[Snyk] Fix for 3 vulnerabilities

[msant262]

Snyk has created this PR to fix 3 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• supply_chain_security/requirements.txt

⚠️ Warning

ot-particularly 2.5.0 requires requests, which is not installed.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

[msant262]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

[msant262]

Checkmarx One – Scan Summary & Details – 808d268f-6065-4ee9-a5d9-0447b946e97e

New Issues (50)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Cx042e432f-e0c4	Npm-node-ipc-9.2.2	details Description: The malicious payload in this package has the ability to corrupt or destroy files on disk ### About File wiping or file destruction is a type of r... ID: bwj%2B9vu%2BdPZEqTV2VCFASAEoks1sHXGff3rlJ1WrwQ8%3D Vulnerable Package
	Cx07931ce7-8224	Npm-ua-parser-js-0.7.29	details Description: This package exfiltrates stored credentials and sensitive information ### About Data exfiltration may be done in numerous ways such as through HTT... ID: RZS65i3GwnTolTOUGDWtvjltPFPAsTKVSYLvvkl9ljk%3D Vulnerable Package
	Cx28bd7545-eb30	Npm-node-ipc-9.2.2	details Description: This package includes functionality which aims to protest or raise an issue and might include undesired behavior. ### About Similar to a malicious... ID: 0qY0v7u7aAPWl1VTliTFIxm9V%2FBqyDz5ni%2F3OhHcfW0%3D Vulnerable Package
	Cx299e146f-5a39	Npm-scs-0.0.1	details Description: This package executes a crypto mining software ### About Using a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem ... ID: fWbn8Jk%2B77jd3%2BHrQD616hudrAVRHhkoAPtUQXwe6N0%3D Vulnerable Package
	Cx43050644-3add	Npm-momnet-2.29.1	details Description: This package name is similar to other popular package "moment" ### About Typosquatting attacks relies on user type errors being inputted into inst... ID: 3YHXOt6jDiCUplh0hyzkKnF4B28QIhaAlb9bxI7ieJo%3D Vulnerable Package
	Cx4737011d-347c	Npm-ua-parser-js-0.7.29	details Description: This package executes a crypto mining software ### About Using a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem ... ID: gvPcw31JDD7qa9z8KCq0MoW%2FhXm5rTy4eG9jdDt53dU%3D Vulnerable Package
	Cx4a52ebed-4106	Npm-momnet-2.29.1	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: XoirFoUjZFdIeFFf3lp02d4atsVcDLs2AbW%2FdFCF9ag%3D Vulnerable Package
	Cx4ba6c921-c998	Npm-scs-0.0.1	details Description: This package exfiltrates computer and operating system information ### About Data exfiltration may be done in numerous ways such as through HTTP r... ID: LmOL1TBsg9UncGCWCn48ieqpRoWcYYhhanz1YjZG2tQ%3D Vulnerable Package
	Cx4eb613b4-04e7	Npm-scs-0.0.1	details Description: This package downloads a harmful file. File hash: ```ea131cc5ccf6aa6544d6cb29cdb78130feed061d2097c6903215be1499464c2e``` ### About Using a dynamic... ID: NsljqF%2F8h0gbXfFk4N8%2FgFYM3J8CfzbIKKr7vi4Lt%2Bo%3D Vulnerable Package
	Cx558b006b-f4df	Npm-ua-parser-js-0.7.29	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: LYLn7NmYBANF7EPSFtLLf9%2BP1rGiGo5Yl8qogkqX7jw%3D Vulnerable Package
	Cx6b9a86a5-690c	Npm-flow-dev-tools-99.10.9	details Description: This package communicates with a suspicious service commonly used by threat actors "https://rt11\[\.\]ml" ID: xqAHORcQ%2F0rwjOt0w0T5K3LB0YqbSkj1kYgB2NslY44%3D Vulnerable Package
	Cx817babce-b050	Python-azure-powerbiembedded-6969.99.99	details Description: This package is using dependency confusion attack ### About Dependency Confusion is a technique discovered by [@alex.birsan](https://medium\.com/@a\.\.\. ID: j9jTTW6OgBkBMnokCDL5NesvVZhw%2BA48ec2tR3YIPVo%3D Vulnerable Package
