Safety CI > Quran-Tafseer/pytafseer

pyup-scheduled-update-2023-05-01

2 years, 4 months ago

Update attrs from 22.1.0 to 23.1.0

py 1.11.0, future 0.18.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
future	0.18.2	<=0.18.2	show Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215 https://github.com/python/cpython/pull/17157
certifi	2022.9.24	>=2015.04.28,<2023.07.22	show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
certifi	2022.9.24	>=2021.05.30,<2024.07.04	show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.
certifi	2022.9.24	<2022.12.07	show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
pytest-runner	6.0.0	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-05-01

2 years, 4 months ago

bbc5ecd1

Update argh from 0.26.2 to 0.28.1

py 1.11.0, future 0.18.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
future	0.18.2	<=0.18.2	show Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215 https://github.com/python/cpython/pull/17157
certifi	2022.9.24	>=2015.04.28,<2023.07.22	show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
certifi	2022.9.24	>=2021.05.30,<2024.07.04	show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.
certifi	2022.9.24	<2022.12.07	show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
pytest-runner	6.0.0	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-05-01

2 years, 4 months ago

8469ddd0

Update alabaster from 0.7.12 to 0.7.13

py 1.11.0, future 0.18.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
future	0.18.2	<=0.18.2	show Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215 https://github.com/python/cpython/pull/17157
certifi	2022.9.24	>=2015.04.28,<2023.07.22	show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
certifi	2022.9.24	>=2021.05.30,<2024.07.04	show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.
certifi	2022.9.24	<2022.12.07	show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
pytest-runner	6.0.0	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

5319d72f

Update wrapt from 1.14.1 to 1.15.0

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

e6ade763

Update watchdog from 2.1.9 to 3.0.0

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

dbf90f8e

Update virtualenv from 20.17.0 to 20.21.0

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

fe3cb27e

Update urllib3 from 1.26.13 to 1.26.15

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

7581970d

Update tqdm from 4.64.1 to 4.65.0

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

3cd383e5

Update tox from 3.27.1 to 4.4.8

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

3d658c87

Update sphinx from 5.3.0 to 6.1.3

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

c7a4faae

Update requests from 2.28.1 to 2.28.2

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

a4a6be05

Update pytz from 2022.6 to 2023.3

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

77d45563

Update pytest from 7.2.0 to 7.2.2

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

62cc5703

Update pygments from 2.13.0 to 2.14.0

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-scheduled-update-2023-04-01

2 years, 5 months ago

cc066a87

Update pkginfo from 1.9.2 to 1.9.6

py 1.11.0 and pytest-runner 6.0.0 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pytest-runner

6.0.0

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst