Safety CI > crim-ca/weaver

fix-geotiff-zarr-pywps

3 years, 1 month ago

f6120e94

fix zarr requirement under geotiff required by pywps (relates to https://github.com/KipCrossing/geot

No dependencies with known security vulnerabilities.

master

3 years, 1 month ago

6d9be1b7

Merge pull request #533 from crim-ca/fix-numpy

No dependencies with known security vulnerabilities.

fix-numpy

3 years, 1 month ago

2f33018e

fix numpy version ranges

No dependencies with known security vulnerabilities.

fix-numpy

3 years, 1 month ago

c9062f34

fix numpy vulnerabilities for supported python versions - https://app.snyk.io/org/fmigneault/projec

No dependencies with known security vulnerabilities.

add-weaver-cwl-schemas

3 years, 1 month ago

279417f5

[wip] multi-var schema-node validation (conflict mapping validated, but preemptive raising if not ye

No dependencies with known security vulnerabilities.

add-weaver-cwl-schemas

3 years, 1 month ago

ab5216e6

Merge branch 'master' into add-weaver-cwl-schemas

No dependencies with known security vulnerabilities.

docker-quoting-estimator

3 years, 1 month ago

501cae7d

[wip] currency converters

No dependencies with known security vulnerabilities.

master

3 years, 1 month ago

0c74ee56

Bump version: 4.28.0 → 4.29.0

No dependencies with known security vulnerabilities.

docker-quoting-estimator

3 years, 1 month ago

14124e35

[wip] resolve file/dir metadata for quotation estimation

json2xml 3.18.0 and setuptools 57.5.0 have known security vulnerabilities.

Package	Installed	Affected	Info
json2xml	3.18.0	<3.20.0	show Json2xml 3.20.0 uses SystemRandom as a secure way for generating Random Integers. https://github.com/vinitkumar/json2xml/commit/8a685197b2e36319f1703e0e9cc16f05e389dce7
setuptools	57.5.0	<70.0.0	show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.
setuptools	57.5.0	<65.5.1	show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
setuptools	57.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

master

3 years, 1 month ago

38e364ec

Merge pull request #532 from crim-ca/dependabot/pip/owslib-0.28.1 Bump owslib from 0.27.2 to 0.28.1

No dependencies with known security vulnerabilities.

dependabot/pip/owslib-0.28.1

3 years, 1 month ago

ef86d039

Update CHANGES.rst

No dependencies with known security vulnerabilities.

dependabot/pip/owslib-0.28.1

3 years, 1 month ago

9d865eeb

Merge branch 'master' into dependabot/pip/owslib-0.28.1

No dependencies with known security vulnerabilities.

master

3 years, 1 month ago

4ab477cb

Merge pull request #530 from crim-ca/fix_ogc_convert_input_values_schema Fix `convert_input_values_

No dependencies with known security vulnerabilities.

dependabot/pip/owslib-0.28.1

3 years, 1 month ago

30163fd9

Bump owslib from 0.27.2 to 0.28.1 Bumps [owslib](https://github.com/geopython/OWSLib) from 0.27.2 t

No dependencies with known security vulnerabilities.

docker-quoting-estimator

3 years, 1 month ago

d9e4345e

[wip] obtain quotation inputs values for estimator config creation

json2xml 3.18.0 and setuptools 57.5.0 have known security vulnerabilities.

Package	Installed	Affected	Info
json2xml	3.18.0	<3.20.0	show Json2xml 3.20.0 uses SystemRandom as a secure way for generating Random Integers. https://github.com/vinitkumar/json2xml/commit/8a685197b2e36319f1703e0e9cc16f05e389dce7
setuptools	57.5.0	<70.0.0	show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.
setuptools	57.5.0	<65.5.1	show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
setuptools	57.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.