search

guibranco / pancake

🧰 πŸ› οΈ Pancake project - toolkit for PHP projects
https://guibranco.github.io/pancake/
MIT License
3 stars 1 forks source link

[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #180

Closed guibranco closed 1 month ago

guibranco commented 1 month ago

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project. #### Snyk changed the following file(s): - `requirements.txt` --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. > - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/guibranco/project/7069b772-2ca6-4fae-b46b-2e00c1467d65?utm_source=github&utm_medium=referral&page=fix-pr) πŸ“œ [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) πŸ›  [Adjust project settings](https://app.snyk.io/org/guibranco/project/7069b772-2ca6-4fae-b46b-2e00c1467d65?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"zipp","from":"3.15.0","to":"3.19.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite loop"}],"prId":"29d8c96e-b793-40c0-b888-ca53118c7e4c","prPublicId":"29d8c96e-b793-40c0-b888-ca53118c7e4c","packageManager":"pip","priorityScoreList":[738],"projectPublicId":"7069b772-2ca6-4fae-b46b-2e00c1467d65","projectUrl":"https://app.snyk.io/org/guibranco/project/7069b772-2ca6-4fae-b46b-2e00c1467d65?utm_source=github&utm_medium=referral&page=fix-pr","prType":"backlog","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pkg-based-remediation","updated-fix-title","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-ZIPP-7430899"],"patch":[],"isBreakingChange":false,"remediationStrategy":"dependency"}'
deepsource-io[bot] commented 1 month ago

Here's the code health analysis summary for commits ade2719..c27b02d. View details on DeepSource β†—.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource Test coverage LogoTest coverageβœ… SuccessView Check β†—
DeepSource SQL LogoSQLβœ… SuccessView Check β†—
DeepSource Secrets LogoSecretsβœ… SuccessView Check β†—
DeepSource PHP LogoPHPβœ… SuccessView Check β†—
DeepSource Docker LogoDockerβœ… SuccessView Check β†—

Code Coverage Report

MetricAggregatePhp
Branch Coverage100%100%
Composite Coverage95.3%95.3%
Line Coverage95.3%95.3%
πŸ’‘ If you’re a repository administrator, you can configure the quality gates from the settings.
github-actions[bot] commented 1 month ago

Infisical secrets check: :white_check_mark: No secrets leaked!

Scan results:

9:30PM INF scanning for exposed secrets...
9:30PM INF 125 commits scanned.
9:30PM INF scan completed in 405ms
9:30PM INF no leaks found
codacy-production[bot] commented 1 month ago

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
:white_check_mark: +0.00% (target: -1.00%) :white_check_mark: βˆ…
Coverage variation details | | Coverable lines | Covered lines | Coverage | | ------------- | ------------- | ------------- | ------------- | | Common ancestor commit (ade27191e15468af263a1e7457b2b88f20d35d68) | 212 | 202 | 95.28% | | | Head commit (c27b02d7625e843b2d5797b6cb4245ff267c6f86) | 212 (+0) | 202 (+0) | 95.28% (**+0.00%**) | **Coverage variation** is the difference between the coverage for the head and common ancestor commits of the pull request branch: ` - `
Diff coverage details | | Coverable lines | Covered lines | Diff coverage | | ------------- | ------------- | ------------- | ------------- | | Pull request (#180) | 0 | 0 | **βˆ… (not applicable)** | **Diff coverage** is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: `/ * 100%`

See your quality gate settings    Change summary preferences

:rocket: Don’t miss a bit, follow what’s new on Codacy.

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

sonarcloud[bot] commented 1 month ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud