search

SwaragThaikkandi / SMdRQA

For doing multidimensional recurrent quantification analysis(MdRQA) and sliding window version of it
https://swaragthaikkandi.github.io/SMdRQA/
GNU General Public License v3.0
1 stars 0 forks source link

[Snyk] Security upgrade numpy from 1.21.3 to 1.22.2 #14

Closed SwaragThaikkandi closed 7 months ago

SwaragThaikkandi commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - requirements.txt
⚠️ Warning ``` pandas 1.3.5 requires numpy, which is not installed. operator-courier 2.1.11 requires validators, which is not installed. numba 0.56.4 requires numpy, which is not installed. matplotlib 3.5.3 requires fonttools, which is not installed. matplotlib 3.5.3 requires pillow, which is not installed. matplotlib 3.5.3 requires numpy, which is not installed. kuramoto 0.3.0 requires numpy, which is not installed. kuramoto 0.3.0 requires scipy, which is not installed. ```
#### Vulnerabilities that will be fixed ##### By pinning: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | NULL Pointer Dereference
[SNYK-PYTHON-NUMPY-2321964](https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964) | `numpy:`
`1.21.3 -> 1.22.2`
| No | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **399/1000**
**Why?** Has a fix available, CVSS 3.7 | Buffer Overflow
[SNYK-PYTHON-NUMPY-2321966](https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966) | `numpy:`
`1.21.3 -> 1.22.2`
| No | No Known Exploit ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Denial of Service (DoS)
[SNYK-PYTHON-NUMPY-2321970](https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970) | `numpy:`
`1.21.3 -> 1.22.2`
| No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/swaragthaikkandi/project/55ce5d30-8c68-4c4e-a9e9-45f1b96eef72?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/swaragthaikkandi/project/55ce5d30-8c68-4c4e-a9e9-45f1b96eef72?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"fb4325c9-2928-4ad8-8788-97e0e142ae38","prPublicId":"fb4325c9-2928-4ad8-8788-97e0e142ae38","dependencies":[{"name":"numpy","from":"1.21.3","to":"1.22.2"}],"packageManager":"pip","projectPublicId":"55ce5d30-8c68-4c4e-a9e9-45f1b96eef72","projectUrl":"https://app.snyk.io/org/swaragthaikkandi/project/55ce5d30-8c68-4c4e-a9e9-45f1b96eef72?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-PYTHON-NUMPY-2321964","SNYK-PYTHON-NUMPY-2321966","SNYK-PYTHON-NUMPY-2321970"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[506,399,506],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [NULL Pointer Dereference](https://learn.snyk.io/lesson/null-dereference/?loc=fix-pr)
github-actions[bot] commented 7 months ago

Dependency Review

The following issues were found:

See the Details below.

License Issues

requirements.txt

PackageVersionLicenseIssue Type
numpy>= 1.22.2NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/numpy >= 1.22.2 :green_circle: 8.8
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1015 out of 15 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 10all changesets reviewed
Contributors:green_circle: 1096 different organizations found -- score normalized to 10
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:green_circle: 10project is fuzzed
License:green_circle: 9license file detected
Maintained:green_circle: 1030 commit(s) out of 30 and 20 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging:warning: -1no published package detected
Pinned-Dependencies:warning: -1internal error: internal error: unable to determine OS for job: MyPy
SAST:green_circle: 10SAST tool is run on all commits
Security-Policy:green_circle: 9security policy file detected
Signed-Releases:warning: 00 out of 5 artifacts are signed or have provenance
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 10no vulnerabilities detected
pip/numpy >= 1.22.0rc1 :green_circle: 8.8
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1015 out of 15 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 10all changesets reviewed
Contributors:green_circle: 1096 different organizations found -- score normalized to 10
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:green_circle: 10project is fuzzed
License:green_circle: 9license file detected
Maintained:green_circle: 1030 commit(s) out of 30 and 20 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging:warning: -1no published package detected
Pinned-Dependencies:warning: -1internal error: internal error: unable to determine OS for job: MyPy
SAST:green_circle: 10SAST tool is run on all commits
Security-Policy:green_circle: 9security policy file detected
Signed-Releases:warning: 00 out of 5 artifacts are signed or have provenance
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 10no vulnerabilities detected

Scanned Manifest Files

requirements.txt
  • numpy@>= 1.22.2
  • numpy@>= 1.22.0rc1