Safety CI > chopdgd/django-phenotype-ontologies

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

Update coverage from 4.5.4 to 6.4.4

codecov 2.0.15 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

e4ca7910

Update sphinx-rtd-theme from 0.4.3 to 1.0.0

codecov 2.0.15 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

524e09de

Update sphinx from 2.2.1 to 5.2.1

codecov 2.0.15 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

abeede12

Update twine from 2.0.0 to 4.0.1

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

60efa6ff

Update wheel from 0.33.6 to 0.37.1

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

8d4d03f5

Update bumpversion from 0.5.3 to 0.6.0

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

2d06b428

Update django-model-utils from 3.2.0 to 4.2.0

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

6a5b672e

Update pronto from 0.12.2 to 2.5.0

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

eed83319

Update djangorestframework from 3.10.3 to 3.14.0

Sphinx 2.2.1, codecov 2.0.15 and django-filter 2.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973

pyup-scheduled-update-2022-09-26

3 years, 1 month ago

39f7c6d9

Update django-filter from 2.2.0 to 22.1

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

snyk-fix-5bca7adb1d91a67a8764090d895d74af

3 years, 1 month ago

7e63bb65

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

codecov 2.0.15, django-filter 2.2.0 and one more dependency have known security vulnerabilities.

Package	Installed	Affected	Info
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
djangorestframework	3.10.3	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
djangorestframework	3.10.3	<3.11.2	show A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Package

Installed

Affected

Info

django-filter

2.2.0

<2.4.0

show

Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.
https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973

djangorestframework

3.10.3

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

djangorestframework

3.10.3

<3.11.2

show

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

snyk-fix-0d695f5828e5b128bd67660eac8e6397

3 years, 1 month ago

fcc6b033

fix: requirements_test.txt to reduce vulnerabilities The following vulnerabilities are fixed by pi

Sphinx 2.2.1, django-filter 2.2.0 and one more dependency have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
djangorestframework	3.10.3	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
djangorestframework	3.10.3	<3.11.2	show A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

snyk-fix-df9d05ca4f5e893d866b0ba5107dadd7

3 years, 1 month ago

f21f35d1

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

codecov 2.0.15, django-filter 2.2.0 and one more dependency have known security vulnerabilities.

Package	Installed	Affected	Info
django-filter	2.2.0	<2.4.0	show Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
djangorestframework	3.10.3	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
djangorestframework	3.10.3	<3.11.2	show A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Package

Installed

Affected

Info

django-filter

2.2.0

<2.4.0

show

Django-filter 2.4.0 includes a fix for CVE-2020-15225: In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a 'MaxValueValidator' with a a default 'limit_value' of 1e50 to the form field used by 'NumberFilter' instances. In addition, 'NumberFilter' implements the new 'get_max_validator()' which should return a configured validator instance to customise the limit, or else 'None' to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.
https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973

djangorestframework

3.10.3

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

djangorestframework

3.10.3

<3.11.2

show

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

snyk-fix-1d6f0f9c90c7dd5f90b1c9ad47a39cf9

3 years, 1 month ago

bbffaec2

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning

Sphinx 2.2.1 and codecov 2.0.15 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.2.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
Sphinx	2.2.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.

pyup-scheduled-update-2022-09-19

3 years, 1 month ago

043781f7

Update django-test-plus from 1.3.1 to 2.2.0

No dependencies with known security vulnerabilities.