Safety CI > inhumantsar/python-ansible-vault-rekey

pyup-pin-ansible-9.0.1

1 year, 5 months ago

Pin ansible to latest version 9.0.1

click 7.1.2 and ansible 9.0.1 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-9.0.0

1 year, 5 months ago

b8129d2f

Pin ansible to latest version 9.0.0

click 7.1.2 and ansible 9.0.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-8.6.1

1 year, 6 months ago

65d1c8e3

Pin ansible to latest version 8.6.1

click 7.1.2 and ansible 8.6.1 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-8.6.0

1 year, 6 months ago

839f4fcf

Pin ansible to latest version 8.6.0

click 7.1.2 and ansible 8.6.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-8.5.0

1 year, 7 months ago

ed820451

Pin ansible to latest version 8.5.0

click 7.1.2 and ansible 8.5.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-8.4.0

1 year, 8 months ago

f7092d52

Pin ansible to latest version 8.4.0

click 7.1.2 and ansible 8.4.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-click-8.1.7

1 year, 9 months ago

014f6cdf

Pin click to latest version 8.1.7

ansible 2.9.27 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.
ansible	2.9.27	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
ansible	2.9.27	>=0,<2.10.0	show An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.

pyup-pin-ansible-8.3.0

1 year, 9 months ago

822b4284

Pin ansible to latest version 8.3.0

click 7.1.2 and ansible 8.3.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-click-8.1.6

1 year, 10 months ago

6bfb903b

Pin click to latest version 8.1.6

ansible 2.9.27 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.
ansible	2.9.27	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
ansible	2.9.27	>=0,<2.10.0	show An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.

pyup-pin-ansible-8.2.0

1 year, 10 months ago

d366ea4c

Pin ansible to latest version 8.2.0

click 7.1.2 and ansible 8.2.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-click-8.1.5

1 year, 10 months ago

8d581112

Pin click to latest version 8.1.5

ansible 2.9.27 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.
ansible	2.9.27	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
ansible	2.9.27	>=0,<2.10.0	show An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.

pyup-pin-click-8.1.4

1 year, 10 months ago

1f2f113c

Pin click to latest version 8.1.4

ansible 2.9.27 has known security vulnerabilities.

Package	Installed	Affected	Info
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.
ansible	2.9.27	>=2.5.0a1,<7.0.0	show A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
ansible	2.9.27	>=0,<2.10.0	show An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
ansible	2.9.27	<2.10.5	show A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.

pyup-pin-ansible-8.1.0

1 year, 10 months ago

ef548d35

Pin ansible to latest version 8.1.0

click 7.1.2 and ansible 8.1.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-8.0.0

1 year, 11 months ago

3a84f6d3

Pin ansible to latest version 8.0.0

click 7.1.2 and ansible 8.0.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752

pyup-pin-ansible-7.6.0

1 year, 11 months ago

0aeb9d74

Pin ansible to latest version 7.6.0

click 7.1.2 and ansible 7.6.0 have known security vulnerabilities.

Package	Installed	Affected	Info
click	7.1.2	<8.0.0	show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752