Safety CI > dubirajara/slack-Bot

pyup-update-beautifulsoup4-4.8.2-to-4.9.0

5 years, 7 months ago

f47e4f85

Update beautifulsoup4 from 4.8.2 to 4.9.0

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-flask-1.1.1-to-1.1.2

5 years, 7 months ago

9e8b804c

Update flask from 1.1.1 to 1.1.2

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-bleach-3.1.3-to-3.1.4

5 years, 7 months ago

a61c12b6

Update bleach from 3.1.3 to 3.1.4