chore(deps): update dependency jinja2 to v3.1.5 [security] #59
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-6119Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20241224021813_RKRFBN/python_WQFPOT/202412240218141/env/lib/python3.8/site-packages/cryptography-42.0.5.dist-info Dependency Hierarchy: -> ❌ cryptography-42.0.5-cp37-abi3-manylinux_2_28_x86_64.whl (Vulnerable Library) |
 High |
7.5 | cryptography-42.0.5-cp37-abi3-manylinux_2_28_x86_64.whl | Upgrade to version: openssl-3.0.15,openssl-3.1.7,openssl-3.2.3,openssl-3.3.2, cryptography - 43.0.1 | #62 |
CVE-2024-37891Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20241224021813_RKRFBN/python_WQFPOT/202412240218141/env/lib/python3.8/site-packages/urllib3-2.1.0.dist-info Dependency Hierarchy: -> ❌ urllib3-2.1.0-py3-none-any.whl (Vulnerable Library) |
 Medium |
4.4 | urllib3-2.1.0-py3-none-any.whl | Upgrade to version: urllib3 - 1.26.19,2.2.2 | #54 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2024-34064 | Jinja2-3.1.3-py3-none-any.whl |
| CVE-2024-37891 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2024-6119 | cryptography-42.0.4-cp37-abi3-manylinux_2_28_x86_64.whl |
| CVE-2024-5569 | zipp-3.15.0-py3-none-any.whl |
Base branch total remaining vulnerabilities: 7
Base branch commit: 3aded0c5a04b0b31d3d301f6875526febb6e4dad
Total libraries scanned: 35
Scan token: 7240b672381c451dbd065c8cb04a2112