Safety CI > irrdnet/irrd

main

1 year, 5 months ago

Update NRTM missing/invalid %END error message (#688) This was confusing users more than needed.

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

eventstream

1 year, 5 months ago

201ef50d

Fix issue where websockets streams would stream all data after timeout

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

da0a6b6f

Update wheel from 0.37.1 to 0.38.4

SQLAlchemy 1.3.24 has known security vulnerabilities.

Package	Installed	Affected	Info
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

e4865a93

Update setuptools from 65.4.1 to 65.5.1

wheel 0.37.1 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package

Installed

Affected

Info

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

SQLAlchemy

1.3.24

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

4fceb594

Update mypy from 0.982 to 0.990

wheel 0.37.1 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package

Installed

Affected

Info

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

SQLAlchemy

1.3.24

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

4e5029af

Update sphinxcontrib-spelling from 7.6.1 to 7.7.0

wheel 0.37.1 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package

Installed

Affected

Info

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

SQLAlchemy

1.3.24

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

9738d3a4

Update twisted from 22.8.0 to 22.10.0

wheel 0.37.1 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package

Installed

Affected

Info

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

SQLAlchemy

1.3.24

<2.0.0b1

show

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

8e59cb0c

Update pytest-env from 0.6.2 to 0.8.1

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

76d019a1

Update pytest from 7.1.3 to 7.2.0

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

12595009

Update psycopg2-binary from 2.9.4 to 2.9.5

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

b1659d36

Update psutil from 5.9.2 to 5.9.4

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

2ecd570f

Update uvicorn from 0.18.3 to 0.19.0

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

25274283

Update uvicorn from 0.18.3 to 0.19.0

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

52581136

Update pytz from 2022.4 to 2022.6

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563

pyup-scheduled-update-2022-11-14

1 year, 5 months ago

c317adec

Update python-daemon from 2.3.1 to 2.3.2

wheel 0.37.1, twisted 22.8.0 and SQLAlchemy 1.3.24 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
twisted	22.8.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.8.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
SQLAlchemy	1.3.24	<2.0.0b1	show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563