Skip to content

chore(deps): update dependency next to v14 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
staging-whitesource-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

chore(deps): update dependency next to v14

91c3efa
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency next to v14 #3

chore(deps): update dependency next to v14
91c3efa
Select commit
Loading
Failed to load commit list.
Staging - WhiteSource for GitHub.com / Mend Security Check failed Dec 12, 2025 in 8m 5s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,CocoaPods. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

gradle

/tmp/ws-scm/AutoGPT/classic/frontend/android/build.gradle
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed failed running mend init script (mendDeps):
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED

FAILURE: Build failed with an exception.

* Where:
Settings file '/tmp/ws-scm/AutoGPT/classic/frontend/android/settings.gradle' line: 6

* What went wrong:
A problem occurred evaluating settings 'andro...

pip

/tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/verticals/code/6_battleship/artifacts_in/product_requirements.txt
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20251212015907_BEHFGC/cmd_THFNNC/20251212020235/PGZZYZ_script.sh
    Error lines:
    [ERROR: Invalid requirement: 'Specifications for Battleship': Expected end or semicolon (after name and no valid version specifier), Specifications for Battleship, ^ (from line 1 of /tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/vertica...
  • pip install command failed, trying to install dependencies one by one
  • Failed to parse the following dependencies: *[Players take turns calling out a row and column, attempting to name a square containing one of the opponent's ships., The Grid: Each player's grid is a 10x10 grid, identified by rows (using numbers 1-10) and columns (using letters A-J)., Each ship occupies contiguous squares on the grid, arranged either horizontally or vertically., At the start of t...
  • Failed to execute command: /tmp/ws-ua_20251212015907_BEHFGC/cmd_THFNNC/20251212020236/FQTTBP_script.sh
    Error lines:
    [ERROR: Could not find a version that satisfies the requirement Specifications (from versions: none), ERROR: No matching distribution found for Specifications]
    Output lines:
    [Looking in links: /tmp/ws-ua_20251212015907_BEHFGC/python_SYJVLC/20251212015907/1]
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/AutoGPT/classic/original_autogpt
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20251212015907_BEHFGC/cmd_THFNNC/20251212020240/JQGNNR_script.sh
    Error lines:
    [ERROR: Package 'agpt' requires a different Python: 3.9.21 not in '<4.0,>=3.10']
    Output lines:
    [Looking in links: /tmp/ws-ua_20251212015907_BEHFGC/python_SYJVLC/20251212015907, Processing /tmp/ws-scm/AutoGPT/classic/original_autogpt, Installing build dependencies: ...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/AutoGPT/classic/original_autogpt/autogpt/app
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20251212015907_BEHFGC/cmd_THFNNC/20251212020245/CARYHJ_script.sh
    Error lines:
    [ error: subprocess-exited-with-error, � Getting requirements to build wheel did not run successfully., � exit code: 1, ��> [17 lines of output], Traceback (most recent call last):, File "/tmp/ws-ua_20251212015907_BEHFGC/python_SYJVLC/2025121202...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

poetry

/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml
Step Level Description Details
Resolving the project ⚠Warn Failed to build the dependency tree, fallback was used in the scan, results may be incomplete Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml file

/tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml
Step Level Description Details
Resolving the project ⚠Warn Failed to build the dependency tree, fallback was used in the scan, results may be incomplete Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml file

You have successfully remediated 3 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2024-52303

Path to dependency file: /autogpt_platform/backend/.ws-temp-GFVJFU-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info

Dependency Hierarchy:

-> autogpt-libs-0.2.0 (Root Library)

   -> supabase-2.7.4-py3-none-any.whl

     -> realtime-2.0.5-py3-none-any.whl

       -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl autogpt-libs-0.2.0 Transitive aiohttp - 3.10.11 None
CVE-2024-52303

Path to dependency file: /autogpt_platform/backend/.ws-temp-GFVJFU-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info

Dependency Hierarchy:

-> supabase-2.7.4-py3-none-any.whl (Root Library)

   -> realtime-2.0.5-py3-none-any.whl

     -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl supabase-2.7.4-py3-none-any.whl Transitive aiohttp - 3.10.11 None
CVE-2024-52304

Path to dependency file: /autogpt_platform/backend/.ws-temp-GFVJFU-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info

Dependency Hierarchy:

-> autogpt-libs-0.2.0 (Root Library)

   -> supabase-2.7.4-py3-none-any.whl

     -> realtime-2.0.5-py3-none-any.whl

       -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl autogpt-libs-0.2.0 Transitive aiohttp - 3.10.11 None
CVE-2024-52304

Path to dependency file: /autogpt_platform/backend/.ws-temp-GFVJFU-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info

Dependency Hierarchy:

-> supabase-2.7.4-py3-none-any.whl (Root Library)

   -> realtime-2.0.5-py3-none-any.whl

     -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl supabase-2.7.4-py3-none-any.whl Transitive aiohttp - 3.10.11 None
CVE-2021-33430

Path to dependency file: /docs/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251212015907_BEHFGC/python_SYJVLC/202512120202481/env/lib/python3.9/site-packages/numpy-2.0.2.dist-info

Dependency Hierarchy:

-> mkdocs_table_reader_plugin-3.1.0-py3-none-any.whl (Root Library)

   -> pandas-2.3.3-cp310-cp310-macosx_10_9_x86_64.whl

     -> ❌ numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl mkdocs_table_reader_plugin-3.1.0-py3-none-any.whl None
CVE-2021-33430

Path to dependency file: /classic/forge/.ws-temp-MNZLCI-requirements.txt

Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-forge-Eq_saOJk-py3.12/lib/python3.12/site-packages/numpy-1.26.3.dist-info,/home/wss-scanner/.cache/pypoetry/virtualenvs/agpt-cm9iHxbr-py3.12/lib/python3.12/site-packages/numpy-1.26.3.dist-info,/home/wss-scanner/.cache/pypoetry/virtualenvs/agbenchmark-gctv3_E3-py3.12/lib/python3.12/site-packages/numpy-1.26.3.dist-info

Dependency Hierarchy:

-> ❌ numpy-1.26.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Direct numpy-1.26.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl numpy-1.26.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2025-55173 next-13.5.7.tgz
CVE-2025-57822 next-13.5.7.tgz
CVE-2025-57752 next-13.5.7.tgz

Base branch total remaining vulnerabilities: 32
Base branch commit: b74c8d4152d600b0a70b423a8ee2d3fcd7737272


Total libraries scanned: 951

Scan token: 8398cd4966b441c2b33bcf7fe9d95d9e

View more details on Staging - WhiteSource for GitHub.com