Safety CI > athina-edu/athina

master

2 years, 8 months ago

4a0ae1a9

Update more-itertools from 8.13.0 to 8.14.0 (#384)

No dependencies with known security vulnerabilities.

master

2 years, 8 months ago

6b41783c

Update filelock from 3.7.1 to 3.8.0 (#385)

No dependencies with known security vulnerabilities.

pyup-update-filelock-3.7.1-to-3.8.0

2 years, 8 months ago

9774b3a1

Update filelock from 3.7.1 to 3.8.0

No dependencies with known security vulnerabilities.

pyup-update-more-itertools-8.13.0-to-8.14.0

2 years, 8 months ago

fdf403a1

Update more-itertools from 8.13.0 to 8.14.0

No dependencies with known security vulnerabilities.

pyup-update-pep517-0.12.0-to-0.13.0

2 years, 9 months ago

700246ee

Update pep517 from 0.12.0 to 0.13.0

No dependencies with known security vulnerabilities.

pyup-update-attrs-21.4.0-to-22.1.0

2 years, 9 months ago

57ce5011

Update attrs from 21.4.0 to 22.1.0

No dependencies with known security vulnerabilities.

master

2 years, 9 months ago

4e32bdc4

Update urllib3 from 1.26.10 to 1.26.11 (#383)

No dependencies with known security vulnerabilities.

pyup-update-urllib3-1.26.10-to-1.26.11

2 years, 9 months ago

d106f092

Update urllib3 from 1.26.10 to 1.26.11

No dependencies with known security vulnerabilities.

master

2 years, 9 months ago

5c6c9f06

Update distlib from 0.3.4 to 0.3.5 (#382)

No dependencies with known security vulnerabilities.

pyup-update-distlib-0.3.4-to-0.3.5

2 years, 9 months ago

d69aed07

Update distlib from 0.3.4 to 0.3.5

No dependencies with known security vulnerabilities.

dependabot/pip/numpy-1.22.0

2 years, 9 months ago

1e320295

Bump numpy from 1.21.4 to 1.22.0 Bumps [numpy](https://github.com/numpy/numpy) from 1.21.4 to 1.22.

numpy 1.22.0 has known security vulnerabilities.

Package	Installed	Affected	Info
numpy	1.22.0	<1.22.2	show Numpy 1.22.2 includes a fix for CVE-2021-41495: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place. NOTE2: The specs we include in this advisory differ from the publicly available on other sources. For example, the advisory posted by the NVD indicate that versions up to and including 1.19.0 are affected. However, research by Safety CLI Cybersecurity confirms that the vulnerability remained unaddressed until version 1.22.2.

Package

Installed

Affected

Info

numpy

1.22.0

<1.22.2

show

Numpy 1.22.2  includes a fix for CVE-2021-41495: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. 
NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place.
NOTE2: The specs we include in this advisory differ from the publicly available on other sources. For example, the advisory posted by the NVD indicate that versions up to and including 1.19.0 are affected. However, research by Safety CLI Cybersecurity confirms that the vulnerability remained unaddressed until version 1.22.2.

master

2 years, 9 months ago

4049b5a7

Update peewee from 3.15.0 to 3.15.1 (#381)

No dependencies with known security vulnerabilities.

pyup-update-peewee-3.15.0-to-3.15.1

2 years, 9 months ago

789793a5

Update peewee from 3.15.0 to 3.15.1

No dependencies with known security vulnerabilities.

master

2 years, 9 months ago

637124b8

Update requests from 2.28.0 to 2.28.1 (#377)

No dependencies with known security vulnerabilities.

master

2 years, 9 months ago

227f2dd4

Bump lxml from 4.6.5 to 4.9.1 (#378) Bumps [lxml](https://github.com/lxml/lxml) from 4.6.5 to 4.9.1

No dependencies with known security vulnerabilities.