Skip to content

chore(deps): update dependency pypdf to v6 #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
staging-whitesource-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

chore(deps): update dependency pypdf to v6

e15dbfb
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency pypdf to v6 #12

chore(deps): update dependency pypdf to v6
e15dbfb
Select commit
Loading
Failed to load commit list.
Staging - WhiteSource for GitHub.com / Mend Security Check failed Feb 17, 2026 in 8m 6s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,CocoaPods. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

gradle

/tmp/ws-scm/AutoGPT/classic/frontend/android/build.gradle
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed failed running mend init script (mendDeps):
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED

FAILURE: Build failed with an exception.

* Where:
Settings file '/tmp/ws-scm/AutoGPT/classic/frontend/android/settings.gradle' line: 6

* What went wrong:
A problem occurred evaluating settings 'andro...

pip

/tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/verticals/code/6_battleship/artifacts_in/product_requirements.txt
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20260217181118_JTIRVC/cmd_JDYHWX/20260217181130/WCBPTW_script.sh
    Error lines:
    [ERROR: Invalid requirement: 'Specifications for Battleship': Expected end or semicolon (after name and no valid version specifier), Specifications for Battleship, ^ (from line 1 of /tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/vertica...
  • pip install command failed, trying to install dependencies one by one
  • Failed to parse the following dependencies: *[Players take turns calling out a row and column, attempting to name a square containing one of the opponent's ships., The Grid: Each player's grid is a 10x10 grid, identified by rows (using numbers 1-10) and columns (using letters A-J)., Each ship occupies contiguous squares on the grid, arranged either horizontally or vertically., At the start of t...
  • Failed to execute command: /tmp/ws-ua_20260217181118_JTIRVC/cmd_JDYHWX/20260217181131/BFLVTC_script.sh
    Error lines:
    [ERROR: Could not find a version that satisfies the requirement Specifications (from versions: none), ERROR: No matching distribution found for Specifications]
    Output lines:
    [Looking in links: /tmp/ws-ua_20260217181118_JTIRVC/python_BODTCS/20260217181119/1]
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/AutoGPT/classic/original_autogpt
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20260217181118_JTIRVC/cmd_JDYHWX/20260217181134/LGDTQJ_script.sh
    Error lines:
    [ERROR: Package 'agpt' requires a different Python: 3.9.25 not in '<4.0,>=3.10']
    Output lines:
    [Looking in links: /tmp/ws-ua_20260217181118_JTIRVC/python_BODTCS/20260217181119, Processing /tmp/ws-scm/AutoGPT/classic/original_autogpt, Installing build dependencies: ...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/AutoGPT/classic/original_autogpt/autogpt/app
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20260217181118_JTIRVC/cmd_JDYHWX/20260217181138/TKHNXN_script.sh
    Error lines:
    [ error: subprocess-exited-with-error, � Getting requirements to build wheel did not run successfully., � exit code: 1, ��> [17 lines of output], Traceback (most recent call last):, File "/tmp/ws-ua_20260217181118_JTIRVC/python_BODTCS/2026021718...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

poetry

/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed poetry install --no-root failed with exit code 1 for manifest "/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml". output:
The currently activated Python version 3.9.25 is not supported by the project (^3.10).
Trying to find and use a compatible version.
Using python3.13 (3.13.11)
Creating virtualenv autogpt-forge-Eq_saOJk-py3.13 in /home/wss-scanner/.cache/pypoetry/virtualenvs
Installing depen...
Resolving the project ⚠Warn Failed to build the dependency tree, fallback was used in the scan, results may be incomplete Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml file

/tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml
Step Level Description Details
Resolving the project ⚠Warn Failed to build the dependency tree, fallback was used in the scan, results may be incomplete Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml file

11 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-0994

Dependency Hierarchy:

-> chromadb-0.4.22-py3-none-any.whl (Root Library)

   -> onnxruntime-1.17.1-cp310-cp310-macosx_11_0_universal2.whl

     -> ❌ protobuf-4.25.2-cp310-abi3-win32.whl (Vulnerable Library)

High 8.6 Transitive protobuf-4.25.2-cp310-abi3-win32.whl chromadb-0.4.22-py3-none-any.whl None
CVE-2025-69223

Dependency Hierarchy:

-> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)

High 7.5 Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl None
CVE-2025-67221

Dependency Hierarchy:

-> duckduckgo_search-6.1.7-py3-none-any.whl (Root Library)

   -> ❌ orjson-3.10.5-cp38-none-win32.whl (Vulnerable Library)

High 7.5 Transitive orjson-3.10.5-cp38-none-win32.whl duckduckgo_search-6.1.7-py3-none-any.whl None
CVE-2025-4565

Dependency Hierarchy:

-> chromadb-0.4.22-py3-none-any.whl (Root Library)

   -> onnxruntime-1.17.1-cp310-cp310-macosx_11_0_universal2.whl

     -> ❌ protobuf-4.25.2-cp310-abi3-win32.whl (Vulnerable Library)

High 7.5 Transitive protobuf-4.25.2-cp310-abi3-win32.whl chromadb-0.4.22-py3-none-any.whl Transitive 4.25.8 None
CVE-2024-53981

Dependency Hierarchy:

-> ❌ python_multipart-0.0.7.tar.gz (Vulnerable Library)

High 7.5 Direct python_multipart-0.0.7.tar.gz python_multipart-0.0.7.tar.gz python-multipart - 0.0.18,python-multipart - 0.0.18 None
CVE-2025-69224

Dependency Hierarchy:

-> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)

Medium 6.5 Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl None
CVE-2025-69226

Dependency Hierarchy:

-> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)

Medium 5.3 Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl None
CVE-2025-53643

Dependency Hierarchy:

-> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)

Medium 5.3 Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl 3.12.14 None
CVE-2024-52304

Path to dependency file: /autogpt_platform/backend/.ws-temp-DUHOHN-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info

Dependency Hierarchy:

-> autogpt-libs-0.2.0 (Root Library)

   -> supabase-2.7.4-py3-none-any.whl

     -> realtime-2.0.5-py3-none-any.whl

       -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl autogpt-libs-0.2.0 Transitive aiohttp - 3.10.11 None
CVE-2024-52304

Path to dependency file: /autogpt_platform/backend/.ws-temp-DUHOHN-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info

Dependency Hierarchy:

-> supabase-2.7.4-py3-none-any.whl (Root Library)

   -> realtime-2.0.5-py3-none-any.whl

     -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl supabase-2.7.4-py3-none-any.whl Transitive aiohttp - 3.10.11 None
CVE-2021-33430

Dependency Hierarchy:

-> ❌ numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl (Vulnerable Library)

Medium 5.3 Direct numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl None

Base branch total remaining vulnerabilities: 76
Base branch commit: b74c8d4152d600b0a70b423a8ee2d3fcd7737272


Total libraries scanned: 992

Scan token: 51000d00e2e04f7e9bb327e82fd26ace

View more details on Staging - WhiteSource for GitHub.com