[Snyk] Fix for 7 vulnerabilities#408
Conversation
…e vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17972376 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17972377 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17972384 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17972386 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-17972379 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-17972380 - https://snyk.io/vuln/SNYK-PYTHON-PYASN1-17972383
|
This update includes a high-risk major version upgrade for pillow 9.5.0 → 12.3.0 (High Risk) This upgrade spans three major versions (v10, v11, v12) and introduces significant breaking changes requiring code modifications and environment updates. Key Breaking Changes:
Recommendation: Due to the number of major versions and significant API changes, this upgrade should be tested thoroughly in a development environment. Pay close attention to image processing code, especially resizing operations, and verify your Python runtime environment is compatible. pyasn1 0.5.1 → 0.6.4 (Medium Risk) This minor version upgrade drops support for older Python versions.
Recommendation: The risk is medium primarily due to the dropped support for end-of-life Python versions. Verify that your application is running on a supported Python version (3.8+). Source: Pillow and pyasn1 Changelogs
|
|
|
Snyk has created this PR to fix 7 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
builders/testdata/python/appengine_sdk/requirements.txtBreaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Out-of-bounds Write
🦉 Out-of-bounds Read
🦉 Allocation of Resources Without Limits or Throttling