Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEUTRAL] Update dependency argh to v0.31.3 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

[NEUTRAL] Update dependency argh to v0.31.3

cb13240
Select commit
Loading
Failed to load commit list.
Open

[NEUTRAL] Update dependency argh to v0.31.3 #7

[NEUTRAL] Update dependency argh to v0.31.3
cb13240
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Jul 14, 2024 in 4h 15m 48s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2024-37891

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

-> requests-2.31.0-py3-none-any.whl (Root Library)

   -> ❌ urllib3-2.0.7-py3-none-any.whl (Vulnerable Library)

Medium 4.4 urllib3-2.0.7-py3-none-any.whl Upgrade to version: urllib3 - 1.26.19,2.2.2 #42

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-43804 urllib3-2.0.4-py3-none-any.whl
CVE-2023-45803 urllib3-2.0.4-py3-none-any.whl
CVE-2024-3651 idna-3.4-py3-none-any.whl
CVE-2024-37891 urllib3-2.0.4-py3-none-any.whl
CVE-2024-39689 certifi-2023.7.22-py3-none-any.whl

Base branch total remaining vulnerabilities: 7
Base branch commit: cb1324092a238d7986c056da4aeebd11d5e76906


Total libraries scanned: 22

Scan token: 612b170bd5474512b9f6377b8753f834

View more details on Mend for GitHub.com