chore(deps): update dependency fastapi to ^0.116.0 #4

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,CocoaPods. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

gradle

/tmp/ws-scm/AutoGPT/classic/frontend/android/build.gradle

Step	Level	Description	Details
Preparing the project for scan	⚠Warn	One or more of the installations failed	failed running mend init script (mendDeps): NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED FAILURE: Build failed with an exception. * Where: Settings file '/tmp/ws-scm/AutoGPT/classic/frontend/android/settings.gradle' line: 6 * What went wrong: A problem occurred evaluating settings 'andro...

pip

/tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/verticals/code/6_battleship/artifacts_in/product_requirements.txt

Step	Level	Description	Details
Resolving the project	⚠Warn	Some problems occurred while performing the resolution operation	Failed to execute command: /tmp/ws-ua_20260204123537_AXSMVZ/cmd_YLZLHX/20260204123558/RGNVKN_script.sh Error lines: [ERROR: Invalid requirement: 'Specifications for Battleship': Expected end or semicolon (after name and no valid version specifier), Specifications for Battleship, ^ (from line 1 of /tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/vertica... pip install command failed, trying to install dependencies one by one Failed to parse the following dependencies: [Players take turns calling out a row and column, attempting to name a square containing one of the opponent's ships., The Grid: Each player's grid is a 10x10 grid, identified by rows (using numbers 1-10) and columns (using letters A-J)., Each ship occupies contiguous squares on the grid, arranged either horizontally or vertically., At the start of t... Failed to execute command: /tmp/ws-ua_20260204123537_AXSMVZ/cmd_YLZLHX/20260204123600/JPFUYK_script.sh* Error lines: [ERROR: Could not find a version that satisfies the requirement Specifications (from versions: none), ERROR: No matching distribution found for Specifications] Output lines: [Looking in links: /tmp/ws-ua_20260204123537_AXSMVZ/python_HECVGP/20260204123539/1] Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/AutoGPT/classic/original_autogpt

Step	Level	Description	Details
Resolving the project	⚠Warn	Some problems occurred while performing the resolution operation	Failed to execute command: /tmp/ws-ua_20260204123537_AXSMVZ/cmd_YLZLHX/20260204123605/TAPCSH_script.sh Error lines: [ERROR: Package 'agpt' requires a different Python: 3.9.25 not in '<4.0,>=3.10'] Output lines: [Looking in links: /tmp/ws-ua_20260204123537_AXSMVZ/python_HECVGP/20260204123539, Processing /tmp/ws-scm/AutoGPT/classic/original_autogpt, Installing build dependencies: ... Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/AutoGPT/classic/original_autogpt/autogpt/app

Step	Level	Description	Details
Resolving the project	⚠Warn	Some problems occurred while performing the resolution operation	Failed to execute command: /tmp/ws-ua_20260204123537_AXSMVZ/cmd_YLZLHX/20260204123612/DVQMFL_script.sh Error lines: [ error: subprocess-exited-with-error, Ã� Getting requirements to build wheel did not run successfully., â�� exit code: 1, â�°â��> [17 lines of output], Traceback (most recent call last):, File "/tmp/ws-ua_20260204123537_AXSMVZ/python_HECVGP/2026020412... Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

poetry

/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml

Step	Level	Description	Details
Preparing the project for scan	⚠Warn	One or more of the installations failed	poetry install --no-root failed with exit code 1 for manifest "/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml". output: The currently activated Python version 3.9.25 is not supported by the project (^3.10). Trying to find and use a compatible version. Using python3.13 (3.13.11) Creating virtualenv autogpt-forge-Eq_saOJk-py3.13 in /home/wss-scanner/.cache/pypoetry/virtualenvs Installing depen...
Resolving the project	⚠Warn	Failed to build the dependency tree, fallback was used in the scan, results may be incomplete	Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml file

/tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml

Step	Level	Description	Details
Preparing the project for scan	⚠Warn	One or more of the installations failed	poetry install --no-root --without dev failed with exit code 1 for manifest "/tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml". output: The currently activated Python version 3.9.25 is not supported by the project (^3.10). Trying to find and use a compatible version. Using python3.13 (3.13.11) Creating virtualenv agpt-cm9iHxbr-py3.13 in /home/wss-scanner/.cache/pypoetry/virtualenvs ...
Resolving the project	⚠Warn	Failed to build the dependency tree, fallback was used in the scan, results may be incomplete	Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml file

