Skip to content

chore: 🐝 Update SDK - Generate [bump-api-version-to-v2025-11-15] 0.0.1 #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
github-actions wants to merge 1 commit into
base: bump-api-version-to-v2025-11-15
Choose a base branch
from

## Python SDK Changes:

3fac52d
Select commit
Loading
Failed to load commit list.
Open

chore: 🐝 Update SDK - Generate [bump-api-version-to-v2025-11-15] 0.0.1 #46

## Python SDK Changes:
3fac52d
Select commit
Loading
Failed to load commit list.
BoostSecurity.io AI / boostsecurity - boostsecurityio/semgrep succeeded May 21, 2026 in 5m 19s

2 Security Findings

There are 2 newly introduced findings in this commit.

  • To remediate findings follow the guidance in the annotations.
  • To learn more about any finding visit the linked documentation.
  • To mark any invalid finding as a False Positive, add a comment with noboost.

Details

Findings
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Original Rule ID: python_random_rule-random
Remediation: Consider using the secrets module instead when generating values forsecurity-sensitive operations. Recommended to use secrets.token_bytes() forraw bytes, secrets.token_hex() for hexadecimal strings, orsecrets.token_urlsafe() for URL-safe base64-encoded strings. For choosingrandom elements from a sequence, use secrets.choice(). The random moduleis appropriate only for non-security purposes like simulations, games, ortesting where predictability is acceptable.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

The application uses the random module to generate random values. The random
module implements a Mersenne Twister PRNG which is not cryptographically secure
and produces predictable values that can be exploited when used for tokens,
session...
 📘 Learn More

gusto-python-client/gusto_app_int_v_2025_11_15/src/gusto_app_integration_v_2025_11_15/utils/retries.py

Line 122 in 3fac52d

sleep = (initial_interval / 1000) * exponent**retries + random.uniform(0, 1)
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Original Rule ID: python_random_rule-random
Remediation: Consider using the secrets module instead when generating values forsecurity-sensitive operations. Recommended to use secrets.token_bytes() forraw bytes, secrets.token_hex() for hexadecimal strings, orsecrets.token_urlsafe() for URL-safe base64-encoded strings. For choosingrandom elements from a sequence, use secrets.choice(). The random moduleis appropriate only for non-security purposes like simulations, games, ortesting where predictability is acceptable.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

The application uses the random module to generate random values. The random
module implements a Mersenne Twister PRNG which is not cryptographically secure
and produces predictable values that can be exploited when used for tokens,
session...
 📘 Learn More

gusto-python-client/gusto_embedded_v_2025_11_15/src/gusto_embedded_v_2025_11_15/utils/retries.py

Line 122 in 3fac52d

sleep = (initial_interval / 1000) * exponent**retries + random.uniform(0, 1)

Annotations

Check failure on line 122 in gusto_app_int_v_2025_11_15/src/gusto_app_integration_v_2025_11_15/utils/retries.py

See this annotation in the file changed.

@boostsecurity-io-ai boostsecurity-io-ai / boostsecurity - boostsecurityio/semgrep

gusto_app_int_v_2025_11_15/src/gusto_app_integration_v_2025_11_15/utils/retries.py#L122 

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

Check failure on line 122 in gusto_embedded_v_2025_11_15/src/gusto_embedded_v_2025_11_15/utils/retries.py

See this annotation in the file changed.

@boostsecurity-io-ai boostsecurity-io-ai / boostsecurity - boostsecurityio/semgrep

gusto_embedded_v_2025_11_15/src/gusto_embedded_v_2025_11_15/utils/retries.py#L122 

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
View more details on BoostSecurity.io AI