Safety CI > Harmon758/Harmonbot

rewrite

2 months, 3 weeks ago

[Discord] Strip dd tags in markdown conversion for Tweepy documentation Given markdownify now conve

pillow 10.1.0 and gitpython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

rewrite

2 months, 3 weeks ago

57d22ffc

Update typing-inspection from 0.4.1 to 0.4.2

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

e9bf5042

Bump astral-sh/setup-uv from 6.7.0 to 6.8.0 Bumps [astral-sh/setup-uv](https://github.com/astral-sh

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

a4f1fa9f

Update cryptography from 46.0.1 to 46.0.2

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/typing-inspection-0.4.2

2 months, 3 weeks ago

56719471

Bump typing-inspection from 0.4.1 to 0.4.2 Bumps [typing-inspection](https://github.com/pydantic/ty

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/pydantic-74db892c5f

2 months, 3 weeks ago

bc556c00

Bump pydantic-core from 2.33.2 to 2.39.0 in the pydantic group Bumps the pydantic group with 1 upda

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/clarifai-protocol-0.0.32

2 months, 3 weeks ago

43517d29

Bump clarifai-protocol from 0.0.25 to 0.0.32 Bumps [clarifai-protocol](https://github.com/Clarifai/

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

d79fd4d9

Update clarifai-grpc from 11.8.1 to 11.8.6

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

cf4d6dcb

Update numexpr from 2.13.0 to 2.13.1

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

b926d334

Update google-auth from 2.41.0 to 2.41.1

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

8a2bf5d5

[Units] Add Minecraft (Fandom) wiki to OBSOLETE_WIKIS

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

fffca55e

[Units] Add Minecraft wiki to WIKIS

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

199e4129

[Discord] Handle and log Twitter server errors in Twitter task

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/cryptography-46.0.2

2 months, 3 weeks ago

732214c5

Bump cryptography from 46.0.1 to 46.0.2 Bumps [cryptography](https://github.com/pyca/cryptography)

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/clarifai-grpc-11.8.6

2 months, 3 weeks ago

c6bfe6d5

Bump clarifai-grpc from 11.8.1 to 11.8.6 Bumps [clarifai-grpc](https://github.com/Clarifai/clarifai

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to