Skip to content

[Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0 #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xphillyx wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0 #202

xphillyx wants to merge 1 commit into from

Conversation

@xphillyx
Copy link
Owner

@xphillyx xphillyx commented Jul 15, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • bot/requirements.txt
⚠️ Warning ``` google-api-core 2.19.1 has requirement google-auth<3.0.dev0,>=2.14.1, but you have google-auth 1.35.0. 
</details>





---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJhOWVmYTMxYS1kOGExLTRmMGUtOGIxMi03OTgzZjk0NTdhYzAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImE5ZWZhMzFhLWQ4YTEtNGYwZS04YjEyLTc5ODNmOTQ1N2FjMCJ9fQ==" width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/xphillyx/project/a7929320-9b6b-4eee-b208-2275a6f15502?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project settings](https://app.snyk.io/org/xphillyx/project/a7929320-9b6b-4eee-b208-2275a6f15502?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Improper Control of Generation of Code (&#x27;Code Injection&#x27;)](https://learn.snyk.io/lesson/malicious-code-injection/?loc&#x3D;fix-pr)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"setuptools","from":"40.5.0","to":"70.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"}],"prId":"a9efa31a-d8a1-4f0e-8b12-7983f9457ac0","prPublicId":"a9efa31a-d8a1-4f0e-8b12-7983f9457ac0","packageManager":"pip","priorityScoreList":[768],"projectPublicId":"a7929320-9b6b-4eee-b208-2275a6f15502","projectUrl":"https://app.snyk.io/org/xphillyx/project/a7929320-9b6b-4eee-b208-2275a6f15502?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-7448482"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

