* File changed: [patchwork/app.py](https://github.com/patched-codes/patchwork/pull/583/files#diff-839e90b808d34e4cf447eff0896161788ccfc6e1f2970be2e551b64ba413a503)Fix vulnerability in find_patchflow function Avoid using untrusted user input in importlib.import_module() by removing dynamic value and handling loading of modules only from the predefined list of possible_module_paths.
* File changed: [patchwork/common/utils/step_typing.py](https://github.com/patched-codes/patchwork/pull/583/files#diff-4490efb269fda5b75b1edc5f5fa275d34675bca1ffbb22e06829384e562205ff)Avoid dynamic values in importlib.import_module() to prevent running untrusted code Avoid using f-string with dynamic module path in importlib.import_module()
* File changed: [patchwork/common/utils/dependency.py](https://github.com/patched-codes/patchwork/pull/583/files#diff-6ad070db06c1de59a1e0b0b199944f057089f121f94abdf817a0845e3c5d81f6)Fix vulnerability in import_with_dependency_group function Avoid dynamic values in importlib.import_module() by checking if the input name is in a predefined whitelist (__DEPENDENCY_GROUPS) before importing.
This pull request from patched fixes 3 issues.
Fix vulnerability in find_patchflow function
Avoid using untrusted user input in importlib.import_module() by removing dynamic value and handling loading of modules only from the predefined list of possible_module_paths.Avoid dynamic values in importlib.import_module() to prevent running untrusted code
Avoid using f-string with dynamic module path in importlib.import_module()Fix vulnerability in import_with_dependency_group function
Avoid dynamic values in importlib.import_module() by checking if the input name is in a predefined whitelist (__DEPENDENCY_GROUPS) before importing.