Safety CI > Harmon758/Harmonbot

dependabot/pip/numexpr-2.13.1

2 months, 3 weeks ago

Bump numexpr from 2.13.0 to 2.13.1 Bumps [numexpr](https://github.com/pydata/numexpr) from 2.13.0 t

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/google-auth-2.41.1

2 months, 3 weeks ago

fac43bfe

Bump google-auth from 2.41.0 to 2.41.1 Bumps [google-auth](https://github.com/googleapis/google-aut

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/github_actions/astral-sh/setup-uv-6.8.0

2 months, 3 weeks ago

7a075b60

Bump astral-sh/setup-uv from 6.7.0 to 6.8.0 Bumps [astral-sh/setup-uv](https://github.com/astral-sh

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/pydantic-74db892c5f

2 months, 3 weeks ago

2bccfdaa

Bump pydantic-core from 2.33.2 to 2.39.0 in the pydantic group Bumps the pydantic group with 1 upda

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

e0e6471e

Update smmap from 5.0.1 to 5.0.2

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

edc3d5f8

[Discord] Handle message edit race condition in Bot.on_message_edit Where before.edited_at is a tim

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/beautifulsoup4-4.14.2

2 months, 3 weeks ago

e8c022b0

Bump beautifulsoup4 from 4.13.5 to 4.14.2 Bumps [beautifulsoup4](https://www.crummy.com/software/Be

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

06ea278d

Replace lxml direct dependency with beautifulsoup4 lxml extra

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

7dd426c0

[Discord] Add noprogress yt-dlp download option

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

cfd00312

Update pandas from 2.3.2 to 2.3.3

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/pynacl-1.6.0

2 months, 3 weeks ago

ae9db82b

Bump pynacl from 1.5.0 to 1.6.0 Bumps [pynacl](https://github.com/pyca/pynacl) from 1.5.0 to 1.6.0.

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

e9071fa8

Update charset-normalizer from 3.3.2 to 3.4.3

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

dependabot/pip/clarifai-protocol-0.0.32

2 months, 3 weeks ago

58a18e31

Bump clarifai-protocol from 0.0.25 to 0.0.32 Bumps [clarifai-protocol](https://github.com/Clarifai/

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

9707a21a

Update preshed from 3.0.9 to 3.0.10

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

rewrite

2 months, 3 weeks ago

72e81b06

Update MarkupSafe from 3.0.2 to 3.0.3

pillow 10.1.0, gitpython 3.1.40 and markdownify 0.11.6 have known security vulnerabilities.

Package	Installed	Affected	Info
pillow	10.1.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	10.1.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	10.1.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
gitpython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
markdownify	0.11.6	<0.14.1	show Python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to