From d6a380ad92d2e39e0d18b0effa4510dd836bb136 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 16:36:32 +0000 Subject: [PATCH 1/5] fix: miqa/learning/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- miqa/learning/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/miqa/learning/requirements.txt b/miqa/learning/requirements.txt index 241821e3..241c3413 100644 --- a/miqa/learning/requirements.txt +++ b/miqa/learning/requirements.txt @@ -9,3 +9,4 @@ scikit-learn wandb wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability werkzeug>=2.3.8 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From a2bcc7f8a0e5a3468dc108d0f394bf6aacf45897 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 17 Jul 2024 09:28:20 +0000 Subject: [PATCH 2/5] fix: miqa/learning/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482 --- miqa/learning/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/miqa/learning/requirements.txt b/miqa/learning/requirements.txt index 241821e3..4e7dc614 100644 --- a/miqa/learning/requirements.txt +++ b/miqa/learning/requirements.txt @@ -9,3 +9,4 @@ scikit-learn wandb wheel>=0.38.0 # not directly required, pinned by Snyk to avoid a vulnerability werkzeug>=2.3.8 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability From 2fc631302d87cc648c17cac613350ba14ef86b9a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 4 Aug 2024 09:32:30 +0000 Subject: [PATCH 3/5] fix: dev/django.Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507 - https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6148845 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6190223 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6190223 --- dev/django.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/django.Dockerfile b/dev/django.Dockerfile index 2b49d399..0f27ff99 100644 --- a/dev/django.Dockerfile +++ b/dev/django.Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.13.0a6-slim +FROM python:3.13.0b4-slim # Install system libraries for Python packages: # * psycopg2 RUN apt-get update && \ From db5c028a538ceb4a6ac7443399615867f364eb9c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 4 Aug 2024 09:38:49 +0000 Subject: [PATCH 4/5] fix: prod/django.Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507 - https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6048820 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6148845 - https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6190223 --- prod/django.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prod/django.Dockerfile b/prod/django.Dockerfile index d5d0ae0e..aa3c3828 100644 --- a/prod/django.Dockerfile +++ b/prod/django.Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.13.0a6-slim +FROM python:3.13.0b4-slim # Install nodejs + npm for building client library # Install system libraries for Python packages: # * psycopg2 From d6ab763c00436dc7633d5ae66608a956f8c33f8e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 4 Aug 2024 20:05:25 +0000 Subject: [PATCH 5/5] fix: miqa/learning/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482