Safety CI > laowantong/paroxython

pyup-update-typed-ast-1.4.1-to-1.5.0

3 years, 5 months ago

3850fdf2

Update typed-ast from 1.4.1 to 1.5.0

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.11.10

3 years, 5 months ago

ab514432

Update regex from 2020.7.14 to 2021.11.10

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.11.9

3 years, 5 months ago

2cb43f85

Update regex from 2020.7.14 to 2021.11.9

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.11.2

3 years, 5 months ago

ed0ad151

Update regex from 2020.7.14 to 2021.11.2

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.11.1

3 years, 5 months ago

52450a13

Update regex from 2020.7.14 to 2021.11.1

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.10.23

3 years, 6 months ago

9bda7b96

Update regex from 2020.7.14 to 2021.10.23

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.10.21

3 years, 6 months ago

2006189b

Update regex from 2020.7.14 to 2021.10.21

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.10.8

3 years, 6 months ago

8223c757

Update regex from 2020.7.14 to 2021.10.8

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.9.30

3 years, 6 months ago

483fb28d

Update regex from 2020.7.14 to 2021.9.30

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-regex-2020.7.14-to-2021.9.24

3 years, 6 months ago

b7e12859

Update regex from 2020.7.14 to 2021.9.24

sqlparse 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.1	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
sqlparse	0.4.1	>=0.4.0,<0.4.2	show Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb
sqlparse	0.4.1	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

Package

Installed

Affected

Info

sqlparse

0.4.1

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

sqlparse

0.4.1

>=0.4.0,<0.4.2

show

Sqlparse version 0.4.2 includes a fix for CVE-2021-32839: In sqlparse versions 0.4.0 and 0.4.1 there is a Regular Expression Denial of Service vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of "\r\n" in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround, avoid using the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool.
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb

sqlparse

0.4.1

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

pyup-update-sqlparse-0.4.1-to-0.4.2

3 years, 7 months ago

ff6a33e6

Update sqlparse from 0.4.1 to 0.4.2

No dependencies with known security vulnerabilities.

pyup-update-typing-extensions-3.7.4.3-to-3.10.0.2

3 years, 7 months ago

ce7701f8

Update typing-extensions from 3.7.4.3 to 3.10.0.2

No dependencies with known security vulnerabilities.

pyup-update-pytest-6.1.1-to-6.2.5

3 years, 7 months ago

33950fa3

Update pytest from 6.1.1 to 6.2.5

No dependencies with known security vulnerabilities.

pyup-update-typing-extensions-3.7.4.3-to-3.10.0.1

3 years, 7 months ago

9d109e87

Update typing-extensions from 3.7.4.3 to 3.10.0.1

No dependencies with known security vulnerabilities.

pyup-update-regex-2020.7.14-to-2021.8.28

3 years, 7 months ago

09edac89

Update regex from 2020.7.14 to 2021.8.28

No dependencies with known security vulnerabilities.