pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update idna from 2.9 to 2.10
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update doc8 from 0.8.0 to 0.8.1
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update distlib from 0.3.0 to 0.3.1
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update coverage from 5.0.4 to 5.2.1
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update click from 7.1.1 to 7.1.2
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update certifi from 2019.11.28 to 2020.6.20
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update bleach from 3.1.3 to 3.1.5
pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update atomicwrites from 1.3.0 to 1.4.0
bleach 3.1.3, pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.3 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.3 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update astroid from 2.3.3 to 2.4.2
bleach 3.1.3, pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.3 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.3 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-17
5 years, 8 months ago
Update appdirs from 1.4.3 to 1.4.4
bleach 3.1.3, pylint 2.4.4 and sphinx 2.4.4 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.3 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.3 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| pylint | 2.4.4 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.4.4 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.4.4 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.4.4 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| sphinx | 2.4.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pyup/scheduled-update-2020-08-03
5 years, 9 months ago
Update wcwidth from 0.1.8 to 0.2.5
No dependencies with known security vulnerabilities.
pyup/scheduled-update-2020-08-03
5 years, 9 months ago
Update virtualenv from 20.0.13 to 20.0.29
No dependencies with known security vulnerabilities.
pyup/scheduled-update-2020-08-03
5 years, 9 months ago
Update urllib3 from 1.25.8 to 1.25.10
No dependencies with known security vulnerabilities.
pyup/scheduled-update-2020-08-03
5 years, 9 months ago
Update typing-extensions from 3.7.4.1 to 3.7.4.2
No dependencies with known security vulnerabilities.
pyup/scheduled-update-2020-08-03
5 years, 9 months ago
Update twine from 3.1.1 to 3.2.0
No dependencies with known security vulnerabilities.
Python 3 badge
URL
https://pyup.io/repos/github/Hugovdberg/PIconnect/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/Hugovdberg/PIconnect/)
Restructured Text
.. image:: https://pyup.io/repos/github/Hugovdberg/PIconnect/python-3-shield.svg
:target: https://pyup.io/repos/github/Hugovdberg/PIconnect/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/Hugovdberg/PIconnect/"><img src="https://pyup.io/repos/github/Hugovdberg/PIconnect/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/Hugovdberg/PIconnect/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/Hugovdberg/PIconnect/
RDoc
{<img src="https://pyup.io/repos/github/Hugovdberg/PIconnect/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/Hugovdberg/PIconnect/]
pyup.io badge
URL
https://pyup.io/repos/github/Hugovdberg/PIconnect/shield.svg
Markdown
[](https://pyup.io/repos/github/Hugovdberg/PIconnect/)
Restructured Text
.. image:: https://pyup.io/repos/github/Hugovdberg/PIconnect/shield.svg
:target: https://pyup.io/repos/github/Hugovdberg/PIconnect/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/Hugovdberg/PIconnect/"><img src="https://pyup.io/repos/github/Hugovdberg/PIconnect/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/Hugovdberg/PIconnect/shield.svg(Updates)!:https://pyup.io/repos/github/Hugovdberg/PIconnect/
RDoc
{<img src="https://pyup.io/repos/github/Hugovdberg/PIconnect/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/Hugovdberg/PIconnect/]