8000 [Snyk] Security upgrade urllib3 from 1.26.18 to 1.26.19 by SherfeyInv · Pull Request #11 · SherfeyInv/node · GitHub
[go: up one dir, main page]
Skip to content

[Snyk] Security upgrade urllib3 from 1.26.18 to 1.26.19 #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SherfeyInv wants to merge 28 commits into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade urllib3 from 1.26.18 to 1.26.19 #11

SherfeyInv wants to merge 28 commits into from

Conversation

@SherfeyInv
Copy link
Owner
@SherfeyInv SherfeyInv commented Jun 19, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • deps/uv/docs/requirements.txt
⚠️ Warning ``` livereload 2.6.3 requires tornado, which is not installed. furo 2023.5.20 has requirement sphinx<8.0,>=6.0, but you have sphinx 5.3.0. 
</details>





---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwMGQ4YzQ0ZS1hYzk4LTRhN2EtYTRkMi1lMGE4Y2FkZTUzYmQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjAwZDhjNDRlLWFjOTgtNGE3YS1hNGQyLWUwYThjYWRlNTNiZCJ9fQ==" width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/sherfeyinv/project/31de1cd6-3b62-4fb2-bba5-942fc4c5b9eb?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project settings](https://app.snyk.io/org/sherfeyinv/project/31de1cd6-3b62-4fb2-bba5-942fc4c5b9eb?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"urllib3","from":"1.26.18","to":"1.26.19"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"}],"prId":"00d8c44e-ac98-4a7a-a4d2-e0a8cade53bd","prPublicId":"00d8c44e-ac98-4a7a-a4d2-e0a8cade53bd","packageManager":"pip","priorityScoreList":[586],"projectPublicId":"31de1cd6-3b62-4fb2-bba5-942fc4c5b9eb","projectUrl":"https://app.snyk.io/org/sherfeyinv/project/31de1cd6-3b62-4fb2-bba5-942fc4c5b9eb?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-URLLIB3-7267250"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

snyk-bot and others added 28 commits April 17, 2024 08:07
@snyk-bot
fix: upgrade multiple dependencies with Snyk
5d0b204 
Snyk has created this PR to upgrade:
  - @babel/types from 7.1.3 to 7.24.0.
    See this package in npm: https://www.npmjs.com/package/@babel/types
  - @babel/generator from 7.1.3 to 7.24.1.
    See this package in npm: https://www.npmjs.com/package/@babel/generator
  - @babel/parser from 7.1.3 to 7.24.1.
    See this package in npm: https://www.npmjs.com/package/@babel/parser
  - @babel/template from 7.1.2 to 7.24.0.
    See this package in npm: https://www.npmjs.com/package/@babel/template
  - @babel/traverse from 7.1.4 to 7.24.1.
    See this package in npm: https://www.npmjs.com/package/@babel/traverse

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/4efb7bdf-0194-4264-afc0-68755fec8ff7?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade commander from 2.11.0 to 2.20.3
2ecf220 
Snyk has created this PR to upgrade commander from 2.11.0 to 2.20.3.

See this package in npm:
https://www.npmjs.com/package/commander

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/4efb7bdf-0194-4264-afc0-68755fec8ff7?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade globals from 10.1.0 to 10.4.0
f521f8f 
Snyk has created this PR to upgrade globals from 10.1.0 to 10.4.0.

See this package in npm:
https://www.npmjs.com/package/globals

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/4efb7bdf-0194-4264-afc0-68755fec8ff7?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade rollup-plugin-node-resolve from 4.0.0 to 4.2.4
2dd1e2e 
Snyk has created this PR to upgrade rollup-plugin-node-resolve from 4.0.0 to 4.2.4.

See this package in npm:
https://www.npmjs.com/package/rollup-plugin-node-resolve

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/6d43b18a-a5e1-4727-ac73-fcd0932f1193?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade rollup-plugin-typescript2 from 0.32.1 to 0.36.0
4d5fa12 
Snyk has created this PR to upgrade rollup-plugin-typescript2 from 0.32.1 to 0.36.0.

