Safety CI > mzollin/qr-pirate

pyup-update-pillow-9.5.0-to-10.0.0

2 years, 7 months ago

e20eb65e

Update pillow from 9.5.0 to 10.0.0

No dependencies with known security vulnerabilities.

pyup-update-icrawler-0.6.6-to-0.6.7

2 years, 7 months ago

c1067f37

Update icrawler from 0.6.6 to 0.6.7

No dependencies with known security vulnerabilities.

master

2 years, 8 months ago

d4d7ea47

Merge pull request #230 from mzollin/pyup-update-urllib3-2.0.2-to-2.0.3 Update urllib3 to 2.0.3

No dependencies with known security vulnerabilities.

pyup-update-urllib3-2.0.2-to-2.0.3

2 years, 8 months ago

82093ba9

Update urllib3 from 2.0.2 to 2.0.3

No dependencies with known security vulnerabilities.

master

2 years, 9 months ago

d8146673

Merge pull request #228 from mzollin/pyup-update-requests-2.28.1-to-2.31.0 Update requests to 2.31.

No dependencies with known security vulnerabilities.

pyup-update-requests-2.28.1-to-2.31.0

2 years, 9 months ago

42fdc36c

Merge branch 'master' into pyup-update-requests-2.28.1-to-2.31.0

No dependencies with known security vulnerabilities.

dependabot/pip/requests-2.31.0

2 years, 9 months ago

1842e2e2

Bump requests from 2.28.1 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.28.1 t

No dependencies with known security vulnerabilities.

dependabot/pip/requests-2.31.0

2 years, 9 months ago

8e372b0a

Bump requests from 2.28.1 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.28.1 t

No dependencies with known security vulnerabilities.

master

2 years, 9 months ago

4628d559

Merge pull request #229 from mzollin/pyup-update-pillow-9.4.5-to-9.5.0 Update pillow to 9.5.0

requests 2.28.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.28.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.28.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.28.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Package

Installed

Affected

Info

requests

2.28.1

<2.32.2

show

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

requests

2.28.1

<2.32.4

show

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

requests

2.28.1

>=2.3.0,<2.31.0

show

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

master

2 years, 9 months ago

118373c9

Merge pull request #226 from mzollin/pyup-update-urllib3-1.26.13-to-2.0.2 Update urllib3 to 2.0.2

requests 2.28.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.28.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.28.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.28.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Package

Installed

Affected

Info

requests

2.28.1

<2.32.2

show

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

requests

2.28.1

<2.32.4

show

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

requests

2.28.1

>=2.3.0,<2.31.0

show

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

dependabot/pip/requests-2.31.0

2 years, 9 months ago

4524e401

Bump requests from 2.28.1 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.28.1 t

No dependencies with known security vulnerabilities.

pyup-update-urllib3-1.26.13-to-2.0.2

2 years, 9 months ago

de672555

Merge branch 'master' into pyup-update-urllib3-1.26.13-to-2.0.2

requests 2.28.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.28.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.28.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.28.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Package

Installed

Affected

Info

requests

2.28.1

<2.32.2

show

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

requests

2.28.1

<2.32.4

show

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

requests

2.28.1

>=2.3.0,<2.31.0

show

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

dependabot/pip/requests-2.31.0

2 years, 9 months ago

a87483ee

Bump requests from 2.28.1 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.28.1 t

No dependencies with known security vulnerabilities.

pyup-update-pillow-9.4.5-to-9.5.0

2 years, 9 months ago

c655fa1c

Update pillow from 9.4.5 to 9.5.0

requests 2.28.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.28.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.28.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.28.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Package

Installed

Affected

Info

requests

2.28.1

<2.32.2

show

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

requests

2.28.1

<2.32.4

show

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

requests

2.28.1

>=2.3.0,<2.31.0

show

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

master

2 years, 9 months ago

3a73e94f

Merge pull request #223 from mzollin/pyup-update-soupsieve-2.3.2.post1-to-2.4.1 Update soupsieve to

requests 2.28.1 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.28.1	<2.32.2	show Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.
requests	2.28.1	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.28.1	>=2.3.0,<2.31.0	show Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Package

Installed

Affected

Info

requests

2.28.1

<2.32.2

show

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

requests

2.28.1

<2.32.4

show

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

requests

2.28.1

>=2.3.0,<2.31.0

show

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.