Safety CI > amor71/LiuAlgoTrader

master

3 years, 1 month ago

Merge branch 'master' of https://github.com/amor71/LiuAlgoTrader

streamlit 1.11.0 and streamlit 1.11.0 have known security vulnerabilities.

Package	Installed	Affected	Info
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.

master

3 years, 1 month ago

0b42a131

fixes

streamlit 1.11.0 and streamlit 1.11.0 have known security vulnerabilities.

Package	Installed	Affected	Info
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.

dependabot/pip/liualgotrader/requirements/streamlit-1.11.1

3 years, 1 month ago

b6d7c974

Bump streamlit from 1.11.0 to 1.11.1 in /liualgotrader/requirements Bumps [streamlit](https://githu

No dependencies with known security vulnerabilities.

master

3 years, 1 month ago

74fad212

fix

streamlit 1.11.0 and streamlit 1.11.0 have known security vulnerabilities.

Package	Installed	Affected	Info
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.

master

3 years, 1 month ago

330a1658

fix backtester end-date to match NYC timezone

streamlit 1.11.0 and streamlit 1.11.0 have known security vulnerabilities.

Package	Installed	Affected	Info
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.
streamlit	1.11.0	<1.37.0	show Affected versions of the Fastify package are vulnerable to Prototype Pollution due to improper handling of user-supplied object keys during schema validation. The `validation.compile` method does not adequately restrict the use of `__proto__`, `constructor`, or other special object properties, which allows attackers to inject malicious attributes into the prototype chain. An attacker can exploit this by sending crafted JSON payloads to affected endpoints, resulting in unexpected application behaviour such as denial of service, privilege escalation, or data manipulation.
streamlit	1.11.0	>=0.63.0,<=1.30.0	show In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world-readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
streamlit	1.11.0	>=0,<1.27.0	show Affected versions of Streamlit are susceptible to a vulnerability where improper output neutralization for logs occurs. This specific issue arises if the function `upload_file_request_handler.py` triggers a 400 error that includes the `session_id` value.

master

3 years, 1 month ago

8756d45e

back-testing fixes

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

704962ae

Update virtualenv from 20.15.1 to 20.16.2

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

65aa2914

Update urllib3 from 1.26.10 to 1.26.11

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

2ef26748

Update urllib3 from 1.26.10 to 1.26.11

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

58dbcefb

Update types-urllib3 from 1.26.16 to 1.26.19

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

902d0125

Update types-requests from 2.28.1 to 2.28.6

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

f1b304ae

Update types-pytz from 2022.1.1 to 2022.1.2

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

a7e64328

Update types-python-dateutil from 2.8.18 to 2.8.19

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

92f84260

Update sphinx-autodoc-typehints from 1.18.3 to 1.19.1

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2022-08-01

3 years, 1 month ago

e6e7edc8

Update streamlit from 1.11.0 to 1.11.1

No dependencies with known security vulnerabilities.