search

nextflow-io / nextflow

A DSL for data-driven computational pipelines
http://nextflow.io
Apache License 2.0
2.61k stars 605 forks source link

[Snyk] Security upgrade urllib3 from 2.0.7 to 2.2.2 #5075

Closed arnaualcazar closed 1 week ago

arnaualcazar commented 1 week ago

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project. #### Snyk changed the following file(s): - `docs/requirements.txt`
⚠️ Warning ``` sphinx-rtd-theme 1.1.1 has requirement docutils<0.18, but you have docutils 0.19. ```
--- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. > - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/seqera/project/b296e4d5-fc77-414e-a157-76f3e34a39c8?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/seqera/project/b296e4d5-fc77-414e-a157-76f3e34a39c8?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"urllib3","from":"2.0.7","to":"2.2.2"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-URLLIB3-7267250","priority_score":586,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Removal of Sensitive Information Before Storage or Transfer"}],"prId":"79b3a3d5-b4a2-4516-8d9e-4416fe8264b5","prPublicId":"79b3a3d5-b4a2-4516-8d9e-4416fe8264b5","packageManager":"pip","priorityScoreList":[586],"projectPublicId":"b296e4d5-fc77-414e-a157-76f3e34a39c8","projectUrl":"https://app.snyk.io/org/seqera/project/b296e4d5-fc77-414e-a157-76f3e34a39c8?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-URLLIB3-7267250"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
netlify[bot] commented 1 week ago

Deploy Preview for nextflow-docs-staging ready!

Name Link
Latest commit e5ce88053aa76d9cb6f9b9cda1a0832b88f6b3a3
Latest deploy log https://app.netlify.com/sites/nextflow-docs-staging/deploys/66720553707cdc000837cfa2
Deploy Preview https://deploy-preview-5075--nextflow-docs-staging.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.