Safety CI > meleca/mr-roboto

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

3f9e0fb4

Update urllib3 from 1.25.10 to 1.26.4

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

790d4789

Update traitlets from 5.0.0 to 5.0.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

346124a6

Update toml from 0.10.1 to 0.10.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

17932532

Update requests from 2.24.0 to 2.25.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

eefed82e

Update pytest-cov from 2.10.1 to 2.11.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

383f8545

Update pygments from 2.6.1 to 2.8.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

e8384611

Update pytest from 6.0.1 to 6.2.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

246d7f40

Update pyflakes from 2.2.0 to 2.3.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

61928c56

Update pycodestyle from 2.6.0 to 2.7.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

e56a19e4

Update py from 1.9.0 to 1.10.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

3a6f8646

Update ptyprocess from 0.6.0 to 0.7.0

py 1.9.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.9.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.9.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

c05bb931

Update prompt-toolkit from 3.0.7 to 3.0.18

py 1.9.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.9.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.9.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

67029b3e

Update pre-commit from 2.7.1 to 2.11.1

py 1.9.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.9.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.9.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

ee4cdbfc

Update parso from 0.8.0 to 0.8.2

py 1.9.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.9.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.9.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2021-04-01

4 years, 5 months ago

1cb0ab51

Update lxml from 4.5.2 to 4.6.3

py 1.9.0, pyyaml 5.3.1 and pyyaml 5.3.1 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.9.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
py	1.9.0	<=1.9.0	show Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
pyyaml	5.3.1	<5.4	show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466
pyyaml	5.3.1	<5.4	show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466