Skip to content
This repository has been archived by the owner on Nov 9, 2023. It is now read-only.

[Snyk] Security upgrade werkzeug from 0.16.1 to 3.0.1 #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: requirements.txt to reduce vulnerabilities

08c6f16
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade werkzeug from 0.16.1 to 3.0.1 #43

fix: requirements.txt to reduce vulnerabilities
08c6f16
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Oct 26, 2023 in 1m 34s

Security Report

You have successfully remediated 3 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-37920

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ certifi-2019.6.16-py2.py3-none-any.whl (Vulnerable Library)

Critical 9.8 certifi-2019.6.16-py2.py3-none-any.whl Upgrade to version: certifi - 2023.7.22 None
CVE-2023-46136

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

High 8.0 Werkzeug-2.2.3-py3-none-any.whl Upgrade to version: Werkzeug - 3.0.1 None
CVE-2023-32681

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> ❌ requests-2.22.0-py2.py3-none-any.whl (Vulnerable Library)

Medium 6.1 requests-2.22.0-py2.py3-none-any.whl Upgrade to version: requests -2.31.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-23934 Werkzeug-0.16.1-py2.py3-none-any.whl
CVE-2023-46136 Werkzeug-0.16.1-py2.py3-none-any.whl
CVE-2023-25577 Werkzeug-0.16.1-py2.py3-none-any.whl

Base branch total remaining vulnerabilities: 8
Base branch commit: 33a25a1bc6c649e1bd6a60260a2f45cff2149f27


Total libraries scanned: 21

Scan token: 174132e8abe94a0aa90bd4a7a2b59016