Open AdamOswald opened 5 months ago
Aviator will automatically update this comment as the status of the PR changes. Comment
/aviator refresh
to force Aviator to re-examine your PR (or learn about other/aviator
commands).
This pull request is currently open (not queued).
To merge this PR, comment /aviator merge
or add the mergequeue
label.
Unable to locate .performanceTestingBot config file
Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
View changes in DiffLens
This PR has 0
quantified lines of changes. In general, a change size of upto 200
lines is ideal for the best PR experience!
Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
Hi there! :wave: Thanks for opening a PR. :tada: To get the most out of Senior Dev, please sign up in our Web App, connect your GitHub account, and add/join your organization AdamOswald. After that, you will receive code reviews beginning on your next opened PR. :rocket:
This update focuses on enhancing the security of the application by addressing a specific vulnerability. By adding fastapi>=0.109.1
to the requirements.txt
, the change ensures that the application relies on a version of FastAPI that includes necessary patches or improvements, safeguarding against potential security threats.
File | Change Summary |
---|---|
requirements.txt |
Added fastapi>=0.109.1 to address vulnerability |
🐇✨
In the garden of code, where vulnerabilities hide,
A patch was planted, with security in stride.
FastAPI grows stronger, with each version anew,
A safer tomorrow, our code hops towards, true.
🌱🔐✨
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
View changes in DiffLens
Thanks for opening this Pull Request! We need you to:
Fill out the description.
Action: Edit description and replace <!- ... -->
with actual values.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - requirements.txt⚠️ Warning
``` transformers 4.30.2 has requirement tokenizers!=0.11.3,<0.14,>=0.11.1, but you have tokenizers 0.15.1. torch 1.13.1 requires nvidia-cublas-cu11, which is not installed. torch 1.13.1 requires nvidia-cuda-runtime-cu11, which is not installed. torch 1.13.1 requires nvidia-cudnn-cu11, which is not installed. torch 1.13.1 requires nvidia-cuda-nvrtc-cu11, which is not installed. tensorflow-hub 0.16.1 requires tf-keras, which is not installed. tensorboard 2.11.2 has requirement protobuf<4,>=3.9.2, but you have protobuf 4.24.4. tensorboard 2.11.2 has requirement setuptools>=41.0.0, but you have setuptools 39.0.1. scikit-learn 1.0.2 requires scipy, which is not installed. python-igraph 0.11.3 has requirement igraph==0.11.3, but you have igraph 0.10.8. powerlaw 1.5 requires scipy, which is not installed. pipenv 2023.10.3 has requirement setuptools>=67, but you have setuptools 39.0.1. paddlenlp 2.7.2 requires fastapi, which is not installed. paddlenlp 2.7.2 requires seqeval, which is not installed. paddlenlp 2.7.2 has requirement multiprocess<=0.70.12.2, but you have multiprocess 0.70.15. paddlenlp 2.7.2 has requirement dill<0.3.5, but you have dill 0.3.7. paddle2onnx 0.9.5 has requirement onnx<=1.9.0, but you have onnx 1.14.1. onnxruntime 1.14.1 has requirement numpy>=1.21.6, but you have numpy 1.21.3. onnxruntime-gpu 1.14.1 has requirement numpy>=1.21.6, but you have numpy 1.21.3. lpips 0.1.4 requires scipy, which is not installed. gradio 3.34.0 requires fastapi, which is not installed. filterpy 1.4.5 requires scipy, which is not installed. facexlib 0.3.0 requires scipy, which is not installed. datasets 2.13.2 has requirement dill<0.3.7,>=0.3.0, but you have dill 0.3.7. botocore 1.33.13 has requirement urllib3<1.27,>=1.25.4; python_version < "3.10", but you have urllib3 2.0.7. ```**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-PYTHON-FASTAPI-6228055](https://snyk.io/vuln/SNYK-PYTHON-FASTAPI-6228055) | `fastapi:`
`0.103.2 -> 0.109.1`
| No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: