Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #299

Merged
merged 2 commits into from
Jul 12, 2024
Merged

[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #299

merged 2 commits into from
Jul 12, 2024

Conversation

perdelt
Copy link
Collaborator

@perdelt perdelt commented Jul 10, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements.txt
⚠️ Warning ``` dbmsbenchmarker 0.14.0 requires scipy, which is not installed. dbmsbenchmarker 0.14.0 requires pandas, which is not installed. dbmsbenchmarker 0.14.0 has requirement requests>=2.32.0, but you have requests 2.31.0. dbmsbenchmarker 0.14.0 has requirement numpy>=1.22.2, but you have numpy 1.21.3. dbmsbenchmarker 0.14.0 has requirement fonttools>=4.43.0, but you have fonttools 4.38.0. dbmsbenchmarker 0.14.0 has requirement Werkzeug>=3.0.1, but you have Werkzeug 2.2.3. dbmsbenchmarker 0.14.0 has requirement urllib3>=2.2.2, but you have urllib3 2.0.7. 
</details>





---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlNDE3MWRjMS00OTA0LTQzOWMtOTJhMi1iNWZhNjI2NmNhNjMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImU0MTcxZGMxLTQ5MDQtNDM5Yy05MmEyLWI1ZmE2MjY2Y2E2MyJ9fQ==" width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/perdelt/project/344cf01f-21a2-414d-84cc-f8f3dac7c668?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project settings](https://app.snyk.io/org/perdelt/project/344cf01f-21a2-414d-84cc-f8f3dac7c668?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"zipp","from":"3.15.0","to":"3.19.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"}],"prId":"e4171dc1-4904-439c-92a2-b5fa6266ca63","prPublicId":"e4171dc1-4904-439c-92a2-b5fa6266ca63","packageManager":"pip","priorityScoreList":[738],"projectPublicId":"344cf01f-21a2-414d-84cc-f8f3dac7c668","projectUrl":"https://app.snyk.io/org/perdelt/project/344cf01f-21a2-414d-84cc-f8f3dac7c668?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-ZIPP-7430899"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

@snyk-bot
fix: requirements.txt to reduce vulnerabilities
37185d4 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
@perdelt perdelt changed the base branch from master to v0.7.1 July 12, 2024 05:49
@perdelt perdelt merged commit 6976b76 into v0.7.1 Jul 12, 2024
1 of 2 checks passed
@perdelt perdelt deleted the snyk-fix-319e2cf9f63fd20e730b9d6391c6cc4d branch July 12, 2024 05:51
perdelt added a commit that referenced this pull request Jul 12, 2024
@perdelt
v0.7.1 - Improve Docs (#260)
a7077f3 
* TPC-H: Show RAM cached in summary

* Bexhoma: monitor_cluster_exists

* TPC-H: More details about monitoring in summary

* DBMSBenchmarker: Current dev version v0.13.7

* TPC-H: More details about monitoring in summary

* Bexhoma: test_if_monitoring_healthy()

* Bexhoma: test_if_monitoring_healthy() with cURL

* Bexhoma: Monitoring docs

* Bexhoma: Also mount bexhoma-data in dashboard

* Bexhoma: Show content of result folder as CLI tool

* Docs: Config

* Bexhoma: Improved output and docs

* PostgreSQL: More time for shutdown

* Bexhoma: Restarting SUT waits for its removal first

* PostgreSQL: lifecycle user rights issue

* Bexhoma: Label PV with usage information

* PostgreSQL: lifecycle tests with gosu

* Bexhoma: Show volume infos in status

* Bexhoma: Ceil() loading times

* YCSB: Show connection infos in summary

* Bexhoma: Show code in results table

* YCSB: Show connection infos

* Bexhoma: show_summary_monitoring()

* Bexhoma: Test for unified monitoring summary

* Bexhoma: config.check_volumes()

* TPC-H: Too many pods test for generator

* Bexhoma: Show infos about workload in summary

* Bexhoma: Also mount bexhoma-data in dashboard

* Bexhoma: show localresults

* Bexhoma: Do not start daemonset if monitoring in cluster exists

* Bexhoma: show data dir content in tool

* Bexhoma: Loader metrics also for cluster monitoring exists

* Bexhoma: Improved output and docs

* TPC-H: MariaDB

* Example custom SQL workload

* Bexhoma: List of DBMS per experiment

* YCSB: Implement YugaByteDB again

* Bexhoma: Allow placeholder namespace in JDBC connection string and in script commands

* fix: requirements.txt to reduce vulnerabilities (#279)

* fix: requirements.txt to reduce vulnerabilities (#281)

* Bexhoma: Default summary for DBMSBenchmarker follows TPC-H

* Experiment: Prepare TPCx-AI

* fix: requirements.txt to reduce vulnerabilities (#284)

* fix: images/benchmarker_dbmsbenchmarker/requirements.txt to reduce vulnerabilities (#288)

* fix: requirements.txt to reduce vulnerabilities (#287)

* Action: Publish only on release

* Benchmarker: Catch error if volume is missing

* README: Link corrected

* fix: requirements.txt to reduce vulnerabilities (#293)

* fix: images/benchmarker_dbmsbenchmarker/requirements.txt to reduce vulnerabilities (#292)

* Docs: Typos and remove old texts

* Test: No urllib3

* Images: we only need packages required by dbmsbenchmarker for benchmarker container

* Docs: Include monitoring

* TPC-H: More helpful infos per workload in results

* Test: We need urllib3, because of security warnings

* Docs: Improved output

* Bexhoma: Bugfix cluster monitoring exists

* Bexhoma: Bugfix cluster monitoring

* Bexhoma: Bugfix missing dashboard

* MySQL: Default to mysql:8.4.0

* MariaDB: Current version

* MariaDB: Removed some MySQL settings

* Docs: Improved output

* DBMSBenchmarker: Dev channel

* DBMSBenchmarker: Dockerfiles v0.13.7 and dev

* DBMSBenchmarker: dev option in YAML

* DBMSBenchmarker: :v0.14.0

* Docs: Improved output

* MonetDB: New JDBC driver

* Benchbase: Prepare unified evaluation

* Clustermanager: Show use case per experiment

* HammerDB: Prepare unified evaluation

* YugabyteDB: Prepare demo

* YugabyteDB: Prepare demo in YCSB

* HammerDB: Prepare unified evaluation

* Benchbase: Prepare unified evaluation

* YugabyteDB: Prepare demo in YCSB

* HammerDB: Prepare unified evaluation

* fix: requirements.txt to reduce vulnerabilities (#299)

* Benchbase: Prepare unified evaluation

* Updated output of several use cases
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@perdelt @snyk-bot