Safety CI > irrdnet/irrd

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

ce4a8267

Update sphinxcontrib-spelling from 7.6.1 to 7.6.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

64daab20

Update setuptools from 65.4.1 to 65.5.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

0b74a795

Update pytest-env from 0.6.2 to 0.8.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

fcb4bc1d

Update psutil from 5.9.2 to 5.9.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

7df10c8d

Update uvicorn from 0.18.3 to 0.19.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

9d1bd91d

Update uvicorn from 0.18.3 to 0.19.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

825f0754

Update pytz from 2022.4 to 2022.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-24

2 years, 7 months ago

c664b028

Update python-daemon from 2.3.1 to 2.3.2

No dependencies with known security vulnerabilities.

clarify-nrtm-end-error

2 years, 7 months ago

830062e3

Update NRTM missing/invalid %END error message This was confusing users more than needed.

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-17

2 years, 7 months ago

cbe3aa70

Update setuptools from 65.4.1 to 65.5.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2022-10-17

2 years, 7 months ago

023105f8

Update sphinxcontrib-spelling from 7.6.1 to 7.6.2

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

49e5f252

Enforce fork start method for MacOS compatibility

ujson 4.3.0 and twisted 22.1.0 have known security vulnerabilities.

Package	Installed	Affected	Info
ujson	4.3.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	4.3.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	4.3.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff
twisted	22.1.0	<24.7.0rc1	show Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.
twisted	22.1.0	>=0.9.4,<22.10.0rc1	show Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection. https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
twisted	22.1.0	>21.7.0,<22.2.0	show Twisted 22.2.0 includes a fix for CVE-2022-21716: Prior to 22.2.0, Twisted SSH client and server implementation is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
twisted	22.1.0	<24.7.0rc1	show Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.
twisted	22.1.0	>=16.3.0,<23.10.0rc1	show Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. #NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0. https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
twisted	22.1.0	<22.4.0rc1	show Twisted 22.4.0rc1 includes a fix for CVE-2022-24801: Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the 'twisted.web.http' module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filtering malformed requests by other means, such as configurating an upstream proxy. https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq

pyup-scheduled-update-2022-03-28

3 years, 2 months ago

dee250db

Update mypy from 0.931 to 0.942

ujson 4.3.0 has known security vulnerabilities.

Package

Installed

Affected

Info

ujson

4.3.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

4.3.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

4.3.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

pyup-scheduled-update-2022-03-28

3 years, 2 months ago

b2ec69e4

Update sphinx from 4.3.2 to 4.5.0

ujson 4.3.0 has known security vulnerabilities.

Package

Installed

Affected

Info

ujson

4.3.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

4.3.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

4.3.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

pyup-scheduled-update-2022-03-28

3 years, 2 months ago

9b5881ca

Update twisted from 22.1.0 to 22.2.0

ujson 4.3.0 has known security vulnerabilities.

Package

Installed

Affected

Info

ujson

4.3.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

4.3.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

4.3.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff