pyup-update-coverage-5.1-to-7.5.1
1 year, 2 months ago
Update coverage from 5.1 to 7.5.1
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-pytest-5.4.3-to-8.2.0
1 year, 2 months ago
Update pytest from 5.4.3 to 8.2.0
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-pytest-5.4.3-to-8.1.2
1 year, 2 months ago
Update pytest from 5.4.3 to 8.1.2
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-coverage-5.1-to-7.5.0
1 year, 2 months ago
Update coverage from 5.1 to 7.5.0
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-sphinx-3.1.0-to-7.3.7
1 year, 2 months ago
Update sphinx from 3.1.0 to 7.3.7
requests 2.23.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-sphinx-3.1.0-to-7.3.6
1 year, 2 months ago
Update sphinx from 3.1.0 to 7.3.6
requests 2.23.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-sphinx-3.1.0-to-7.3.5
1 year, 2 months ago
Update sphinx from 3.1.0 to 7.3.5
requests 2.23.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-configparser-5.0.0-to-7.0.0
1 year, 2 months ago
Update configparser from 5.0.0 to 7.0.0
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-requests-mock-1.8.0-to-1.12.1
1 year, 3 months ago
Update requests-mock from 1.8.0 to 1.12.1
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-requests-mock-1.8.0-to-1.12.0
1 year, 3 months ago
Update requests-mock from 1.8.0 to 1.12.0
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-pyasn1-0.4.8-to-0.6.0
1 year, 3 months ago
Update pyasn1 from 0.4.8 to 0.6.0
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-pytest-cov-2.9.0-to-5.0.0
1 year, 3 months ago
Update pytest-cov from 2.9.0 to 5.0.0
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-coverage-5.1-to-7.4.4
1 year, 3 months ago
Update coverage from 5.1 to 7.4.4
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-pytest-5.4.3-to-8.1.1
1 year, 4 months ago
Update pytest from 5.4.3 to 8.1.1
Sphinx 3.1.0 and requests 2.23.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
pyup-update-pyopenssl-19.1.0-to-24.1.0
1 year, 4 months ago
Update pyopenssl from 19.1.0 to 24.1.0
Sphinx 3.1.0, requests 2.23.0 and pyopenssl 24.1.0 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 3.1.0 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| requests | 2.23.0 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
| requests | 2.23.0 | <2.32.2 |
show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation. |
| requests | 2.23.0 | >=2.3.0,<2.31.0 |
show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information. |
Python 3 badge
URL
https://pyup.io/repos/github/mytardis/mytardisclient/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/mytardis/mytardisclient/)
Restructured Text
.. image:: https://pyup.io/repos/github/mytardis/mytardisclient/python-3-shield.svg
:target: https://pyup.io/repos/github/mytardis/mytardisclient/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/mytardis/mytardisclient/"><img src="https://pyup.io/repos/github/mytardis/mytardisclient/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/mytardis/mytardisclient/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/mytardis/mytardisclient/
RDoc
{<img src="https://pyup.io/repos/github/mytardis/mytardisclient/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/mytardis/mytardisclient/]
pyup.io badge
URL
https://pyup.io/repos/github/mytardis/mytardisclient/shield.svg
Markdown
[](https://pyup.io/repos/github/mytardis/mytardisclient/)
Restructured Text
.. image:: https://pyup.io/repos/github/mytardis/mytardisclient/shield.svg
:target: https://pyup.io/repos/github/mytardis/mytardisclient/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/mytardis/mytardisclient/"><img src="https://pyup.io/repos/github/mytardis/mytardisclient/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/mytardis/mytardisclient/shield.svg(Updates)!:https://pyup.io/repos/github/mytardis/mytardisclient/
RDoc
{<img src="https://pyup.io/repos/github/mytardis/mytardisclient/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/mytardis/mytardisclient/]