dependabot/pip/wheel-0.46.2
1 day, 18 hours ago
![@dependabot[bot]](https://avatars3.githubusercontent.com/u/49699333?v=3&s=32){kind=small}
Bump wheel from 0.32.3 to 0.46.2
Bumps [wheel](https://github.com/pypa/wheel) from 0.32.3 to 0.46.2
Server Error.
master
3 weeks, 6 days ago
Merge pull request #590 from matt2000/pyup-update-mypy-0.700-to-1.13.0
Update mypy to 1.13.0
Server Error.
dependabot/pip/pip-25.3
3 weeks, 6 days ago
Bump pip from 25.2 to 25.3
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3.
- [Changelog
Server Error.
master
3 weeks, 6 days ago
Merge pull request #603 from matt2000/dependabot/pip/pip-25.2
Bump pip from 23.3 to 25.2
Server Error.
dependabot/pip/pip-25.2
4 months ago
Bump pip from 23.3 to 25.2
Bumps [pip](https://github.com/pypa/pip) from 23.3 to 25.2.
- [Changelog
Server Error.
pyup-update-coverage-4.5.2-to-7.6.9
1 year, 1 month ago
Update coverage from 4.5.2 to 7.6.9
wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-pytest-4.4.0-to-8.3.4
1 year, 1 month ago
Update pytest from 4.4.0 to 8.3.4
wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-twine-1.12.1-to-6.0.1
1 year, 1 month ago
Update twine from 1.12.1 to 6.0.1
wheel 0.32.3, Sphinx 2.1.2 and pytest-runner 4.2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-twine-1.12.1-to-6.0.0
1 year, 1 month ago
Update twine from 1.12.1 to 6.0.0
wheel 0.32.3, Sphinx 2.1.2 and pytest-runner 4.2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-coverage-4.5.2-to-7.6.8
1 year, 2 months ago
Update coverage from 4.5.2 to 7.6.8
wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-wheel-0.32.3-to-0.45.1
1 year, 2 months ago
Update wheel from 0.32.3 to 0.45.1
Sphinx 2.1.2, twine 1.12.1 and pytest-runner 4.2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-coverage-4.5.2-to-7.6.7
1 year, 2 months ago
Update coverage from 4.5.2 to 7.6.7
wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-coverage-4.5.2-to-7.6.5
1 year, 2 months ago
Update coverage from 4.5.2 to 7.6.5
wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-wheel-0.32.3-to-0.45.0
1 year, 2 months ago
Update wheel from 0.32.3 to 0.45.0
Sphinx 2.1.2, twine 1.12.1 and pytest-runner 4.2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-watchdog-0.9.0-to-6.0.0
1 year, 2 months ago
Update watchdog from 0.9.0 to 6.0.0
wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.32.3 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| wheel | 0.32.3 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 2.1.2 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| twine | 1.12.1 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 4.2 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
Python 3 badge
URL
https://pyup.io/repos/github/matt2000/json_stream_reader/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/matt2000/json_stream_reader/)
Restructured Text
.. image:: https://pyup.io/repos/github/matt2000/json_stream_reader/python-3-shield.svg
:target: https://pyup.io/repos/github/matt2000/json_stream_reader/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/matt2000/json_stream_reader/"><img src="https://pyup.io/repos/github/matt2000/json_stream_reader/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/matt2000/json_stream_reader/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/matt2000/json_stream_reader/
RDoc
{<img src="https://pyup.io/repos/github/matt2000/json_stream_reader/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/matt2000/json_stream_reader/]
pyup.io badge
URL
https://pyup.io/repos/github/matt2000/json_stream_reader/shield.svg
Markdown
[](https://pyup.io/repos/github/matt2000/json_stream_reader/)
Restructured Text
.. image:: https://pyup.io/repos/github/matt2000/json_stream_reader/shield.svg
:target: https://pyup.io/repos/github/matt2000/json_stream_reader/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/matt2000/json_stream_reader/"><img src="https://pyup.io/repos/github/matt2000/json_stream_reader/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/matt2000/json_stream_reader/shield.svg(Updates)!:https://pyup.io/repos/github/matt2000/json_stream_reader/
RDoc
{<img src="https://pyup.io/repos/github/matt2000/json_stream_reader/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/matt2000/json_stream_reader/]