Safety CI > metakermit/generator-django-rest

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

Update traitlets from 4.3.2 to 4.3.3

whitenoise 4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

cdc44c10

Update sqlparse from 0.2.4 to 0.3.0

whitenoise 4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

1ca494a6

Update six from 1.11.0 to 1.12.0

whitenoise 4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

be599402

Update rx from 1.6.1 to 3.0.1

whitenoise 4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

14f9fae1

Update requests from 2.19.1 to 2.22.0

whitenoise 4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

129a1a34

Update redis from 2.10.6 to 3.3.11

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

61646f6c

Update pytz from 2018.5 to 2019.3

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

3e7d70cd

Update pygments from 2.2.0 to 2.4.2

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

01df213c

Update psycopg2-binary from 2.7.5 to 2.8.4

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

a027c924

Update prompt-toolkit from 2.0.5 to 2.0.10

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

2f2fc9c2

Update promise from 2.1 to 2.2.1

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

cfb2c43e

Update pillow from 5.3.0 to 6.2.1

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

e925917d

Update pexpect from 4.6.0 to 4.7.0

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

4a075064

Update parso from 0.3.1 to 0.5.1

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6

pyup-scheduled-update-2019-11-01

5 years, 7 months ago

63ce84eb

Update kombu from 4.2.1 to 4.6.5

requests 2.19.1 and whitenoise 4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.19.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.19.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.19.1	<=2.19.1	show Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
requests	2.19.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.
whitenoise	4.1	<4.1.3	show Whitenoise 4.1.3 fixes potential path traversal attack while running in autorefresh mode on Windows. https://github.com/evansd/whitenoise/commit/4d8a3ab1e97d7ddb18b3fa8b4909c92bad5529c6