Open renovate[bot] opened 4 months ago
Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.
DryRun Security | Status | Findings |
---|---|---|
Configured Codepaths Analyzer | :white_check_mark: | 0 findings |
IDOR Analyzer | :white_check_mark: | 0 findings |
Sensitive Files Analyzer | :grey_exclamation: | 1 finding |
Authn/Authz Analyzer | :white_check_mark: | 0 findings |
SQL Injection Analyzer | :white_check_mark: | 0 findings |
Secrets Analyzer | :white_check_mark: | 0 findings |
[!Note] :green_circle: Risk threshold not exceeded.
Change Summary (click to expand)
The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. **Summary:** The changes in this pull request appear to be routine updates to the project's dependencies, primarily focused on updating the `clickhouse-driver` library from version `0.2.6` to `0.2.8`. This is a minor version update, which typically includes bug fixes and minor improvements, and is unlikely to introduce significant security risks. However, as an application security engineer, it's important to review the release notes and change logs for the updated dependencies to ensure that there are no known security vulnerabilities or issues that could impact the application. Additionally, it's a good practice to periodically review the entire set of dependencies and their versions to ensure that the application is using the latest stable and secure versions of the required libraries. **Files Changed:** 1. `pyproject.toml`: The changes in this file update the `clickhouse-driver` dependency from version `0.2.6` to `0.2.8`. This is a minor version update and is unlikely to introduce significant security risks. 2. `requirements.txt`: The changes in this file also update the `clickhouse-driver` dependency from version `0.2.6` to `0.2.8`. Additionally, the file contents show that the application uses several other Python libraries, including `wheel`, `click`, `requests`, `questionary`, `tabulate`, `kubernetes`, `uvicorn`, and `fastapi`. This suggests that the application may be using Kubernetes for deployment and FastAPI for the web application framework. 3. `setup.py`: Similar to the changes in `pyproject.toml` and `requirements.txt`, the `setup.py` file updates the `clickhouse-driver` dependency from version `0.2.6` to `0.2.8`. This is a minor version update and is unlikely to introduce significant security risks. Overall, these changes appear to be routine updates to the project's dependencies, and they do not raise any immediate security concerns. However, it's important to continue monitoring the application's dependencies for any future security-related updates or issues.
Powered by DryRun Security
The provided code changes primarily involve updating the versions of the clickhouse-driver
Python package, which is considered a safe update as it typically includes bug fixes and improvements without introducing major API or functionality changes, but it is crucial to review the changes for any known security vulnerabilities and thoroughly test the changes to ensure they don't introduce any regressions or unintended behavior.
We ran 9 analyzers
against 3 files
and 1 analyzer
had findings. 8 analyzers
had no findings.
Analyzer | Findings |
---|---|
Sensitive Files Analyzer | 1 finding |
:green_circle: Risk threshold not exceeded.
This PR contains the following updates:
==0.2.6
->==0.2.9
Release Notes
mymarilyn/clickhouse-driver (clickhouse-driver)
### [`v0.2.9`](https://togithub.com/mymarilyn/clickhouse-driver/blob/HEAD/CHANGELOG.md#029---2024-08-16) [Compare Source](https://togithub.com/mymarilyn/clickhouse-driver/compare/0.2.8...0.2.9) ##### Added - Debug logging on columns read/write. Solves issue [#404](https://togithub.com/mymarilyn/clickhouse-driver/issues/404). - Separate `parse_url` function for external tools. Solves issue [#438](https://togithub.com/mymarilyn/clickhouse-driver/issues/438). - \[NumPy] Support for pandas StringArray and ArrowStringArray writing. Solves issue [#337](https://togithub.com/mymarilyn/clickhouse-driver/issues/337). Pull request [#441](https://togithub.com/mymarilyn/clickhouse-driver/pull/441) by [Simon-Chenzw](https://togithub.com/Simon-Chenzw). ##### Fixed - `ssl.PROTOCOL_TLS` deprecation warning for Python 3.10+. - Trailing spaces in external tables declaration. Solves issue [#385](https://togithub.com/mymarilyn/clickhouse-driver/issues/385). - \[Tests] Skip certificate validation test during run on local machine. Solves issue [#442](https://togithub.com/mymarilyn/clickhouse-driver/issues/442). - Handle special enum values: `'mro'` and `''`. Solves issue [#333](https://togithub.com/mymarilyn/clickhouse-driver/issues/333). - \[NumPy] Do not localize already localized pandas datetime. Solves issue [#444](https://togithub.com/mymarilyn/clickhouse-driver/issues/444). - \[Tests] Run tests for server 24+. ##### Changed - Protocol version bumped to 54468. ### [`v0.2.8`](https://togithub.com/mymarilyn/clickhouse-driver/blob/HEAD/CHANGELOG.md#028---2024-06-12) [Compare Source](https://togithub.com/mymarilyn/clickhouse-driver/compare/0.2.7...0.2.8) ##### Added - Lazy date LUT initialization for memory reducing. See [docs](https://clickhouse-driver.readthedocs.io/en/0.2.8/types.html#date-date32). Solves issue [#430](https://togithub.com/mymarilyn/clickhouse-driver/issues/430). Pull request [#431](https://togithub.com/mymarilyn/clickhouse-driver/pull/431) by [DaniilAnichin](https://togithub.com/DaniilAnichin). - Dependabot for up-to-date GitHub actions. Pull request [#421](https://togithub.com/mymarilyn/clickhouse-driver/pull/422) by [cclauss](https://togithub.com/cclauss). ##### Fixed - TCP keepalive idle_time_sec, interval_sec type to integer. Solves issue [#432](https://togithub.com/mymarilyn/clickhouse-driver/issues/432). - Empty Map type read IndexError. Solves issue [#433](https://togithub.com/mymarilyn/clickhouse-driver/issues/433). - Test on current versions of PyPy. Pull request [#424](https://togithub.com/mymarilyn/clickhouse-driver/pull/424) by [cclauss](https://togithub.com/cclauss). - Connection `verify=False` ignoring. Solves issue [#420](https://togithub.com/mymarilyn/clickhouse-driver/issues/420). Pull request [#421](https://togithub.com/mymarilyn/clickhouse-driver/pull/421) by [akurdyukov](https://togithub.com/akurdyukov). ### [`v0.2.7`](https://togithub.com/mymarilyn/clickhouse-driver/blob/HEAD/CHANGELOG.md#027---2024-02-20) [Compare Source](https://togithub.com/mymarilyn/clickhouse-driver/compare/0.2.6...0.2.7) ##### Added - Wheels for Python 3.12. - Toggle hostname verification with `verify` option. Solves issue [#378](https://togithub.com/mymarilyn/clickhouse-driver/issues/378). Pull request [#379](https://togithub.com/mymarilyn/clickhouse-driver/pull/379) by [adamleko](https://togithub.com/adamleko). ##### Fixed - Date32 start interval changed to 1900-01-01. Solves issue [#409](https://togithub.com/mymarilyn/clickhouse-driver/issues/409). - Memory leak when clickhouse raise exception on `BufferedSocketWriter.write_into_stream`. Solves issue [#406](https://togithub.com/mymarilyn/clickhouse-driver/issues/406). Pull request [#407](https://togithub.com/mymarilyn/clickhouse-driver/pull/407) by [pulina](https://togithub.com/pulina). - `input_format_null_as_default` option for UUID produce `00000000-0000-0000-0000-000000000000` if set to true. Solves issue [#401](https://togithub.com/mymarilyn/clickhouse-driver/issues/401). - \[Tests] Remove MemoryTracker asserting on INSERT statements. Solves issue [#403](https://togithub.com/mymarilyn/clickhouse-driver/issues/403). - Store "progress" and "profile" stats on INSERT statements. Solves issue [#391](https://togithub.com/mymarilyn/clickhouse-driver/issues/391). Pull request [#392](https://togithub.com/mymarilyn/clickhouse-driver/pull/392) by [insomnes](https://togithub.com/insomnes). - Add `send_logs_level=test` log level support. Solves issue [#383](https://togithub.com/mymarilyn/clickhouse-driver/issues/383). Pull request [#395](https://togithub.com/mymarilyn/clickhouse-driver/pull/395) by [the-horhe](https://togithub.com/the-horhe). - `self` in `int128_from_quads`, `int128_to_quads`, `int256_from_quads`, `int256_to_quads`. Solves issue [#400](https://togithub.com/mymarilyn/clickhouse-driver/issues/400). ##### Changed - Server-side parameters substitution is turned off by default. You can't mix client-side and server-side formatting in one query. Solves issue [#376](https://togithub.com/mymarilyn/clickhouse-driver/issues/376) and [#410](https://togithub.com/mymarilyn/clickhouse-driver/issues/410). - Protocol version bumped to 54462.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.