Safety CI > chopdgd/django-genome

pyup-scheduled-update-2024-09-09

6 months, 1 week ago

Update tqdm from 4.37.0 to 4.66.5

wheel 0.33.6 and Sphinx 2.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2024-09-09

6 months, 1 week ago

48be2ccc

Update mysqlclient from 1.4.4 to 2.2.4

tqdm 4.37.0, wheel 0.33.6 and Sphinx 2.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
tqdm	4.37.0	<4.66.3	show Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2024-09-09

6 months, 1 week ago

553ac350

Update django-model-utils from 3.2.0 to 5.0.0

tqdm 4.37.0, wheel 0.33.6 and Sphinx 2.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
tqdm	4.37.0	<4.66.3	show Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2024-09-09

6 months, 1 week ago

40c684f4

Update django-filter from 2.2.0 to 24.3

tqdm 4.37.0, wheel 0.33.6 and Sphinx 2.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
tqdm	4.37.0	<4.66.3	show Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2024-09-09

6 months, 1 week ago

1e1c3c46

Update djangorestframework from 3.10.3 to 3.15.2

tqdm 4.37.0, wheel 0.33.6 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
tqdm	4.37.0	<4.66.3	show Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973

snyk-fix-9e4bdf5f099d6600ed3e8e04944a3d35

6 months, 1 week ago

7a8af935

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning

tqdm 4.37.0, wheel 0.33.6 and 3 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
tqdm	4.37.0	<4.66.3	show Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
djangorestframework	3.10.3	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
djangorestframework	3.10.3	<3.11.2	show A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

snyk-fix-d82bbf40e0d793ca6a38573305202683

6 months, 1 week ago

a970c657

fix: requirements_test.txt to reduce vulnerabilities The following vulnerabilities are fixed by pi

tqdm 4.37.0, wheel 0.33.6 and 3 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
tqdm	4.37.0	<4.66.3	show Tqdm version 4.66.3 addresses CVE-2024-34062, a vulnerability where optional non-boolean CLI arguments like `--delim`, `--buf-size`, and `--manpath` were passed through Python's `eval`, allowing for arbitrary code execution. This security risk, only locally exploitable, has been mitigated in this release. Users are advised to upgrade to version 4.66.3 immediately as there are no workarounds for this issue.
wheel	0.33.6	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
djangorestframework	3.10.3	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
djangorestframework	3.10.3	<3.11.2	show A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

pyup-scheduled-update-2024-09-02

6 months, 2 weeks ago

56be0bcf

Update django-test-plus from 1.3.1 to 2.2.4