Update requirements.txt #25
Conversation
![stacklok-cloud[bot]](https://avatars.githubusercontent.com/in/863270?s=60&v=4){kind=small}
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: requests
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Provenance_type | historical_provenance_match |
| Provenance | 0 |
| Trust-summary | 8.5 |
| From | provenance |
| User activity | 9.4 |
| Repository activity | 9.4 |
| Package activity | 9.4 |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 152 |
| Number of git tags or releases | 103 |
| Versions matched to tags or releases | 95 |
Minder Vulnerability Report
|
| Package | Version | #Vulnerabilities | #Fixes | Patch |
|---|---|---|---|---|
| requests | 2.30.0 | 3 | 3 | 2.32.3 |
Summary of vulnerabilities found
Minder found the following vulnerabilities in this PR:| Ecosystem | Name | Version | Vulnerability ID | Summary | Introduced | Fixed |
|---|---|---|---|---|---|---|
| PyPI | requests | 2.30.0 | GHSA-9wx4-h78v-vm56 | Requests `Session` object does not verify requests after making first request with verify=False | 0 | 2.32.0 |
| PyPI | requests | 2.30.0 | GHSA-j8r2-6x86-q33q | Unintended leak of Proxy-Authorization header in requests | 2.3.0 | 2.31.0 |
| PyPI | requests | 2.30.0 | PYSEC-2023-74 | 2.3.0 | 2.31.0 |
| @@ -1 +1,2 @@ | |||
| Flask | |||
| requests==2.30.0 | |||
There was a problem hiding this comment.
| requests==2.30.0 | |
| requests==2.32.3 |
Dependency InformationMinder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile. 📦 Dependency: requestsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
|
No description provided.