* File changed: [patchwork/app.py](https://github.com/patched-codes/patchwork/pull/333/files#diff-839e90b808d34e4cf447eff0896161788ccfc6e1f2970be2e551b64ba413a503)[Fix vulnerability by avoiding dynamic input in `importlib.import_module()`](https://github.com/patched-codes/patchwork/pull/333/files#diff-839e90b808d34e4cf447eff0896161788ccfc6e1f2970be2e551b64ba413a503L199-L219) Avoid using dynamic input in `importlib.import_module()` function by replacing it with the `importlib.util.spec_from_file_location()` method.
* File changed: [patchwork/common/utils/dependency.py](https://github.com/patched-codes/patchwork/pull/333/files#diff-6ad070db06c1de59a1e0b0b199944f057089f121f94abdf817a0845e3c5d81f6)[Fix vulnerability by avoiding dynamic values in importlib.import_module()](https://github.com/patched-codes/patchwork/pull/333/files#diff-6ad070db06c1de59a1e0b0b199944f057089f121f94abdf817a0845e3c5d81f6L1-L30) Used a whitelist to prevent running untrusted code by checking the input `name` against a predefined list of dependencies before importing the module.
This pull request from patched fixes 2 issues.
[Fix vulnerability by avoiding dynamic input in `importlib.import_module()`](https://github.com/patched-codes/patchwork/pull/333/files#diff-839e90b808d34e4cf447eff0896161788ccfc6e1f2970be2e551b64ba413a503L199-L219)
Avoid using dynamic input in `importlib.import_module()` function by replacing it with the `importlib.util.spec_from_file_location()` method.[Fix vulnerability by avoiding dynamic values in importlib.import_module()](https://github.com/patched-codes/patchwork/pull/333/files#diff-6ad070db06c1de59a1e0b0b199944f057089f121f94abdf817a0845e3c5d81f6L1-L30)
Used a whitelist to prevent running untrusted code by checking the input `name` against a predefined list of dependencies before importing the module.