 Jinja2-2.11.3-py2.py3-none-any.whl Upgrade to version: jinja2 - 3.1.3 None
CVE-2022-21659

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.4.4 #103
CVE-2021-29621

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.3.0 #106
CVE-2024-5569

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ zipp-3.15.0-py3-none-any.whl (Vulnerable Library)

Low 3.3 zipp-3.15.0-py3-none-any.whl Upgrade to version: zipp - 3.19.1 None
CVE-2023-34110

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Low 2.7 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.3.2 None
CVE-2022-31177

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Low 2.7 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.1.3 None
CVE-2023-23934

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

Low 2.6 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 2.2.3 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-3651 idna-2.9-py2.py3-none-any.whl
CVE-2021-33503 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2024-37891 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2023-45803 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2023-43804 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2023-37920 certifi-2019.11.28-py2.py3-none-any.whl
CVE-2023-32681 requests-2.23.0-py2.py3-none-any.whl
CVE-2022-23491 certifi-2019.11.28-py2.py3-none-any.whl
CVE-2024-35195 requests-2.23.0-py2.py3-none-any.whl
CVE-2020-26137 urllib3-1.25.8-py2.py3-none-any.whl

Base branch total remaining vulnerabilities: 19
Base branch commit: null


Total libraries scanned: 66

Scan token: 4e98cced4ebb4889b65b4d6225b2e73c

View more details on Mend Bolt for GitHub