pyup-update-regex-2020.7.14-to-2022.6.2
3 years, 7 months ago
Update regex from 2020.7.14 to 2022.6.2
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typed-ast-1.4.1-to-1.5.4
3 years, 7 months ago
Update typed-ast from 1.4.1 to 1.5.4
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
master
3 years, 7 months ago
regenerate outputs of "idioms" and "simple"
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2020.7.14-to-2022.4.24
3 years, 8 months ago
Update regex from 2020.7.14 to 2022.4.24
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-6.1.1-to-7.1.2
3 years, 8 months ago
Update pytest from 6.1.1 to 7.1.2
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-3.7.4.3-to-4.2.0
3 years, 8 months ago
Update typing-extensions from 3.7.4.3 to 4.2.0
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typed-ast-1.4.1-to-1.5.3
3 years, 8 months ago
Update typed-ast from 1.4.1 to 1.5.3
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-6.1.1-to-7.1.1
3 years, 9 months ago
Update pytest from 6.1.1 to 7.1.1
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2020.7.14-to-2022.3.15
3 years, 10 months ago
Update regex from 2020.7.14 to 2022.3.15
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-6.1.1-to-7.1.0
3 years, 10 months ago
Update pytest from 6.1.1 to 7.1.0
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-regex-2020.7.14-to-2022.3.2
3 years, 10 months ago
Update regex from 2020.7.14 to 2022.3.2
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-3.7.4.3-to-4.1.1
3 years, 11 months ago
Update typing-extensions from 3.7.4.3 to 4.1.1
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-typing-extensions-3.7.4.3-to-4.1.0
3 years, 11 months ago
Update typing-extensions from 3.7.4.3 to 4.1.0
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-6.1.1-to-7.0.1
3 years, 11 months ago
Update pytest from 6.1.1 to 7.0.1
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
pyup-update-pytest-6.1.1-to-7.0.0
3 years, 11 months ago
Update pytest from 6.1.1 to 7.0.0
sqlparse 0.4.1 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| sqlparse | 0.4.1 | <0.5.4 |
show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. **Note:** This issue is due to an incomplete fix for CVE-2024-4340. |
| sqlparse | 0.4.1 | <0.5.0 |
show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process. |
| sqlparse | 0.4.1 | >=0.4.0,<0.4.2 |
show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb |
| sqlparse | 0.4.1 | >=0.1.15,<0.4.4 |
show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 |
Python 3 badge
URL
https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/laowantong/paroxython/)
Restructured Text
.. image:: https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg
:target: https://pyup.io/repos/github/laowantong/paroxython/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/laowantong/paroxython/"><img src="https://pyup.io/repos/github/laowantong/paroxython/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/laowantong/paroxython/
RDoc
{<img src="https://pyup.io/repos/github/laowantong/paroxython/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/laowantong/paroxython/]
pyup.io badge
URL
https://pyup.io/repos/github/laowantong/paroxython/shield.svg
Markdown
[](https://pyup.io/repos/github/laowantong/paroxython/)
Restructured Text
.. image:: https://pyup.io/repos/github/laowantong/paroxython/shield.svg
:target: https://pyup.io/repos/github/laowantong/paroxython/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/laowantong/paroxython/"><img src="https://pyup.io/repos/github/laowantong/paroxython/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/laowantong/paroxython/shield.svg(Updates)!:https://pyup.io/repos/github/laowantong/paroxython/
RDoc
{<img src="https://pyup.io/repos/github/laowantong/paroxython/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/laowantong/paroxython/]