Safety CI > AhmadZakaria/ScotlandPYard

pyup-scheduled-update-2019-01-01

7 years ago

ee010429

Update certifi from 2018.8.24 to 2018.11.29

No dependencies with known security vulnerabilities.

master

7 years ago

ae54cb48

pu-up options

No dependencies with known security vulnerabilities.

master

7 years ago

2ab2fee9

Update pytz from 2018.5 to 2018.7 (#336)

No dependencies with known security vulnerabilities.

master

7 years ago

3b4f1e0e

Update pytest from 3.8.2 to 4.0.2 (#364)

No dependencies with known security vulnerabilities.

pyup-update-pytz-2018.5-to-2018.7

7 years ago

051cf3d3

Merge branch 'master' into pyup-update-pytz-2018.5-to-2018.7

No dependencies with known security vulnerabilities.

master

7 years ago

3c26c369

Update pyparsing from 2.2.2 to 2.3.0 (#337)

No dependencies with known security vulnerabilities.

master

7 years ago

da1205f6

Update python-dateutil from 2.7.3 to 2.7.5 (#334)

No dependencies with known security vulnerabilities.

master

7 years ago

4671790f

Update flake8 from 3.5.0 to 3.6.0 (#328)

No dependencies with known security vulnerabilities.

master

7 years ago

082c7b8f

Update py from 1.6.0 to 1.7.0 (#320)

No dependencies with known security vulnerabilities.

master

7 years ago

445a64c0

Update virtualenv from 16.0.0 to 16.1.0 (#338)

No dependencies with known security vulnerabilities.

pyup-update-pytest-3.8.2-to-4.0.2

7 years ago

c7cc9074

Update pytest from 3.8.2 to 4.0.2

No dependencies with known security vulnerabilities.

master

7 years ago

3615559f

Update requests from 2.19.1 to 2.21.0 (#360)

No dependencies with known security vulnerabilities.

pyup-update-pytest-3.8.2-to-4.0.2

7 years ago

c1cca113

Update pytest from 3.8.2 to 4.0.2

requests 2.19.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

pyup-update-tox-3.0.0-to-3.6.0

7 years ago

ff6baf25

Update tox from 3.0.0 to 3.6.0

requests 2.19.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

pyup-update-setuptools-40.4.3-to-40.6.3

7 years, 1 month ago

982f7fdd

Update setuptools from 40.4.3 to 40.6.3

requests 2.19.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.