Safety CI > matt2000/json_stream

master

1 week, 6 days ago

f1d1d4ef

Merge pull request #606 from matt2000/dependabot/pip/pip-26.0 Bump pip from 25.2 to 26.0

Server Error.

dependabot/pip/pip-26.0

1 week, 6 days ago

1897d6c6

Bump pip from 25.2 to 26.0 Bumps [pip](https://github.com/pypa/pip) from 25.2 to 26.0. - [Changelog

Server Error.

master

2 weeks, 3 days ago

83c24844

Merge pull request #605 from matt2000/dependabot/pip/wheel-0.46.2 Bump wheel from 0.32.3 to 0.46.2

Server Error.

dependabot/pip/wheel-0.46.2

3 weeks, 4 days ago

c17d1066

Bump wheel from 0.32.3 to 0.46.2 Bumps [wheel](https://github.com/pypa/wheel) from 0.32.3 to 0.46.2

Server Error.

master

1 month, 3 weeks ago

5c93d70a

Merge pull request #590 from matt2000/pyup-update-mypy-0.700-to-1.13.0 Update mypy to 1.13.0

Server Error.

dependabot/pip/pip-25.3

1 month, 3 weeks ago

aa6b4b07

Bump pip from 25.2 to 25.3 Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. - [Changelog

Server Error.

master

1 month, 3 weeks ago

65c8ef51

Merge pull request #603 from matt2000/dependabot/pip/pip-25.2 Bump pip from 23.3 to 25.2

Server Error.

dependabot/pip/pip-25.2

4 months, 3 weeks ago

db6ae85b

Bump pip from 23.3 to 25.2 Bumps [pip](https://github.com/pypa/pip) from 23.3 to 25.2. - [Changelog

Server Error.

pyup-update-coverage-4.5.2-to-7.6.9

1 year, 2 months ago

9dc6d374

Update coverage from 4.5.2 to 7.6.9

wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.32.3	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.32.3	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pytest-4.4.0-to-8.3.4

1 year, 2 months ago

b1ec147b

Update pytest from 4.4.0 to 8.3.4

wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.32.3	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.32.3	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-twine-1.12.1-to-6.0.1

1 year, 2 months ago

b0c66330

Update twine from 1.12.1 to 6.0.1

wheel 0.32.3, Sphinx 2.1.2 and pytest-runner 4.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.32.3	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.32.3	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-twine-1.12.1-to-6.0.0

1 year, 2 months ago

95d6bc57

Update twine from 1.12.1 to 6.0.0

wheel 0.32.3, Sphinx 2.1.2 and pytest-runner 4.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.32.3	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.32.3	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-coverage-4.5.2-to-7.6.8

1 year, 2 months ago

8131d5f2

Update coverage from 4.5.2 to 7.6.8

wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.32.3	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.32.3	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-wheel-0.32.3-to-0.45.1

1 year, 2 months ago

b685bff5

Update wheel from 0.32.3 to 0.45.1

Sphinx 2.1.2, twine 1.12.1 and pytest-runner 4.2 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-coverage-4.5.2-to-7.6.7

1 year, 3 months ago

f8ff78b0

Update coverage from 4.5.2 to 7.6.7

wheel 0.32.3, Sphinx 2.1.2 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.32.3	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.32.3	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	2.1.2	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.
pytest-runner	4.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

matt2000/json_stream_reader