	Cx8d45bdad-0542	Python-azure-powerbiembedded-6969.99.99	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: CM0HC%2BKLcxPrxHM%2BM0NWwH2NC0fcSlNufKwRN76KuiU%3D Vulnerable Package
	Cx8ef77360-5422	Npm-node-ipc-9.2.2	details Description: The Contributor of this package, npm user [riaevangelist](https://www\.npmjs\.com/~riaevangelist\), previously seen corrupting one of his popular pack... ID: tkfrE003iBLw2pRdYQErIvy%2BiPcSWoG%2FIV25YEF5kWI%3D Vulnerable Package
	Cx8f9b1745-1402	Npm-scs-0.0.1	details Description: This package downloads a harmful file. File hash: ```2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd``` ### About Using a dynamic... ID: PSFrvnpslSPXCEkV68XW6kv948sNB%2B3b%2Fk79kGd0b2U%3D Vulnerable Package
	Cx9c42b5fe-7ada	Npm-ua-parser-js-0.7.29	details Description: This package downloads a harmful file. File hash: ```7f986cd3c946f274cdec73f80b84855a77bc2a3c765d68897fbc42835629a5d5``` ### About Using a dynamic... ID: s%2FuWGQ5yjMGPE6SAQ%2B9%2B4egdBEV6q6iWfLTu%2BmaX8xg%3D Vulnerable Package
	Cx9c42f2c3-f75f	Npm-ua-parser-js-0.7.29	details Description: This package exfiltrates computer and operating system information ### About Data exfiltration may be done in numerous ways such as through HTTP r... ID: HIl7mM6rSlShmcCQD7m3HKeMIJKdaT2mhVx49c5C6es%3D Vulnerable Package
	Cxa2b7a014-3ccf	Npm-flow-dev-tools-99.10.9	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: E64QFS5ZJQlW2ufj8gBGJf1wUAlB9cd7vdV4BjWUjyg%3D Vulnerable Package
	Cxadcc9e15-660b	Npm-flow-dev-tools-99.10.9	details Description: This package is using dependency confusion attack ### About Dependency Confusion is a technique discovered by [@alex.birsan](https://medium\.com/@a\.\.\. ID: KpQCyLcc%2Fjqx7Xjz5CpT1vgdsrvWMNU%2FKbWotcxbnxQ%3D Vulnerable Package
	Cxae294227-318d	Npm-scs-0.0.1	details Description: This package downloads a harmful file. File hash: ```7f986cd3c946f274cdec73f80b84855a77bc2a3c765d68897fbc42835629a5d5``` ### About Using a dynamic... ID: 0l5YCg3%2B2KQX4tT5VlOeXaS1jlFhvvqX%2FvECvgSu38A%3D Vulnerable Package
	Cxb548375c-73ad	Npm-momnet-2.29.1	details Description: There is a weak link between the package's listed metadata and the referenced Git repository "https://github\.com/moment/moment" ### About Package ... ID: 3zMdwl0xyFYo8fugbbiqiGLt7L3fP%2FmU74qYkTfShlA%3D Vulnerable Package
	Cxbe748a42-4843	Npm-scs-0.0.1	details Description: This package exfiltrates stored credentials and sensitive information ### About Data exfiltration may be done in numerous ways such as through HTT... ID: AMTQHZMrhDV6luAemA0SUpiw%2FxN0y1hlWO9JsJUlKo4%3D Vulnerable Package
	Cxc63d701a-bc00	Python-not-particularly-2.5.0	details Description: This package communicates with a suspicious service commonly used by threat actors ID: 4WTzFqXP9Ry%2BLQ3vIrQx882cIg8WjXhSUKAhDmlpSYI%3D Vulnerable Package
	Cxd59efdf2-2f00	Npm-ua-parser-js-0.7.29	details Description: This package downloads a harmful file. File hash: ```2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd``` ### About Using a dynamic... ID: T0w80f6L%2Bl7iNhzU7Bqj2q%2FPZacSGJKY%2FYuHI2anBgY%3D Vulnerable Package
	Cxe06d244f-0c34	Python-azure-powerbiembedded-6969.99.99	details Description: This package communicates with a suspicious service commonly used by threat actors ID: 8BWos4%2Fy7yv7iBRc5%2FUHQaaHwiN8%2FJiv3HZ%2Btq4AlBs%3D Vulnerable Package
	Cxe3a87c30-9600	Npm-scs-0.0.1	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: agqdmVIy6erxNdDRzChqxKT26HtRyJxO9MZA24VL2dI%3D Vulnerable Package
