Safety CI > leifwalsh/perfume

pyup-scheduled-update-2019-01-28

7 years ago

Update tox from 3.6.1 to 3.7.0

bokeh 1.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bokeh	1.0.3	<1.1.0	show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix.
bokeh	1.0.3	<3.8.2	show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted.
bokeh	1.0.3	<1.0.4	show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix.

pyup-scheduled-update-2019-01-28

7 years ago

86a9bcf4

Update pip from 18.1 to 19.0.1

bokeh 1.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bokeh	1.0.3	<1.1.0	show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix.
bokeh	1.0.3	<3.8.2	show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted.
bokeh	1.0.3	<1.0.4	show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix.

pyup-scheduled-update-2019-01-21

7 years, 1 month ago

cb1c94ca

Update numpy from 1.15.4 to 1.16.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2019-01-21

7 years, 1 month ago

3782117c

Update bokeh from 1.0.3 to 1.0.4

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2019-01-21

7 years, 1 month ago

e9409443

Update nbsphinx from 0.4.1 to 0.4.2

bokeh 1.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bokeh	1.0.3	<1.1.0	show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix.
bokeh	1.0.3	<3.8.2	show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted.
bokeh	1.0.3	<1.0.4	show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix.

pyup-scheduled-update-2019-01-21

7 years, 1 month ago

5d19a995

Update tox from 3.6.1 to 3.7.0

bokeh 1.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bokeh	1.0.3	<1.1.0	show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix.
bokeh	1.0.3	<3.8.2	show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted.
bokeh	1.0.3	<1.0.4	show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix.

pyup-scheduled-update-2019-01-14

7 years, 1 month ago

23954f78

Update numpy from 1.15.4 to 1.16.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2019-01-14

7 years, 1 month ago

47aad367

Update bokeh from 1.0.3 to 1.0.4

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2019-01-14

7 years, 1 month ago

e90cdbb5

Update tox from 3.6.1 to 3.7.0

bokeh 1.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bokeh	1.0.3	<1.1.0	show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix.
bokeh	1.0.3	<3.8.2	show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted.
bokeh	1.0.3	<1.0.4	show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.
bokeh	1.0.3	<2.4.2	show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.
bokeh	1.0.3	<1.2.0	show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix.

master

7 years, 1 month ago

0fc20fb6

Update bokeh from 1.0.2 to 1.0.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2019-01-07

7 years, 1 month ago

3bc0a093

Update bokeh from 1.0.2 to 1.0.3

No dependencies with known security vulnerabilities.

master

7 years, 1 month ago

172340d6

Update ipython from 7.1.1 to 7.2.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2018-12-31

7 years, 1 month ago

7c89f127

Update ipython from 7.1.1 to 7.2.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2018-12-31

7 years, 1 month ago

f552f486

Update bokeh from 1.0.1 to 1.0.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2018-12-31

7 years, 1 month ago

45567639

Update nbsphinx from 0.3.5 to 0.4.1

No dependencies with known security vulnerabilities.