in the file https://github.com/chaoss/grimoirelab-perceval/blob/master/perceval/utils.py should don't using xml.etree.ElementTree see: - https://stackoverflow.com/questions/47104413/why-is-xml-etree-elementtree-considered-insecure - https://docs.python.org/3/library/xml.html#xml-vulnerabilities you can get this vulnerabilities : - CVE-2022-25235 - CVE-2022-22822 - CVE-2022-22824 - CVE-2022-23852 - CVE-2022-25236 - CVE-2022-22823 - CVE-2022-25315 - CVE-2022-23990 - CVE-2022-23219 - CVE-2022-23218 - CVE-2019-25013 - CVE-2021-33574 - CVE-2013-7445 - CVE-2021-38300 - CVE-2021-3752 - CVE-2021-3520 - CVE-2021-3737 the correct way going is use the defusedxml Package
in the file https://github.com/chaoss/grimoirelab-perceval/blob/master/perceval/utils.py
should don't using xml.etree.ElementTree see:
you can get this vulnerabilities :
the correct way going is use the defusedxml Package