	Cxec41bee3-fc56	Npm-ua-parser-js-0.7.29	details Description: This package downloads a harmful file. File hash: ```ea131cc5ccf6aa6544d6cb29cdb78130feed061d2097c6903215be1499464c2e``` ### About Using a dynamic... ID: KoJ9ItS1nxV2NPoEivvfRrBCkhXPsOCz37tNh48I8pU%3D Vulnerable Package
	Cxed2acd22-9b01	Npm-node-ipc-9.2.2	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: LYpOnFVXk2MFoRDxBtio83EkOxLuiu67YvC2uudi6RQ%3D Vulnerable Package
	Cxf1cad6aa-9705	Python-azure-powerbiembedded-6969.99.99	details Description: This package exfiltrates computer and operating system information ### About Data exfiltration may be done in numerous ways such as through HTTP r... ID: UQpuee%2BolHCUsrQI72IFDjRLKPcmb%2FgbFDMwJi7heOc%3D Vulnerable Package
	Cxf7dbc612-6689	Python-not-particularly-2.5.0	details Description: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc... ID: k6947ugl1J8fjZe0thoXqvGaaumL0iJdE5wVnUg6If8%3D Vulnerable Package
	Cxff5ec857-47e6	Python-azure-powerbiembedded-6969.99.99	details Description: This package is sending information via DNS Tunneling ID: OEkYZnahpP875%2BFTEF%2BfTyfOlYb1VvDoZkknHqlYZDA%3D Vulnerable Package
	CVE-2023-45142	Go-go.opentelemetry.io/contrib-v0.20.0	details Recommended version: v0.20.1-0.20240508140322-077e60990642 Description: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agen... Attack Vector: NETWORK Attack Complexity: LOW ID: 4ukGO7kSn%2F5TOz22vi9okWr6BpKWGHU%2FsWDgn2hWGzQ%3D Vulnerable Package
	CVE-2023-45142	Go-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp-v0.20.0	details Recommended version: v0.20.1-0.20210504034400-13d72c9c8dda Description: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agen... Attack Vector: NETWORK Attack Complexity: LOW ID: v0Ot%2FIKIKFh%2FN%2FvCZ6CIuCuSRwF%2FparDIHB6k6rQ72E%3D Vulnerable Package
	CVE-2023-45288	Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f	details Recommended version: v0.38.0 Description: As part of a class of vulnerabilities known as "HTTP/2 CONTINUATION Flood," an attacker can exploit the HTTP/2 protocol's CONTINUATION frame handli... Attack Vector: NETWORK Attack Complexity: LOW ID: 5MGFK2dbEBK0fqBAKijDaVWi%2BICbYY%2BJJq7xaj6JYSs%3D Vulnerable Package
	CVE-2024-24786	Go-google.golang.org/protobuf-v1.27.1	details Recommended version: v1.28.1-0.20220523165127-11ec34fe792a Description: In the package google.golang.org/protobuf versions prior to 1.33.0, the "protojson.Unmarshal" function can enter an infinite loop when unmarshaling... Attack Vector: NETWORK Attack Complexity: LOW ID: ppKJC1xw0Ofwz2c9GB5lwGDXanHjP6u5gWFZYBrYEXQ%3D Vulnerable Package
	CVE-2024-45338	Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f	details Recommended version: v0.38.0 Description: An attacker can craft an input to the "Parse" function, that will be processed non-linearly with respect to its length, resulting in extremely slow... Attack Vector: NETWORK Attack Complexity: LOW ID: m9aoJfIWx5xPaTWCHNNQI7rWX%2BFZwOzXC2UVqhFfcyg%3D Vulnerable Package
	CVE-2024-45339	Go-github.com/golang/glog-v1.0.0	details Recommended version: v1.2.4 Description: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and p... Attack Vector: LOCAL Attack Complexity: LOW ID: 3iJ4qMCF0Rx8J9OWwsuwgdDBB7Xh%2BAADyPJuNdnhurk%3D Vulnerable Package
	CVE-2024-45497	Go-github.com/openshift/api-v0.0.0-20220315184754-d7c10d0b647e	details Description: A flaw was identified in the OpenShift build process where the docker-build container is configured with a "hostPath" volume mount that maps the no... Attack Vector: NETWORK Attack Complexity: LOW ID: klYYherbtODZ8mu9Wxgl0yWPTNsvECeoO2e2BDLBDOM%3D Vulnerable Package
