Safety CI > hydrosquall/tiingo-python

master

1 day, 8 hours ago

7db49323

Merge pull request #970 from hydrosquall/pyup-update-sphinx-7.2.6-to-7.3.7 Update sphinx to 7.3.7

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

pyup-update-tox-4.14.1-to-4.14.2

1 day, 8 hours ago

0696af9c

Merge branch 'master' into pyup-update-tox-4.14.1-to-4.14.2

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

master

1 day, 8 hours ago

1dbfbde0

Merge pull request #968 from hydrosquall/pyup-update-black-24.2.0-to-24.4.0 Update black to 24.4.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

master

1 day, 8 hours ago

631b6bd9

Merge pull request #964 from hydrosquall/pyup-update-wheel-0.42.0-to-0.43.0 Update wheel to 0.43.0

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

master

1 day, 20 hours ago

96656889

Merge pull request #965 from hydrosquall/pyup-update-coverage-7.4.3-to-7.4.4 Update coverage to 7.4

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

pyup-update-sphinx-7.2.6-to-7.3.7

4 days ago

5e35d4b0

Update sphinx from 7.2.6 to 7.3.7

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

pyup-update-sphinx-7.2.6-to-7.3.6

5 days, 8 hours ago

f84e6e4a

Update sphinx from 7.2.6 to 7.3.6

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

pyup-update-sphinx-7.2.6-to-7.3.5

6 days, 5 hours ago

af02b5e4

Update sphinx from 7.2.6 to 7.3.5

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

pyup-update-black-24.2.0-to-24.4.0

1 week, 3 days ago

8dea19b6

Update black from 24.2.0 to 24.4.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

pyup-update-pandas-1.5.3-to-2.2.2

1 week, 5 days ago

1ca2a030

Update pandas from 1.5.3 to 2.2.2

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

pip

24.0

>=0

show

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

pyup-update-tox-4.14.1-to-4.14.2

1 month ago

5333322b

Update tox from 4.14.1 to 4.14.2

black 24.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
black	24.2.0	<24.3.0	show Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

Package

Installed

Affected

Info

black

24.2.0

<24.3.0

show

Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file.	
https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8

pyup-update-black-24.2.0-to-24.3.0

1 month, 1 week ago

3e46bcb4

Update black from 24.2.0 to 24.3.0

No dependencies with known security vulnerabilities.

pyup-update-coverage-7.4.3-to-7.4.4

1 month, 1 week ago

34c9dcfe

Update coverage from 7.4.3 to 7.4.4

No dependencies with known security vulnerabilities.

master

1 month, 1 week ago

02d871fb

Merge pull request #963 from hydrosquall/pyup-update-tox-4.14.0-to-4.14.1 Update tox to 4.14.1

No dependencies with known security vulnerabilities.

pyup-update-wheel-0.42.0-to-0.43.0

1 month, 1 week ago

ee248f9e

Update wheel from 0.42.0 to 0.43.0

No dependencies with known security vulnerabilities.