Safety CI > alphagov/notifications-api

pyup-scheduled-update-2022-05-11

3 years, 9 months ago

c6021687

Update flask from 2.1.1 to 2.1.2

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

17828e00

Keep marshmallow datetime format the same while upgrading Marshmallow 3 has made a breaking change

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

1193bf12

Keep marshmallow datetime format the same while upgrading Marshmallow 3 has made a breaking change

No dependencies with known security vulnerabilities.

fix-out-of-date-status-182116071

3 years, 9 months ago

ed379a37

Fix out-of-date rows in ft_notification_status This can happen in the following scenario (primarily

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

177b8608

Merge pull request #3539 from alphagov/adjust-resting-rates Adjust resting priorities for SMS provi

No dependencies with known security vulnerabilities.

remove-redundant-usage-fields-181935935

3 years, 9 months ago

1d157836

Remove redundant fields from service usage APIs These are no longer used since [^1] and [^2]. [^1]

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

ce1cea90

Merge pull request #3535 from alphagov/notify-db-fixture-cleanup Notify db fixture cleanup

No dependencies with known security vulnerabilities.

adjust-resting-rates

3 years, 9 months ago

f000e5a5

Adjust resting priorities for SMS providers

pypdf2 1.26.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pypdf2	1.26.0	<=1.27.8	show Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
pypdf2	1.26.0	<=1.27.4	show PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream. https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
pypdf2	1.26.0	<2.10.6	show Pypdf2 2.10.6 fixes a potential DoS vulnerability. https://github.com/py-pdf/pypdf/pull/1331

Package

Installed

Affected

Info

pypdf2

1.26.0

<=1.27.8

show

Pypdf2 1.27.9 includes a fix for CVE-2023-36810: An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw

pypdf2

1.26.0

<=1.27.4

show

PyPDF2 1.27.5 includes a fix for CVE-2022-24859: In versions prior to 1.27.5 an attacker can craft a PDF which leads to an infinite loop if PyPDF2 code attempts to get the content stream. The reason is that the last while-loop in 'ContentStream._readInlineImage' only terminates when it finds the 'EI' token, but never actually checks if the stream has already ended. Users unable to upgrade should validate PDFs prior to iterating over their content stream.
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79

pypdf2

1.26.0

<2.10.6

show

Pypdf2 2.10.6 fixes a potential DoS vulnerability.
https://github.com/py-pdf/pypdf/pull/1331

fix-out-of-date-status-182116071

3 years, 9 months ago

6a739538

Fix out-of-date rows in ft_notification_status This can happen in the following scenario (primarily

No dependencies with known security vulnerabilities.

fix-out-of-date-status-182116071

3 years, 9 months ago

0faf4766

Fix out-of-date rows in ft_notification_status This can happen in the following scenario (primarily

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

4286b2c5

Add new schema, `TemplateSchemaNested` When we nest the `TemplateSchema` as a field on the `Notific

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

0b72de5a

Make pre/post processors return modified data https://marshmallow.readthedocs.io/en/stable/upgradin

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

f87ebb09

Merge pull request #3537 from alphagov/existing-marshmallow-changes Fix existing marshmallow schema

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

c2eb9282

Make pre/post processors return modified data https://marshmallow.readthedocs.io/en/stable/upgradin

No dependencies with known security vulnerabilities.

v3-marshmallow

3 years, 9 months ago

9248b849

Remove `strict = True` from Marshmallow schemas Since Marshmallow 3, schemas are now strict by defa

No dependencies with known security vulnerabilities.