	CVE-2025-22868	Go-golang.org/x/oauth2-v0.0.0-20210819190943-2bc19b11175f	details Recommended version: v0.7.1-0.20230508170826-0690208dba57 Description: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. This issue affects golang.org/x/oaut... Attack Vector: NETWORK Attack Complexity: LOW ID: CKoIlafdlouYNqdHwC3bt87R0A7atZM1iCtNZiD4Jmc%3D Vulnerable Package
	CVE-2025-22869	Go-golang.org/x/crypto-v0.0.0-20211202192323-5770296d904e	details Recommended version: v0.34.1-0.20250224173925-7292932d45d5 Description: SSH servers which implement file transfer protocols are vulnerable to a Denial of Service (DoS) attack from clients which complete the key exchange... Attack Vector: NETWORK Attack Complexity: LOW ID: yCxUASB8D9QhduP5aIR%2B%2BScNPM34e%2FfEPoTEgq6ktnM%3D Vulnerable Package
	CVE-2025-30153	Go-github.com/getkin/kin-openapi-v0.76.0	details Recommended version: v0.103.1-0.20220922131344-62f85cfe75b7 Description: The kin-openapi is a Go project for handling OpenAPI files. In github.com/getkin/kin-openapi package versions prior to 0.131.0, when validating a r... Attack Vector: NETWORK Attack Complexity: LOW ID: 7ge1qV%2BB%2Ftb5Qa4yfXyHgF3X8aqZdkmYwypPgY0wqn8%3D Vulnerable Package
	CVE-2023-48795	Go-golang.org/x/crypto-v0.0.0-20211202192323-5770296d904e	details Recommended version: v0.34.1-0.20250224173925-7292932d45d5 Description: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integ... Attack Vector: NETWORK Attack Complexity: HIGH ID: 6%2FN%2B2em%2B5jzEKWA8LMh%2FBVMMOrxUYr%2BvI1xYKPHyNKs%3D Vulnerable Package
	CVE-2025-22872	Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f	details Recommended version: v0.38.0 Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (`/`) as self-closing. When directly usi... Attack Vector: NETWORK Attack Complexity: LOW ID: UjiSkXkKLGJbs%2FPk2tr%2FcBjSq%2BdTcIfE%2Foa%2Bmop0V34%3D Vulnerable Package
	Cx877cf216-175c	Npm-event-pubsub-5.0.3	details Description: The Contributor of this package, npm user [riaevangelist](https://www\.npmjs\.com/~riaevangelist\), previously seen corrupting one of his popular pack... ID: BrfrKl%2Bvo4ZoB%2F16uMoF5KMCg7ut1G3wQFNcvvPkSB4%3D Vulnerable Package
	Cx90bff1cb-7264	Npm-strong-type-0.1.6	details Description: The Contributor of this package, npm user [riaevangelist](https://www\.npmjs\.com/~riaevangelist\), previously seen corrupting one of his popular pack... ID: aHdpzc3TAP0%2FcxnP1DnUrZwzx9668dKsPUAm0%2B7E7po%3D Vulnerable Package
	Use_Of_Hardcoded_Password_in_Config	/.vscode/settings.json: 6	details The configuration file /.vscode/settings.json contains a hardcoded password in line 6 ID: dEJ2LsHzqS%2B7M261rKg0uXoruWM%3D Attack Vector
	CVE-2022-30636	Go-golang.org/x/crypto-v0.0.0-20211202192323-5770296d904e	details Recommended version: v0.34.1-0.20250224173925-7292932d45d5 Description: The package golang.org/x/crypto and github.com/golang/crypto versions v0.0.0-20160816185256-f0e11a3ccc7e through v0.0.0-20220518034528-6f7dac969898... Attack Vector: NETWORK Attack Complexity: HIGH ID: 2PqAArCC4Ba2whK7d0Vp4TDAcHCH0kniAlDYL3XNRbw%3D Vulnerable Package
	IAM Access Analyzer Not Enabled	/negative2.tf: 26	details IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions ID: egSXqEl3ULp%2FjDJRQoN%2FYupnB%2BM%3D
	IAM Access Analyzer Not Enabled	/positive1.tf: 1	details IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions ID: Fj2DlmNRQrfrBQuMa5eTMtfekwM%3D
	IAM Access Analyzer Not Enabled	/positive2.tf: 26	details IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions ID: xMqNr2JhpFq1IA3ME2%2BKCb2lwWk%3D