You have successfully remediated 17 vulnerabilities, but introduced 21 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2026-0994 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> google_cloud_logging-3.11.2-py2.py3-none-any.whl -> google_api_core-2.20.0-py3-none-any.whl -> googleapis_common_protos-1.65.0-py2.py3-none-any.whl -> ❌ protobuf-5.28.2-cp310-abi3-win32.whl (Vulnerable Library)	High	8.6	`Transitive` protobuf-5.28.2-cp310-abi3-win32.whl	autogpt-libs-0.2.0		None
CVE-2026-0994 Dependency Hierarchy: -> google_cloud_logging-3.11.2-py2.py3-none-any.whl (Root Library) -> google_api_core-2.19.2-py3-none-any.whl -> googleapis_common_protos-1.65.0-py2.py3-none-any.whl -> ❌ protobuf-5.28.0-cp310-abi3-win32.whl (Vulnerable Library)	High	8.6	`Transitive` protobuf-5.28.0-cp310-abi3-win32.whl	google_cloud_logging-3.11.2-py2.py3-none-any.whl		None
CVE-2025-69223 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> supabase-2.7.4-py3-none-any.whl -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	High	7.5	`Transitive` aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl	autogpt-libs-0.2.0		None
CVE-2025-69223 Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	High	7.5	`Direct` aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl	aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl		None
CVE-2025-69223 Dependency Hierarchy: -> supabase-2.7.4-py3-none-any.whl (Root Library) -> realtime-2.0.2-py3-none-any.whl -> ❌ aiohttp-3.10.5-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	High	7.5	`Transitive` aiohttp-3.10.5-cp310-cp310-macosx_10_9_universal2.whl	supabase-2.7.4-py3-none-any.whl		None
CVE-2025-67221 Dependency Hierarchy: -> ❌ orjson-3.10.5-cp38-none-win32.whl (Vulnerable Library)	High	7.5	`Direct` orjson-3.10.5-cp38-none-win32.whl	orjson-3.10.5-cp38-none-win32.whl		None
CVE-2025-62727 Dependency Hierarchy: -> fastapi-0.116.2-py3-none-any.whl (Root Library) -> ❌ starlette-0.48.0-py3-none-any.whl (Vulnerable Library)	High	7.5	`Transitive` starlette-0.48.0-py3-none-any.whl	fastapi-0.116.2-py3-none-any.whl	`Transitive` starlette - 0.49.1,https://github.com/Kludex/starlette.git - 0.49.1	None
CVE-2025-62727 Dependency Hierarchy: -> fastapi-0.116.2-py3-none-any.whl (Root Library) -> ❌ starlette-0.47.0-py3-none-any.whl (Vulnerable Library)	High	7.5	`Transitive` starlette-0.47.0-py3-none-any.whl	fastapi-0.116.2-py3-none-any.whl	`Transitive` starlette - 0.49.1,https://github.com/Kludex/starlette.git - 0.49.1	None
CVE-2025-4565 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> google_cloud_logging-3.11.2-py2.py3-none-any.whl -> google_api_core-2.20.0-py3-none-any.whl -> googleapis_common_protos-1.65.0-py2.py3-none-any.whl -> ❌ protobuf-5.28.2-cp310-abi3-win32.whl (Vulnerable Library)	High	7.5	`Transitive` protobuf-5.28.2-cp310-abi3-win32.whl	autogpt-libs-0.2.0	`Transitive` 5.29.5	None
CVE-2025-4565 Dependency Hierarchy: -> google_cloud_logging-3.11.2-py2.py3-none-any.whl (Root Library) -> google_api_core-2.19.2-py3-none-any.whl -> googleapis_common_protos-1.65.0-py2.py3-none-any.whl -> ❌ protobuf-5.28.0-cp310-abi3-win32.whl (Vulnerable Library)	High	7.5	`Transitive` protobuf-5.28.0-cp310-abi3-win32.whl	google_cloud_logging-3.11.2-py2.py3-none-any.whl	`Transitive` 5.29.5	None
CVE-2024-52303 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> supabase-2.7.4-py3-none-any.whl -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	High	7.5	`Transitive` aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl	autogpt-libs-0.2.0	`Transitive` aiohttp - 3.10.11	None
CVE-2025-69224 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> supabase-2.7.4-py3-none-any.whl -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	6.5	`Transitive` aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl	autogpt-libs-0.2.0		None
CVE-2025-69224 Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	6.5	`Direct` aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl	aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl		None
CVE-2025-69224 Dependency Hierarchy: -> supabase-2.7.4-py3-none-any.whl (Root Library) -> realtime-2.0.2-py3-none-any.whl -> ❌ aiohttp-3.10.5-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	6.5	`Transitive` aiohttp-3.10.5-cp310-cp310-macosx_10_9_universal2.whl	supabase-2.7.4-py3-none-any.whl		None
