search

facioquo / stock-indicators-python

Stock Indicators for Python. Maintained by @LeeDongGeon1996
https://python.StockIndicators.dev
Apache License 2.0
220 stars 37 forks source link

chore: Security upgrade zipp from 3.15.0 to 3.19.1 #388

Closed DaveSkender closed 1 month ago

DaveSkender commented 1 month ago

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project. #### Snyk changed the following file(s): - `requirements-test.txt` --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. > - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/facioquo/project/74f22bf8-78b9-455c-9edb-4ecdec799fec?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/facioquo/project/74f22bf8-78b9-455c-9edb-4ecdec799fec?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"zipp","from":"3.15.0","to":"3.19.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":141,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 09:06:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.35},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":141,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 09:06:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.35},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":141,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 09:06:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.35},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Infinite loop"},{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":141,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 09:06:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.35},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Infinite loop"}],"prId":"36ae9f9c-668c-4ac3-b8b3-a7863c0f9262","prPublicId":"36ae9f9c-668c-4ac3-b8b3-a7863c0f9262","packageManager":"pip","priorityScoreList":[141],"projectPublicId":"74f22bf8-78b9-455c-9edb-4ecdec799fec","projectUrl":"https://app.snyk.io/org/facioquo/project/74f22bf8-78b9-455c-9edb-4ecdec799fec?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-ZIPP-7430899"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
codacy-production[bot] commented 1 month ago

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
:white_check_mark: +0.00% (target: -1.00%) :white_check_mark:
Coverage variation details | | Coverable lines | Covered lines | Coverage | | ------------- | ------------- | ------------- | ------------- | | Common ancestor commit (ff1e4efd15dd17db7ef3dc2a4a422bd38a4b657f) | 2874 | 2627 | 91.41% | | | Head commit (0295abf4c74fa44079b899003acfbb24afc902ce) | 2874 (+0) | 2627 (+0) | 91.41% (**+0.00%**) | **Coverage variation** is the difference between the coverage for the head and common ancestor commits of the pull request branch: ` - `
Diff coverage details | | Coverable lines | Covered lines | Diff coverage | | ------------- | ------------- | ------------- | ------------- | | Pull request (#388) | 0 | 0 | **∅ (not applicable)** | **Diff coverage** is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: `/ * 100%`

See your quality gate settings    Change summary preferences

:rocket: Don’t miss a bit, follow what’s new on Codacy.

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

LeeDongGeon1996 commented 1 month ago

@DaveSkender Do we need this? 🤔

DaveSkender commented 1 month ago

@DaveSkender Do we need this? 🤔

Looks like an override for a sub package to one of the pytest dependencies. You’d think pytest will update this soon, and it’s only part of a dev dependency, so we can skip it.