Safety CI > hydrosquall/tiingo-python

pyup-update-twine-5.0.0-to-5.1.0

1 year, 8 months ago

40bc2756

Update twine from 5.0.0 to 5.1.0

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-cryptography-42.0.5-to-42.0.7

1 year, 9 months ago

a6ee515b

Update cryptography from 42.0.5 to 42.0.7

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-cryptography-42.0.5-to-42.0.6

1 year, 9 months ago

2067c43a

Update cryptography from 42.0.5 to 42.0.6

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-coverage-7.4.4-to-7.5.1

1 year, 9 months ago

5b53bd2a

Update coverage from 7.4.4 to 7.5.1

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-pytest-8.1.1-to-8.2.0

1 year, 9 months ago

95c3218b

Update pytest from 8.1.1 to 8.2.0

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-pytest-8.1.1-to-8.1.2

1 year, 9 months ago

472e69a0

Update pytest from 8.1.1 to 8.1.2

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-tox-4.14.1-to-4.15.0

1 year, 9 months ago

674f75f3

Update tox from 4.14.1 to 4.15.0

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-black-24.4.0-to-24.4.2

1 year, 9 months ago

31b686cb

Update black from 24.4.0 to 24.4.2

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-black-24.4.0-to-24.4.1

1 year, 9 months ago

4c9b06f5

Update black from 24.4.0 to 24.4.1

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-coverage-7.4.4-to-7.5.0

1 year, 9 months ago

d507a55c

Update coverage from 7.4.4 to 7.5.0

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

master

1 year, 9 months ago

7db49323

Merge pull request #970 from hydrosquall/pyup-update-sphinx-7.2.6-to-7.3.7 Update sphinx to 7.3.7

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup-update-tox-4.14.1-to-4.14.2

1 year, 9 months ago

0696af9c

Merge branch 'master' into pyup-update-tox-4.14.1-to-4.14.2

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

master

1 year, 9 months ago

1dbfbde0

Merge pull request #968 from hydrosquall/pyup-update-black-24.2.0-to-24.4.0 Update black to 24.4.0

pip 24.0 has known security vulnerabilities.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

master

1 year, 9 months ago

631b6bd9

Merge pull request #964 from hydrosquall/pyup-update-wheel-0.42.0-to-0.43.0 Update wheel to 0.43.0

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<26.0	show Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.
black	24.2.0	<24.3.0	show Affected versions of Black are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.

master

1 year, 9 months ago

96656889

Merge pull request #965 from hydrosquall/pyup-update-coverage-7.4.3-to-7.4.4 Update coverage to 7.4

pip 24.0 and black 24.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<26.0	show Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.
black	24.2.0	<24.3.0	show Affected versions of Black are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.