Open AdamOswald opened 1 month ago
Aviator will automatically update this comment as the status of the PR changes. Comment
/aviator refresh
to force Aviator to re-examine your PR (or learn about other/aviator
commands).
This pull request is currently open (not queued).
To merge this PR, comment /aviator merge
or add the mergequeue
label.
Unable to verify url with installation ID
Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.
View changes in DiffLens
Hi there! :wave: Thanks for opening a PR. :tada: To get the most out of Senior Dev, please sign up in our Web App, connect your GitHub account, and add/join your organization AdamOswald. After that, you will receive code reviews beginning on your next opened PR. :rocket:
[!IMPORTANT]
Auto Review Skipped
Ignore keyword(s) in the title.
Please check the settings in the CodeRabbit UI or the
.coderabbit.yaml
file in this repository. To trigger a single review, invoke the@coderabbitai review
command.You can disable this status message by setting the
reviews.review_status
tofalse
in the CodeRabbit configuration file.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - docs/sphinx_requirements.txt⚠️ Warning
``` tensorflow 2.11.0 requires tensorflow-io-gcs-filesystem, which is not installed. tensorflow 2.11.0 requires keras, which is not installed. tensorboard 2.11.2 has requirement setuptools>=41.0.0, but you have setuptools 40.5.0. scikit-learn 1.0.2 requires scipy, which is not installed. ```**Why?** Recently disclosed, Has a fix available, CVSS 9.8 | Code Injection
[SNYK-PYTHON-KERAS-6615954](https://snyk.io/vuln/SNYK-PYTHON-KERAS-6615954) | `keras:`
`2.11.0 -> 2.13.1rc0`
| No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/adamoswald/project/3b5e52ce-0110-4c3b-99d1-c1ff8609b31d?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/adamoswald/project/3b5e52ce-0110-4c3b-99d1-c1ff8609b31d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"73859da1-8219-465e-8689-8d391e6bdd13","prPublicId":"73859da1-8219-465e-8689-8d391e6bdd13","dependencies":[{"name":"keras","from":"2.11.0","to":"2.13.1rc0"}],"packageManager":"pip","projectPublicId":"3b5e52ce-0110-4c3b-99d1-c1ff8609b31d","projectUrl":"https://app.snyk.io/org/adamoswald/project/3b5e52ce-0110-4c3b-99d1-c1ff8609b31d?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-PYTHON-KERAS-6615954"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[776],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Code Injection](https://learn.snyk.io/lesson/malicious-code-injection/?loc=fix-pr)