From 0e10ef98502733533f401981a855d2647e11ca93 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 21 Sep 2024 23:31:12 +0000
Subject: [PATCH 1/2] build(deps): update numpy requirement from ~=1.26.4 to
 ~=2.1.1

Updates the requirements on [numpy](https://github.com/numpy/numpy) to permit the latest version.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.26.4...v2.1.1)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 54197ba..a055162 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-numpy~=1.26.4
+numpy~=2.1.1
 uvicorn~=0.30.6
 requests~=2.32.3
 pandas~=2.2.3

From a7fe82a62ec8f6d42c842d33c665f5de35a58fc8 Mon Sep 17 00:00:00 2001
From: leafspark <78000825+leafspark@users.noreply.github.com>
Date: Sat, 21 Sep 2024 16:35:20 -0700
Subject: [PATCH 2/2] Fix code scanning alert #1: Uncontrolled command line

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/graph.py | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/graph.py b/src/graph.py
index b8bedb8..f115e5b 100644
--- a/src/graph.py
+++ b/src/graph.py
@@ -250,6 +250,7 @@ def index():
         for name in os.listdir(data_dir)
         if name.endswith(".sqlite") and os.path.isfile(os.path.join(data_dir, name))
     ]
+    valid_model_names = set(model_names)
 
     if request.method == "POST":
         selected_model = request.form.get("model_select")
@@ -272,13 +273,19 @@ def index():
                 "An error occurred while creating the plot. Please try again later."
             )
 
-        command = [
-            "python",
-            "get_data.py",
-            "--hours",
-            "24",
-            f".\\data\\{selected_model}.sqlite",
-        ]
+        if selected_model in valid_model_names:
+            command = [
+                "python",
+                "get_data.py",
+                "--hours",
+                "24",
+                f".\\data\\{selected_model}.sqlite",
+            ]
+            result = subprocess.run(command, capture_output=True, text=True)
+        else:
+            logging.error(f"Invalid model selected: {selected_model}")
+            error_message = "Invalid model selected. Please choose a valid model."
+            result = None
 
         result = subprocess.run(command, capture_output=True, text=True)
     else: