Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BFD-3648: [Snyk] Fix for 4 vulnerabilities #2439

Merged
merged 5 commits into from
Sep 30, 2024
Merged

BFD-3648: [Snyk] Fix for 4 vulnerabilities #2439

merged 5 commits into from
Sep 30, 2024

Conversation

sb-benohe
Copy link
Collaborator

@sb-benohe sb-benohe commented Sep 23, 2024
edited
Loading

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • ops/terraform/services/eft/lambda_src/sftp_outbound_transfer/requirements.txt
⚠️ Warning 
aws-xray-sdk 2.12.1 requires botocore, which is not installed.
aws-encryption-sdk 3.1.1 requires boto3, which is not installed.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 Type Confusion

@sb-benohe sb-benohe self-assigned this Sep 23, 2024
@sb-benohe sb-benohe marked this pull request as draft September 23, 2024 13:31
@sb-benohe sb-benohe added the dependencies Pull requests that update a dependency file label Sep 23, 2024
@sb-benohe sb-benohe changed the title [Snyk] Fix for 4 vulnerabilities BFD-3648: [Snyk] Fix for 4 vulnerabilities Sep 23, 2024
@sb-benohe
Copy link
Collaborator Author

Pytests pass
note some warnings about tripleDES, which is unused.

Screenshot 2024-09-23 at 9 56 37 AM

@sb-benohe sb-benohe marked this pull request as ready for review September 23, 2024 13:59
@sb-benohe sb-benohe enabled auto-merge (squash) September 23, 2024 15:09
@sb-benohe sb-benohe merged commit 4099a50 into master Sep 30, 2024
14 checks passed
@sb-benohe sb-benohe deleted the snyk-fix-6b5276f57b2d19b33f582ad91bef1f1e branch September 30, 2024 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MahiFentaye MahiFentaye MahiFentaye approved these changes

@dondevun dondevun dondevun approved these changes

@timothy-ellis-ky timothy-ellis-ky timothy-ellis-ky approved these changes

@mjburling mjburling Awaiting requested review from mjburling mjburling is a code owner

@meliGuzman meliGuzman Awaiting requested review from meliGuzman

@aschey-forpeople aschey-forpeople Awaiting requested review from aschey-forpeople aschey-forpeople is a code owner

@malessi malessi Awaiting requested review from malessi malessi is a code owner

Assignees

@sb-benohe sb-benohe

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sb-benohe @timothy-ellis-ky @dondevun @MahiFentaye @snyk-bot