Skip to content

[Snyk] Security upgrade lxml from 5.4.0 to 6.1.0#73

Merged
sunil-lakshman merged 2 commits intomasterfrom
snyk-fix-a476684a754ed836d406ea57c96198de
Apr 22, 2026
Merged

[Snyk] Security upgrade lxml from 5.4.0 to 6.1.0#73
sunil-lakshman merged 2 commits intomasterfrom
snyk-fix-a476684a754ed836d406ea57c96198de

Conversation

@sunil-lakshman
Copy link
Copy Markdown
Contributor

@sunil-lakshman sunil-lakshman commented Apr 22, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements.txt

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection

@snyk-bot
fix: requirements.txt to reduce vulnerabilities
5ffe323 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-LXML-16119103
@sunil-lakshman sunil-lakshman requested a review from a team as a code owner April 22, 2026 10:13
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026

We regret to inform you that you are currently not able to merge your changes into the master branch due to restrictions applied by our SRE team. To proceed with merging your changes, we kindly request that you create a pull request from the staging branch. Our team will then review the changes and work with you to ensure a successful merge into the master branch.

@snyk-bot
fix: requirements.txt to reduce vulnerabilities
3bfdda9 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-LXML-16119103
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026

We regret to inform you that you are currently not able to merge your changes into the master branch due to restrictions applied by our SRE team. To proceed with merging your changes, we kindly request that you create a pull request from the staging branch. Our team will then review the changes and work with you to ensure a successful merge into the master branch.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 4 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 2 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 0
  • Medium without fixes: 4
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

1 similar comment
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 4 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 2 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 0
  • Medium without fixes: 4
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

@sunil-lakshman sunil-lakshman merged commit afeef4b into master Apr 22, 2026
8 of 9 checks passed
@sunil-lakshman sunil-lakshman deleted the snyk-fix-a476684a754ed836d406ea57c96198de branch April 22, 2026 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shafeeqd959 shafeeqd959 shafeeqd959 approved these changes

@netrajpatel netrajpatel netrajpatel approved these changes

@cs-raj cs-raj cs-raj approved these changes

@harshitha-cstk harshitha-cstk harshitha-cstk approved these changes

@aman19K aman19K Awaiting requested review from aman19K

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@sunil-lakshman @shafeeqd959 @netrajpatel @cs-raj @harshitha-cstk @snyk-bot