Safety CI > h0rn3t/fastapi-async-sqlalchemy

main

3 years ago

73bcba72

bump version

No dependencies with known security vulnerabilities.

main

3 years ago

6d2c099a

fix #11

No dependencies with known security vulnerabilities.

main

3 years ago

5545d764

isort

No dependencies with known security vulnerabilities.

main

3 years ago

364937f8

bump version

No dependencies with known security vulnerabilities.

main

3 years ago

03ff9e24

Merge pull request #10 from kieled/main SQLAlchemy 2.x update

No dependencies with known security vulnerabilities.

main

3 years, 1 month ago

8f499899

fix tests

No dependencies with known security vulnerabilities.

main

3 years, 1 month ago

f65bdfe2

fix tests

py 1.11.0 and fastapi 0.90.0 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
fastapi	0.90.0	<0.92.0	show Fastapi 0.92.0 updates its dependency 'Starlette' to v0.25.0 to include a security fix.
fastapi	0.90.0	<=0.109.0	show Fastapi 0.109.1 updates its minimum version of 'python-multipart' to >=0.0.7 to include a security fix.
fastapi	0.90.0	<0.109.1	show FastAPI 0.109.1 addresses a critical security issue by upgrading its dependency python-multipart to version >=0.0.7. The upgrade mitigates a Regular Expression Denial of Service (ReDoS) vulnerability, which occurs when parsing form data. https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
fastapi	0.90.0	<0.95.2	show Fastapi 0.95.2 updates its dependency 'Starlette' to versions '>=0.27.0' to include a security fix.

main

3 years, 1 month ago

86a4a6e8

fix tests

py 1.11.0 and fastapi 0.72.0 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
fastapi	0.72.0	<0.92.0	show Fastapi 0.92.0 updates its dependency 'Starlette' to v0.25.0 to include a security fix.
fastapi	0.72.0	<=0.109.0	show Fastapi 0.109.1 updates its minimum version of 'python-multipart' to >=0.0.7 to include a security fix.
fastapi	0.72.0	<0.109.1	show FastAPI 0.109.1 addresses a critical security issue by upgrading its dependency python-multipart to version >=0.0.7. The upgrade mitigates a Regular Expression Denial of Service (ReDoS) vulnerability, which occurs when parsing form data. https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
fastapi	0.72.0	<0.75.2	show Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.
fastapi	0.72.0	<0.95.2	show Fastapi 0.95.2 updates its dependency 'Starlette' to versions '>=0.27.0' to include a security fix.
fastapi	0.72.0	<0.75.2	show Fastapi 0.75.2 updates its dependency 'ujson' ranges to include a security fix.
fastapi	0.72.0	<0.75.2	show Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.

main

3 years, 1 month ago

3fb7958d

fix tests

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

main

3 years, 1 month ago

18ca58b1

some fixes, upgrade pre-commit plugins

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

main

3 years, 3 months ago

42be8bbf

security update

py 1.11.0 and SQLAlchemy 1.4.46 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

SQLAlchemy

1.4.46

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

main

3 years, 3 months ago

a9f9b7d3

security update

py 1.11.0 and SQLAlchemy 1.4.46 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

SQLAlchemy

1.4.46

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

main

3 years, 3 months ago

878eaa9e

certifi update

py 1.11.0 and SQLAlchemy 1.4.46 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

SQLAlchemy

1.4.46

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

main

3 years, 6 months ago

98e6e1d2

update

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

main

3 years, 6 months ago

103a2a23

security update

py 1.11.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287