pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update coverage from 6.4.4 to 7.0.1
py 1.11.0 and sqlalchemy 1.4.45 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.45 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update certifi from 2022.6.15 to 2022.12.7
py 1.11.0 and sqlalchemy 1.4.45 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.45 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update yarl from 1.8.1 to 1.8.2
py 1.11.0, sqlalchemy 1.4.45 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.45 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update watchdog from 2.1.9 to 2.2.1
py 1.11.0, sqlalchemy 1.4.45 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.45 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update sqlalchemy from 1.4.40 to 1.4.45
py 1.11.0, sqlalchemy 1.4.45 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.45 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update pytz from 2022.2.1 to 2022.7
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update multidict from 6.0.2 to 6.0.4
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update mako from 1.2.2 to 1.2.4
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update lxml from 4.9.1 to 4.9.2
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update idna from 3.3 to 3.4
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update croniter from 1.3.5 to 1.3.8
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update chardet from 5.0.0 to 5.1.0
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update attrs from 22.1.0 to 22.2.0
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update alembic from 1.8.1 to 1.9.1
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-scheduled-update-2023-01-01
2 years, 10 months ago
Update aiohttp from 3.8.1 to 3.8.3
py 1.11.0, sqlalchemy 1.4.40 and certifi 2022.6.15 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| sqlalchemy | 1.4.40 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| certifi | 2022.6.15 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.6.15 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2022.6.15 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
Python 3 badge
URL
https://pyup.io/repos/github/meleca/mr-roboto/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/meleca/mr-roboto/)
Restructured Text
.. image:: https://pyup.io/repos/github/meleca/mr-roboto/python-3-shield.svg
:target: https://pyup.io/repos/github/meleca/mr-roboto/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/meleca/mr-roboto/"><img src="https://pyup.io/repos/github/meleca/mr-roboto/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/meleca/mr-roboto/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/meleca/mr-roboto/
RDoc
{<img src="https://pyup.io/repos/github/meleca/mr-roboto/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/meleca/mr-roboto/]
pyup.io badge
URL
https://pyup.io/repos/github/meleca/mr-roboto/shield.svg
Markdown
[](https://pyup.io/repos/github/meleca/mr-roboto/)
Restructured Text
.. image:: https://pyup.io/repos/github/meleca/mr-roboto/shield.svg
:target: https://pyup.io/repos/github/meleca/mr-roboto/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/meleca/mr-roboto/"><img src="https://pyup.io/repos/github/meleca/mr-roboto/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/meleca/mr-roboto/shield.svg(Updates)!:https://pyup.io/repos/github/meleca/mr-roboto/
RDoc
{<img src="https://pyup.io/repos/github/meleca/mr-roboto/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/meleca/mr-roboto/]