Skip to content

Update requirements.txt #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update requirements.txt #22

wants to merge 1 commit into from

Conversation

ethomson
Copy link
Owner

No description provided.

stacklok-cloud[bot]
stacklok-cloud bot suggested changes Oct 28, 2024
View reviewed changes
requirements.txt
@@ -1 +1,2 @@
Flask
werkzeug==3.0.5
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
werkzeug==3.0.5
werkzeug==3.0.6

@stacklok-cloud
Copy link

Minder Vulnerability Report ⚠️

Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR.

Vulnerability scan of 3b2a697e:

  • 🐞 vulnerable packages: 1
  • 🛠 fixes available for: 1
Package Version #Vulnerabilities #Fixes Patch
werkzeug 3.0.5 2 2 3.0.6

Summary of vulnerabilities found

Minder found the following vulnerabilities in this PR:
Ecosystem Name Version Vulnerability ID Summary Introduced Fixed
PyPI werkzeug 3.0.5 GHSA-f9vj-2wh5-fj8j Werkzeug safe_join not safe on Windows 0 3.0.6
PyPI werkzeug 3.0.5 GHSA-q34m-jh98-gwm2 Werkzeug possible resource exhaustion when parsing file data in forms 0 0.19.7

@stacklok-cloud
Copy link

stacklok-cloud bot commented Dec 5, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

4 similar comments
@stacklok-cloud
Copy link

stacklok-cloud bot commented Dec 5, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

@stacklok-cloud
Copy link

stacklok-cloud bot commented Dec 5, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

@stacklok-cloud
Copy link

stacklok-cloud bot commented Dec 5, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

@stacklok-cloud
Copy link

stacklok-cloud bot commented Dec 5, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

@stacklok-cloud
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
tornado 0

@stacklok-cloud
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

3 similar comments
@stacklok-cloud
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

@stacklok-cloud
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

@stacklok-cloud
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: werkzeug

Trusty Score: 0

Scoring details
Component Score
Package activity 8.2
Repository activity 7.2
User activity 9.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 95
Number of git tags or releases 108
Versions matched to tags or releases 96
Alternatives
Package Score Description
flask 0
django 0
tornado 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stacklok-cloud stacklok-cloud[bot] stacklok-cloud[bot] requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ethomson