You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.
Trivy finds many vulnerable dependencies in this project. There are several dependabot pull requests that can be merged to resolve these trivy findings. Can you please merge the pull requests to upgrade the dependencies?
Here are the trivy findings:
┌───────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├───────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ Jinja2 (METADATA) │ CVE-2024-34064 │ MEDIUM │ fixed │ 3.1.3 │ 3.1.4 │ jinja2: accepts keys containing non-attribute characters │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-34064 │
├───────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ Werkzeug (METADATA) │ CVE-2024-34069 │ HIGH │ │ 3.0.1 │ 3.0.3 │ python-werkzeug: user may execute code on a developer's │
│ │ │ │ │ │ │ machine │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-34069 │
├───────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ black (METADATA) │ CVE-2024-21503 │ MEDIUM │ │ 23.12.1 │ 24.3.0 │ psf/black: ReDoS via the lines_with_leading_tabs_expanded() │
│ │ │ │ │ │ │ function in strings.py file │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-21503 │
├───────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ idna (METADATA) │ CVE-2024-3651 │ MEDIUM │ │ 3.6 │ 3.7 │ python-idna: potential DoS via resource consumption via │
│ │ │ │ │ │ │ specially crafted inputs to idna.encode()... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-3651 │
├───────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ requests (METADATA) │ CVE-2024-35195 │ │ │ 2.31.0 │ 2.32.0 │ requests: subsequent requests to the same host ignore cert │
│ │ │ │ │ │ │ verification │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35195 │
├───────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ urllib3 (METADATA) │ CVE-2024-37891 │ MEDIUM │ │ 2.1.0 │ 1.26.19, 2.2.2 │ urllib3: proxy-authorization request header is not stripped │
│ │ │ │ │ │ │ during cross-origin redirects │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-37891 │
└───────────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴─────────────────────────────────────────────────────────────┘
Here are the pull requests that need to be merged:
Trivy finds many vulnerable dependencies in this project. There are several dependabot pull requests that can be merged to resolve these trivy findings. Can you please merge the pull requests to upgrade the dependencies?
Here are the trivy findings:
Here are the pull requests that need to be merged:
The text was updated successfully, but these errors were encountered: