Safety CI > alphagov/notifications-api

multiple_rates_sql_magic_for_org_view

3 years, 9 months ago

16f30059

Add comments explaining why we only care about some resuts in tests

No dependencies with known security vulnerabilities.

multiple_rates_sql_magic_for_org_view

3 years, 9 months ago

afecadbb

Rename variable names for consistency between similar functions

No dependencies with known security vulnerabilities.

multiple_rates_sql_magic_for_org_view

3 years, 9 months ago

ca472027

Fix test following refactor of query_organisation_sms_usage_for_year

No dependencies with known security vulnerabilities.

multiple_rates_sql_magic_for_org_view

3 years, 9 months ago

26addf38

Ensure org billing tests have AnnualBilling for all services we add a row in AnnualBilling table wh

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

7e536d1c

Merge pull request #3542 from alphagov/optimise-historic-billing-query-182116071 Optimise billing q

No dependencies with known security vulnerabilities.

run-billing-for-longer-178125825

3 years, 9 months ago

458e9977

Recalculate billing rows for 10 days (prev. 4) This effectively reverts [^1], which was only a temp

No dependencies with known security vulnerabilities.

optimise-historic-billing-query-182116071

3 years, 9 months ago

4a520bce

Optimise billing query for notification history This follows the same pattern as for status aggrega

PyJWT 2.3.0 and pyjwt 2.3.0 have known security vulnerabilities.

Package	Installed	Affected	Info
PyJWT	2.3.0	>=1.5.0,<2.4.0	show PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
pyjwt	2.3.0	>=1.5.0,<2.4.0	show PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

Package

Installed

Affected

Info

PyJWT

2.3.0

>=1.5.0,<2.4.0

show

PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

pyjwt

2.3.0

>=1.5.0,<2.4.0

show

PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

v3-marshmallow

3 years, 9 months ago

6c6fa769

Keep the marshmallow v2 way of serializing DateTimes Marshmallow v3 has changed the way that DateTi

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

1d4512e3

Merge pull request #3540 from alphagov/pyup-scheduled-update-2022-05-11 Scheduled weekly dependency

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-05-11

3 years, 9 months ago

fdee7b5e

Update cachetools from 5.0.0 to 5.1.0

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

e4a45047

Merge pull request #3538 from alphagov/fix-out-of-date-status-182116071 Fix out-of-date rows in ft_

PyJWT 2.3.0 and pyjwt 2.3.0 have known security vulnerabilities.

Package	Installed	Affected	Info
PyJWT	2.3.0	>=1.5.0,<2.4.0	show PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
pyjwt	2.3.0	>=1.5.0,<2.4.0	show PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

Package

Installed

Affected

Info

PyJWT

2.3.0

>=1.5.0,<2.4.0

show

PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

pyjwt

2.3.0

>=1.5.0,<2.4.0

show

PyJWT 2.4.0 includes a fix for CVE-2022-29217: An attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify 'jwt.algorithms.get_default_algorithms()' to get support for all algorithms, or specify a single algorithm. The issue is not that big as 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

v3-marshmallow

3 years, 9 months ago

197058e7

Keep the marshmallow v2 way of serializing DateTimes Marshmallow v3 has changed the way that DateTi

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

ee80977f

Keep the marshmallow v2 way of serializing DateTimes Marshmallow v3 has changed the way that DateTi

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

56fb3c7d

that datetimme hacky bit

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

a7d4246c

that datetimme hacky bit

No dependencies with known security vulnerabilities.