@socket-security
Copy link

socket-security bot commented Jul 15, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] None 0 16.7 kB evilebottnawi
npm/[email protected] None 0 15.7 kB evilebottnawi
npm/[email protected] None 0 8.73 kB evilebottnawi
npm/[email protected] None 0 6.46 kB evilebottnawi
npm/[email protected] None 0 9.75 kB evilebottnawi
npm/[email protected] None 0 12.2 kB evilebottnawi
npm/[email protected] None 0 25.6 kB evilebottnawi
npm/[email protected] None 0 15 kB evilebottnawi
npm/[email protected] None 0 9.66 kB evilebottnawi
npm/[email protected] None 0 4.37 kB evilebottnawi
npm/[email protected] None 0 5.62 kB evilebottnawi
npm/[email protected] None 0 6.74 kB evilebottnawi
npm/[email protected] None 0 6.5 kB evilebottnawi
npm/[email protected] None 0 9.98 kB evilebottnawi
npm/[email protected] None 0 5.39 kB evilebottnawi
npm/[email protected] None 0 5.43 kB ai
npm/[email protected] None 0 8.95 kB ai
npm/[email protected] None 0 5.66 kB evilebottnawi
npm/[email protected] None 0 17.9 kB evilebottnawi
npm/[email protected] None 0 14.6 kB evilebottnawi
npm/[email protected] None 0 7.73 kB evilebottnawi
npm/[email protected] None 0 315 kB evilebottnawi
npm/[email protected] None 0 9.59 kB evilebottnawi
npm/[email protected] None 0 3.76 kB ai
npm/[email protected] None 0 26.3 kB evilebottnawi
npm/[email protected] None 0 36.7 kB gkz
npm/[email protected] None 0 9.58 kB bpscott
npm/[email protected] environment, eval, filesystem, unsafe 0 9.57 MB lydell
npm/[email protected] None 0 57.8 kB ariaminaei
npm/[email protected] None 0 1.67 MB jamesdigioia
npm/[email protected] None 0 3.17 kB cwmma
npm/[email protected] None 0 15.5 kB turbopope
npm/[email protected] None 0 3.04 kB iarna
npm/[email protected] environment 0 97.7 kB ljharb
npm/[email protected] None 0 15.6 kB dougwilson
npm/[email protected] None 0 10.1 kB rvagg
npm/[email protected] None 0 433 kB lupomontero
npm/[email protected] filesystem 0 7.78 kB mafintosh
npm/[email protected] None 0 32.4 kB mathias
npm/[email protected] None 0 123 kB kriskowal
npm/[email protected] None 0 114 kB ljharb
npm/[email protected] None 0 33.3 kB gozala
npm/[email protected] None 0 6.96 kB lpinca
npm/[email protected] None 0 6.36 kB cwmma
npm/[email protected] None 0 8.46 kB dougwilson
npm/[email protected] network 0 22.7 kB dougwilson
npm/[email protected] environment 0 24 kB acdlite
npm/[email protected] None 0 4.31 kB sindresorhus
npm/[email protected] None 0 4.37 kB sindresorhus
npm/[email protected] environment 0 87.7 kB matteo.collina
npm/[email protected] None 0 7.91 kB phated
npm/[email protected] None +1 6.03 kB sindresorhus
npm/[email protected] None 0 391 kB mathias
npm/[email protected] None 0 49.2 kB mathias
npm/[email protected] None 0 26.7 kB benjamn
npm/[email protected] None 0 128 kB benjamn
npm/[email protected] None 0 8.46 kB jonschlinkert
npm/[email protected] None 0 15.8 kB ljharb
npm/[email protected] None 0 301 kB mysticatea
npm/[email protected] None 0 32.2 kB jridgewell
npm/[email protected] None 0 14.3 kB d10
npm/[email protected] None 0 51.4 kB jviereck
npm/[email protected] None 0 31.4 kB stevenvachon
npm/[email protected] None 0 4.25 kB darsain
npm/[email protected] None 0 89.5 kB ariaminaei
npm/[email protected] None 0 5.32 kB jonschlinkert
npm/[email protected] None 0 9.09 kB jonschlinkert
npm/[email protected] None 0 3.41 kB sindresorhus
npm/[email protected] environment, filesystem, network 0 209 kB mikeal
npm/[email protected] filesystem 0 12.1 kB troygoode
npm/[email protected] unsafe 0 3.42 kB floatdrop
npm/[email protected] None 0 3.93 kB bcoe
npm/[email protected] None 0 8.56 kB 3rdeden
npm/[email protected] Transitive: filesystem, unsafe +1 10.8 kB sindresorhus
npm/[email protected] unsafe 0 4.39 kB sindresorhus
npm/[email protected] None 0 8.77 kB lydell
npm/[email protected] filesystem 0 113 kB ljharb
npm/[email protected] None 0 17.9 kB fent
npm/[email protected] None 0 32.2 kB tim-kos
npm/[email protected] None 0 4.58 kB johno
npm/[email protected] None 0 4.77 kB johno
npm/[email protected] filesystem 0 17.3 kB isaacs
npm/[email protected] None 0 31.7 kB feross
npm/[email protected] None 0 5.87 kB substack
npm/[email protected] None 0 42.3 kB chalker
npm/[email protected] filesystem 0 15.3 kB xzyfer
npm/[email protected] environment 0 70.6 kB evilebottnawi
npm/[email protected] None 0 54.6 kB isaacs
npm/[email protected] None 0 77.4 kB evilebottnawi
npm/[email protected] filesystem 0 36.9 kB xzyfer
npm/[email protected] None 0 15.4 kB indutny
npm/[email protected] None 0 12.6 kB zenorocha
npm/[email protected] None 0 22.7 kB jfromaniello
npm/[email protected] None 0 61.6 kB isaacs
npm/[email protected] filesystem, network 0 48.2 kB dougwilson
npm/[email protected] None 0 16.6 kB okuryu
npm/[email protected] filesystem, network 0 93.4 kB dougwilson
npm/[email protected] None 0 24.9 kB dougwilson
npm/[email protected] None 0 4.22 kB bcoe
npm/[email protected] None 0 10.3 kB doowb
npm/[email protected] None 0 3.91 kB wesleytodd
npm/[email protected] None 0 9.45 kB jonschlinkert
npm/[email protected] None 0 2.56 kB kevva
npm/[email protected] None 0 2.83 kB sindresorhus
npm/[email protected] None 0 12.2 kB ljharb
npm/[email protected] None 0 9.87 kB bcoe
npm/[email protected] None +1 58.3 kB qix
npm/[email protected] None +1 23.4 kB sindresorhus
npm/[email protected] None 0 25.8 kB jonschlinkert
npm/[email protected] None 0 50.6 kB jonschlinkert
npm/[email protected] filesystem 0 35.2 kB jonschlinkert
npm/[email protected] environment, network 0 839 kB brycekahle
npm/[email protected] filesystem, network 0 82.6 kB brycekahle
npm/[email protected] None 0 26.4 kB sokra
npm/[email protected] None 0 34.3 kB lydell
npm/[email protected] filesystem 0 84.5 kB linusu
npm/[email protected] None 0 19.4 kB lydell
npm/[email protected] None 0 766 kB tromey
npm/[email protected] None 0 22.4 kB kemitchell
npm/[email protected] None 0 2.66 kB kemitchell
npm/[email protected] None 0 11.8 kB kemitchell
npm/[email protected] None 0 9.03 kB kemitchell
npm/[email protected] Transitive: environment +1 259 kB daviddias
npm/[email protected] network 0 57.7 kB indutny
npm/[email protected] None 0 13.8 kB jonschlinkert
npm/[email protected] None 0 34.8 kB alexei
npm/[email protected] None 0 225 kB arekinath
npm/[email protected] None 0 46.7 kB isaacs
npm/[email protected] None 0 8.41 kB stephank
npm/[email protected] filesystem +1 40.9 kB feross
npm/[email protected] None 0 156 kB feross
npm/[email protected] None 0 4.69 kB jonschlinkert
npm/[email protected] None 0 11 kB dougwilson
npm/[email protected] filesystem 0 4.47 kB mafintosh
npm/[email protected] None 0 15.3 kB matteo.collina
npm/[email protected] None 0 4.02 kB sindresorhus
npm/[email protected] None 0 105 kB ljharb
npm/[email protected] None 0 14.5 kB ljharb
npm/[email protected] None 0 14.8 kB ljharb
npm/[email protected] None 0 4.03 kB sindresorhus
npm/[email protected] None 0 3 kB sindresorhus
npm/[email protected] None 0 2.64 kB sindresorhus
npm/[email protected] None 0 3.05 kB sindresorhus
npm/[email protected] None +1 5.94 kB sindresorhus
npm/[email protected] None 0 6.96 kB sindresorhus
npm/[email protected] None 0 25 kB evilebottnawi
npm/[email protected] environment 0 6.63 kB sindresorhus
npm/[email protected] filesystem 0 406 kB greli
npm/[email protected] Transitive: eval +1 1.44 MB gajus
npm/[email protected] None 0 46.9 kB sokra
npm/[email protected] environment, filesystem 0 149 kB isaacs
npm/[email protected] eval 0 72 kB evilebottnawi
npm/[email protected] eval Transitive: filesystem, shell +1 1.87 MB fabiosantoscode