See this package in npm:
https://www.npmjs.com/package/rollup-plugin-typescript2

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/6d43b18a-a5e1-4727-ac73-fcd0932f1193?utm_source=github&utm_medium=referral&page=upgrade-pr
@SherfeyInv
Merge pull request #5 from SherfeyInv/snyk-upgrade-bb4a5f76f544baadbb…
3a0c34d 
…99ff04d75680d0

[Snyk] Upgrade rollup-plugin-typescript2 from 0.32.1 to 0.36.0
@SherfeyInv
Merge pull request #3 from SherfeyInv/snyk-upgrade-8338f22c4d73739ef2…
e5a2bf3 
…1f946ee9ba2783

[Snyk] Upgrade globals from 10.1.0 to 10.4.0
@snyk-bot
fix: upgrade multiple dependencies with Snyk
15ba750 
Snyk has created this PR to upgrade:
  - @babel/types from 7.1.3 to 7.24.0.
    See this package in npm: https://www.npmjs.com/package/@babel/types
  - @babel/generator from 7.1.3 to 7.24.1.
    See this package in npm: https://www.npmjs.com/package/@babel/generator
  - @babel/parser from 7.1.3 to 7.24.1.
    See this package in npm: https://www.npmjs.com/package/@babel/parser
  - @babel/template from 7.1.2 to 7.24.0.
    See this package in npm: https://www.npmjs.com/package/@babel/template
  - @babel/traverse from 7.1.4 to 7.24.1.
    See this package in npm: https://www.npmjs.com/package/@babel/traverse

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/4efb7bdf-0194-4264-afc0-68755fec8ff7?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade local-web-server from 5.3.1 to 5.3.3
898a8e2 
Snyk has created this PR to upgrade local-web-server from 5.3.1 to 5.3.3.

See this package in npm:
https://www.npmjs.com/package/local-web-server

See this project in Snyk:
https://app.snyk.io/org/sherfeyinv/project/63703d25-6c4c-4e78-8818-736748bbcc1f?utm_source=github&utm_medium=referral&page=upgrade-pr
@SherfeyInv
Merge branch 'nodejs:main' into main
ddc5d61
@snyk-bot
fix: deps/uv/docs/requirements.txt to reduce vulnerabilities
fd94439 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
@snyk-bot
fix: deps/v8/bazel/requirements.txt to reduce vulnerabilities
0ed6622 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
Merge pull request #9 from SherfeyInv/snyk-fix-6ea122ca3448c60ea8357c…
83f7573 
…25cdbac6be
Merge pull request #8 from SherfeyInv/snyk-fix-94c5c7467e0e6494e81d38…
fcd33f2 
…5b99c18967
Merge branch 'nodejs:main' into main
ce7b894
@snyk-bot
fix: deps/uv/docs/requirements.txt to reduce vulnerabilities
810c680 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
Merge branch 'nodejs:main' into main
d8170ed
Merge pull request #10 from SherfeyInv/snyk-fix-f4521c62fd5ce4492d9cf…
86547a7 
…cd3a506d5a3

[Snyk] Fix for 7 vulnerabilities
Merge pull request #7 from SherfeyInv/snyk-upgrade-d34ae0f2e6f771b016…
5f617cd 
…286f506c5942dc

[Snyk] Upgrade local-web-server from 5.3.1 to 5.3.3
Merge pull request #6 from SherfeyInv/snyk-upgrade-f7cb8645e4e4d2a1f8…
36733fe 
…b5567d8651f38d

[Snyk] Upgrade: @babel/types, @babel/generator, @babel/parser, @babel/template, @babel/traverse
Merge branch 'main' into snyk-upgrade-f3ab73243a65c136a79f887f1c6b7e4c
787745f
Merge pull request #4 from SherfeyInv/snyk-upgrade-f3ab73243a65c136a7…
2a324e0 
…9f887f1c6b7e4c

[Snyk] Upgrade rollup-plugin-node-resolve from 4.0.0 to 4.2.4
Merge branch 'main' into snyk-upgrade-9afb58329c3c17052fb86b74eefcb049
f6f697d
Merge pull request #2 from SherfeyInv/snyk-upgrade-9afb58329c3c17052f…
4772580 
…b86b74eefcb049

[Snyk] Upgrade commander from 2.11.0 to 2.20.3
Merge branch 'main' into snyk-upgrade-5b5e2e684bceee60821d9e945cee4108
9f2813f
Merge pull request #1 from SherfeyInv/snyk-upgrade-5b5e2e684bceee6082…
25fe46e 
…1d9e945cee4108

[Snyk] Upgrade: @babel/types, @babel/generator, @babel/parser, @babel/template, @babel/traverse
Merge branch 'nodejs:main' into main
99eb8dd
@snyk-bot
fix: deps/uv/docs/requirements.txt to reduce vulnerabilities
484c983 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SherfeyInv @snyk-bot
0