CVE-2025-69226 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> supabase-2.7.4-py3-none-any.whl -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	5.3	`Transitive` aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl	autogpt-libs-0.2.0		None
CVE-2025-69226 Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	5.3	`Direct` aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl	aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl		None
CVE-2025-69226 Dependency Hierarchy: -> supabase-2.7.4-py3-none-any.whl (Root Library) -> realtime-2.0.2-py3-none-any.whl -> ❌ aiohttp-3.10.5-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	5.3	`Transitive` aiohttp-3.10.5-cp310-cp310-macosx_10_9_universal2.whl	supabase-2.7.4-py3-none-any.whl		None
CVE-2025-54121 Dependency Hierarchy: -> fastapi-0.116.2-py3-none-any.whl (Root Library) -> ❌ starlette-0.47.0-py3-none-any.whl (Vulnerable Library)	Medium	5.3	`Transitive` starlette-0.47.0-py3-none-any.whl	fastapi-0.116.2-py3-none-any.whl	`Transitive` 0.47.2	None
CVE-2024-52304 Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> supabase-2.7.4-py3-none-any.whl -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library)	Medium	5.3	`Transitive` aiohttp-3.10.8-cp310-cp310-macosx_10_9_universal2.whl	autogpt-libs-0.2.0	`Transitive` aiohttp - 3.10.11	None
CVE-2021-33430 Path to dependency file: /classic/benchmark/.ws-temp-LPEUAJ-requirements.txt Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/agbenchmark-gctv3_E3-py3.13/lib/python3.13/site-packages/numpy-1.26.3.dist-info Dependency Hierarchy: -> matplotlib-3.8.2.tar.gz (Root Library) -> contourpy-1.2.0-cp310-cp310-macosx_10_9_x86_64.whl -> ❌ numpy-1.26.3.tar.gz (Vulnerable Library)	Medium	5.3	`Transitive` numpy-1.26.3.tar.gz	matplotlib-3.8.2.tar.gz		None
CVE-2021-33430 Dependency Hierarchy: -> ❌ numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl (Vulnerable Library)	Medium	5.3	`Direct` numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl	numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl		None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2025-69224	aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-69226	aiohttp-3.10.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-4565	protobuf-5.28.2-cp38-abi3-manylinux2014_x86_64.whl
CVE-2025-69223	aiohttp-3.10.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-69226	aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-69224	aiohttp-3.10.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-0994	protobuf-5.28.0-cp38-abi3-manylinux2014_x86_64.whl
CVE-2025-69223	aiohttp-3.9.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2021-33430	numpy-1.26.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-67221	orjson-3.10.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2024-52304	aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-69226	aiohttp-3.9.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2024-52303	aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-4565	protobuf-5.28.0-cp38-abi3-manylinux2014_x86_64.whl
CVE-2025-69224	aiohttp-3.9.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-0994	protobuf-5.28.2-cp38-abi3-manylinux2014_x86_64.whl
CVE-2025-69223	aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Base branch total remaining vulnerabilities: 61
Base branch commit: b74c8d4152d600b0a70b423a8ee2d3fcd7737272

Total libraries scanned: 955

Scan token: 348b83752e6b408daba693aee12fb94e

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency fastapi to ^0.116.0 #4

Uh oh!

Uh oh!

chore(deps): update dependency fastapi to ^0.116.0 #4

Uh oh!

Security Report

gradle

/tmp/ws-scm/AutoGPT/classic/frontend/android/build.gradle

pip

/tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/verticals/code/6_battleship/artifacts_in/product_requirements.txt

/tmp/ws-scm/AutoGPT/classic/original_autogpt

/tmp/ws-scm/AutoGPT/classic/original_autogpt/autogpt/app

poetry

/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml

/tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml

Re-running checks...

chore(deps): update dependency fastapi to ^0.116.0 #4

Are you sure you want to change the base?

Uh oh!