npm/[email protected] None 0 11 kB substack
npm/[email protected] None 0 7.76 kB mafintosh
npm/[email protected] None 0 58.7 kB mziccard
npm/[email protected] None 0 77.2 kB scottcorgan
npm/[email protected] None 0 3.5 kB sindresorhus
npm/[email protected] None 0 5.07 kB jonschlinkert
npm/[email protected] None 0 20.3 kB jonschlinkert
npm/[email protected] None 0 12.6 kB jonschlinkert
npm/[email protected] None 0 4.33 kB dougwilson
npm/[email protected] network 0 86.6 kB jstash
npm/[email protected] None 0 2.99 kB sindresorhus
npm/[email protected] None 0 15.7 kB barsh
npm/[email protected] environment, filesystem, unsafe 0 82 kB jonaskello
npm/[email protected] None 0 34 kB typescript-bot
npm/[email protected] environment, network 0 16.7 kB mikeal
npm/[email protected] None 0 174 kB dchest
npm/[email protected] None 0 21.2 kB gkz
npm/[email protected] None 0 57.9 kB sindresorhus
npm/[email protected] None 0 18.5 kB dougwilson
npm/[email protected] None 0 4.34 kB mathias
npm/[email protected] None 0 4.41 kB mathias
npm/[email protected] None 0 24.4 kB mathias
npm/[email protected] None 0 5.41 kB mathias
npm/[email protected] None +1 11.9 kB doowb
npm/[email protected] None 0 4.32 kB mikolalysenko
npm/[email protected] None 0 2.42 kB fgnass
npm/[email protected] None 0 41.4 kB iarna
npm/[email protected] None 0 2.68 kB zkat
npm/[email protected] None 0 4.71 kB ryanzim
npm/[email protected] None 0 4.31 kB dougwilson
npm/[email protected] None 0 2.41 kB lakenen
npm/[email protected] None +1 14.8 kB jonschlinkert
npm/[email protected] None 0 34.3 kB anodynos
npm/[email protected] None 0 436 kB garycourt
npm/[email protected] None 0 4.37 kB lydell
npm/[email protected] None 0 50.5 kB 3rdeden
npm/[email protected] None +1 99.7 kB defunctzombie
npm/[email protected] None 0 9.51 kB jonschlinkert
npm/[email protected] None 0 5.48 kB tootallnate
npm/[email protected] None 0 13.3 kB ljharb
npm/[email protected] None 0 24.2 kB ariaminaei
npm/[email protected] None 0 3.72 kB jaredhanson
npm/[email protected] None 0 34.3 kB ctavan
npm/[email protected] environment, filesystem, unsafe 0 16.7 kB zertosh
npm/[email protected] None 0 16.6 kB kemitchell
npm/[email protected] None 0 8.75 kB dougwilson
npm/[email protected] None 0 4.17 kB wooorm
npm/[email protected] None 0 35.8 kB dap
npm/[email protected] environment, filesystem 0 55.3 kB sokra
npm/[email protected] None 0 20.9 kB indutny
npm/[email protected] environment, filesystem, unsafe 0 160 kB evilebottnawi
npm/[email protected] filesystem +1 100 kB evilebottnawi
npm/[email protected] environment, filesystem, network 0 533 kB evilebottnawi
npm/[email protected] None 0 15.7 kB michael-ciniawsky
npm/[email protected] None 0 56.5 kB bebraw
npm/[email protected] None 0 36.7 kB sokra
npm/[email protected] environment, filesystem, network, unsafe 0 3.52 MB sokra
npm/[email protected] network 0 67.4 kB jcoglan
npm/[email protected] None 0 55 kB jcoglan
npm/[email protected] None 0 4.58 kB nexdrew
npm/[email protected] environment 0 9.97 kB isaacs
npm/[email protected] None 0 4.55 kB iarna
npm/[email protected] None 0 21.7 kB damonoehlman
npm/[email protected] None 0 10.6 kB jonschlinkert
npm/[email protected] None 0 9.62 kB sindresorhus
npm/[email protected] None 0 2.96 kB zkat
npm/[email protected] filesystem +1 22.2 kB jonschlinkert
npm/[email protected] network 0 101 kB lpinca
npm/[email protected] None 0 5.69 kB sindresorhus
npm/[email protected] filesystem 0 10.4 kB nexdrew
npm/[email protected] None 0 14.8 kB isaacs
npm/[email protected] environment +1 64.6 kB oss-bot
npm/[email protected] environment, filesystem 0 229 kB oss-bot
npm/[email protected] None 0 6.03 kB sindresorhus

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xphillyx @snyk-bot