Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies #852

Merged
merged 1 commit into from
Dec 31, 2024

Update dependencies

ce858d8
Select commit
Loading
Failed to load commit list.
Merged

Update dependencies #852

Update dependencies
ce858d8
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Dec 26, 2024 in 1m 44s

Security Report

You have successfully remediated 3 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2018-20225

Path to dependency file: /requirements/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241226205931_MUHQWW/python_UEIJFS/202412262100011/env/lib/python3.8/site-packages/pip-24.3.1.dist-info

Dependency Hierarchy:

-> ❌ pip-24.3.1-py3-none-any.whl (Vulnerable Library)

High 7.8 pip-24.3.1-py3-none-any.whl #172

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2018-20225 pip-24.0-py3-none-any.whl
CVE-2024-6345 setuptools-68.0.0-py3-none-any.whl
CVE-2024-5569 zipp-3.15.0-py3-none-any.whl

Base branch total remaining vulnerabilities: 6
Base branch commit: 027b0c89166a1f231a16e316c0556b9ba224872c


Total libraries scanned: 31

Scan token: a7093200eb474af1bb7b77af03d00052

View more details on Mend Bolt for GitHub