Safety CI > faustoroger/libpythonpro

pyup-scheduled-update-2024-06-10

1 year, 2 months ago

Update idna from 3.6 to 3.7

py 1.11.0, requests 2.31.0 and requests 2.31.0 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
requests	2.31.0	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.31.0	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.31.0	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.31.0	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

pyup-scheduled-update-2024-06-10

1 year, 2 months ago

00747907

Update requests from 2.31.0 to 2.32.3

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

6e1e0996

Update pytest-mock from 3.12.0 to 3.14.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

852a0a80

Update pyparsing from 3.1.1 to 3.1.2

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

7e01508b

Update packaging from 23.2 to 24.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

a2ae9fab

Update pyflakes from 3.1.0 to 3.2.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

ac102464

Update flake8 from 6.1.0 to 7.0.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

6c245360

Update pytest-cov from 4.1.0 to 5.0.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

b5c90c16

Update setuptools from 69.0.2 to 70.0.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

03377caa

Update safety from 2.3.5 to 3.2.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

7ddd497a

Update pytest from 7.4.3 to 8.2.1

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

c4bcc54b

Update pluggy from 1.3.0 to 1.5.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

62f1294a

Update coverage from 7.3.2 to 7.5.3

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

6647b8ba

Update attrs from 23.1.0 to 23.2.0

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

pyup-scheduled-update-2024-06-03

1 year, 2 months ago

dceaeb93

Update urllib3 from 2.1.0 to 2.2.1

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287