Fixed Issues (40)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2020-7212	Python-urllib3-1.25.7
	CVE-2021-33503	Python-urllib3-1.25.7
	CVE-2022-25927	Npm-ua-parser-js-0.7.29
	CVE-2022-3248	Go-github.com/openshift/api-v0.0.0-20220315184754-d7c10d0b647e
	CVE-2023-43804	Python-urllib3-1.25.7
	Cx0a21eeca-49b1	Npm-scs-0.0.1
	Cx0b915a4a-2d97	Npm-scs-0.0.1
	Cx0eb7d3da-c52e	Python-azure-powerbiembedded-6969.99.99
	Cx18e041aa-8a63	Npm-node-ipc-9.2.2
	Cx21f588f7-f9cb	Npm-ua-parser-js-0.7.29
	Cx4ca27ec0-0c96	Npm-scs-0.0.1
	Cx4d89cd75-1e27	Python-azure-powerbiembedded-6969.99.99
	Cx68e4da20-b53a	Npm-ua-parser-js-0.7.29
	Cx6bee2138-4df0	Npm-flow-dev-tools-99.10.9
	Cx6eb8ff4e-c9cf	Npm-flow-dev-tools-99.10.9
	Cx7401d0a9-2786	Npm-ua-parser-js-0.7.29
	Cx8079a3fb-ff1f	Npm-ua-parser-js-0.7.29
	Cx8147ddef-ae09	Python-azure-powerbiembedded-6969.99.99
	Cx86e7ca06-a018	Python-not-particularly-2.5.0
	Cx9f739bef-35bb	Npm-flow-dev-tools-99.10.9
	Cxa45b0853-bee2	Npm-momnet-2.29.1
	Cxae9d1b09-2adb	Npm-scs-0.0.1
	Cxb52dba53-66d2	Python-not-particularly-2.5.0
	Cxb667b900-bec1	Python-azure-powerbiembedded-6969.99.99
	Cxba94c01e-a95d	Npm-ua-parser-js-0.7.29
	Cxbec87a55-fe55	Npm-node-ipc-9.2.2
	Cxc73fdf59-ac18	Npm-ua-parser-js-0.7.29
	Cxccd8b30c-808c	Npm-scs-0.0.1
	Cxd55dbf56-4d06	Npm-scs-0.0.1
	Cxfd197ca1-b64b	Npm-momnet-2.29.1
	CVE-2020-26137	Python-urllib3-1.25.7
	CVE-2023-45803	Python-urllib3-1.25.7
	Cx3bb8deb1-b4c0	Npm-scs-0.0.1
	Cx3cf24ca3-dd23	Npm-ua-parser-js-0.7.29
	Cx65afcea4-5e85	Npm-event-pubsub-5.0.3
	Cx743605c8-a95e	Npm-momnet-2.29.1
	Cxa29f6cb5-3c84	Python-azure-powerbiembedded-6969.99.99
	Cxba768ce4-aa4e	Npm-node-ipc-9.2.2
	Cxc09edd5e-4a9e	Npm-strong-type-0.1.6
	Cxf7a33198-8ff8	Npm-node-ipc-9.2.2