nagyesta / assumed-identity Goto Github PK
View Code? Open in Web Editor NEWTest double simulating how Azure Managed Identity is providing tokens.
License: MIT License
Test double simulating how Azure Managed Identity is providing tokens.
License: MIT License
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
src/docker/Dockerfile
python 3.12.2-alpine3.18
.github/workflows/gradle-ci.yml
actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
actions/setup-java v4.0.0@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
actions/setup-python v5.0.0@0a5c61591373683505ea898e09a3ea4f39ef2b9c
docker/setup-qemu-action v3.0.0@68827325e0b33c7199eb31dd4e31fbe9023e06e3
docker/setup-buildx-action v3.0.0@f95db51fddba0c2d1ec667646a06c2ce06100226
gradle/gradle-build-action v3.1.0@29c0906b64b8fc82467890bfb7a0a7ef34bda89e
.github/workflows/gradle.yml
actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11
actions/setup-java v4.0.0@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
actions/setup-python v5.0.0@0a5c61591373683505ea898e09a3ea4f39ef2b9c
docker/setup-qemu-action v3.0.0@68827325e0b33c7199eb31dd4e31fbe9023e06e3
docker/setup-buildx-action v3.0.0@f95db51fddba0c2d1ec667646a06c2ce06100226
gradle/gradle-build-action v3.1.0@29c0906b64b8fc82467890bfb7a0a7ef34bda89e
docker/login-action v3.0.0@343f7c4344506bcbf9b4de18042ae17996df046d
gradle/gradle-build-action v3.1.0@29c0906b64b8fc82467890bfb7a0a7ef34bda89e
.github/workflows/pr-labeler.yml
TimonVS/pr-labeler-action v5@f9c084306ce8b3f488a8f3ee1ccedc6da131d1af
.github/workflows/release-draft.yml
actions/github-script v7.0.1@60a0d83039c74a4aee543508d2ffcb1c3799cdea
gradle.properties
settings.gradle
build.gradle
io.toolebox.git-versioner 1.6.7
gradle/wrapper/gradle-wrapper.properties
gradle 8.6
src/python/requirements.txt
Flask ==3.0.2
Flask-Parameter-Validation ==2.2.4
python-dateutil ==2.8.2
The comprehensive WSGI web application library.
Library home page: https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl
Path to dependency file: /src/python/requirements.txt
Path to vulnerable library: /src/python/requirements.txt
Found in HEAD commit: d6a402d63deb8b92484e643f815330b8394f8a25
CVE | Severity | CVSS | Dependency | Type | Fixed in (Werkzeug version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-46136 | High | 7.5 | Werkzeug-2.2.3-py3-none-any.whl | Direct | 3.0.1 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
The comprehensive WSGI web application library.
Library home page: https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412f3a0cfe9d4ce029eccbda6e1e4258ca45f/Werkzeug-2.2.3-py3-none-any.whl
Path to dependency file: /src/python/requirements.txt
Path to vulnerable library: /src/python/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: d6a402d63deb8b92484e643f815330b8394f8a25
Found in base branch: main
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
Publish Date: 2023-10-25
URL: CVE-2023-46136
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hrfv-mqp8-q5rw
Release Date: 2023-10-25
Fix Resolution: 3.0.1
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.