Safety CI > hpfn-d/charcoallog

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

3078eef3

Update pyflakes from 2.1.1 to 2.5.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

921b6c1e

Update pycodestyle from 2.5.0 to 2.9.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

77a64c55

Update py from 1.8.0 to 1.11.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

76badd96

Update ptyprocess from 0.6.0 to 0.7.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

28578569

Update prompt-toolkit from 2.0.9 to 3.0.30

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

c0f2bf9e

Update pluggy from 0.12.0 to 1.0.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

e4331d35

Update pexpect from 4.7.0 to 4.8.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

0c71c470

Update parso from 0.5.1 to 0.8.3

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

7de1828f

Update packaging from 19.1 to 21.3

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

109cf832

Update mccabe from 0.6.1 to 0.7.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

9463f5c6

Update jedi from 0.15.1 to 0.18.1

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

4b1a4c9f

Update isort from 4.3.21 to 5.10.1

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

e8829267

Update ipython from 7.7.0 to 8.4.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

bd8e8e95

Update flake8 from 3.7.8 to 5.0.4

py 1.8.0 and ipython 7.7.0 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.8.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
py	1.8.0	<=1.9.0	show Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
ipython	7.7.0	>=8.0.0a0,<8.0.1 , >=7.17.0,<7.31.1 , >=6.0.0a0,<7.16.3 , <5.11	show Ipython versions 8.0.1, 7.31.1, 7.16.3 and 5.11 include a fix for CVE-2022-21699: Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
ipython	7.7.0	<8.10.0	show IPython 8.10.0 includes a fix for CVE-2023-24816: Versions prior to 8.10.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function 'IPython.utils.terminal.set_term_title' be called on Windows in a Python environment where ctypes is not available. The dependency on 'ctypes' in 'IPython.utils._process_win32' prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool 'set_term_title' could be called and hence introduce a vulnerability. If an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. As a workaround, users should ensure that any calls to the 'IPython.utils.terminal.set_term_title' function are done with trusted or filtered input. https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7

pyup-scheduled-update-2022-08-08

3 years, 9 months ago

cd734ef0

Update filelock from 3.0.12 to 3.7.1

py 1.8.0 and ipython 7.7.0 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.8.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
py	1.8.0	<=1.9.0	show Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
ipython	7.7.0	>=8.0.0a0,<8.0.1 , >=7.17.0,<7.31.1 , >=6.0.0a0,<7.16.3 , <5.11	show Ipython versions 8.0.1, 7.31.1, 7.16.3 and 5.11 include a fix for CVE-2022-21699: Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
ipython	7.7.0	<8.10.0	show IPython 8.10.0 includes a fix for CVE-2023-24816: Versions prior to 8.10.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function 'IPython.utils.terminal.set_term_title' be called on Windows in a Python environment where ctypes is not available. The dependency on 'ctypes' in 'IPython.utils._process_win32' prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool 'set_term_title' could be called and hence introduce a vulnerability. If an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. As a workaround, users should ensure that any calls to the 'IPython.utils.terminal.set_term_title' function are done with trusted or filtered input. https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7