🌿 Fern Regeneration -- November 21, 2025 #146
Conversation
![semgrep-code-merge-api[bot]](https://avatars.githubusercontent.com/u/63970678?s=60&v=4){kind=small}
| if module_name is None: | ||
| raise AttributeError(f"No {attr_name} found in _dynamic_imports for module name -> {__name__}") | ||
| try: | ||
| module = import_module(module_name, __package__) |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by non-literal-import.
You can view more details about this finding in the Semgrep AppSec Platform.
| trio = ["trio (>=0.26.1)"] | ||
|
|
||
| [[package]] | ||
| name = "certifi" |
There was a problem hiding this comment.
Legal Risk
certifi 2025.11.12 was released under the MPL-2.0 license, a license that
has been flagged by your organization for consideration.
Recommendation
While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.
| if module_name is None: | ||
| raise AttributeError(f"No {attr_name} found in _dynamic_imports for module name -> {__name__}") | ||
| try: | ||
| module = import_module(module_name, __package__) |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by non-literal-import.
You can view more details about this finding in the Semgrep AppSec Platform.
This PR regenerates code to match the latest API Definition.