Safety CI > mzollin/qr-pirate

pyup-update-urllib3-1.26.6-to-1.26.7

3 years, 6 months ago

79e4820b

Update urllib3 from 1.26.6 to 1.26.7

No dependencies with known security vulnerabilities.

master

3 years, 7 months ago

ee601caa

Merge pull request #170 from mzollin/pyup-update-beautifulsoup4-4.9.3-to-4.10.0 Update beautifulsou

No dependencies with known security vulnerabilities.

master

3 years, 7 months ago

f5a80b06

Merge pull request #169 from mzollin/dependabot/pip/pillow-8.3.2 Bump pillow from 8.3.1 to 8.3.2

No dependencies with known security vulnerabilities.

master

3 years, 7 months ago

9b32689b

Merge pull request #168 from mzollin/pyup-update-pillow-8.3.1-to-8.3.2 Update pillow to 8.3.2

No dependencies with known security vulnerabilities.

pyup-update-beautifulsoup4-4.9.3-to-4.10.0

3 years, 7 months ago

b711374f

Update beautifulsoup4 from 4.9.3 to 4.10.0

Pillow 8.3.1 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	8.3.1	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	8.3.1	<9.0.0	show Pillow 9.0.0 ensures JpegImagePlugin stops at the end of a truncated file to avoid Denial of Service attacks. https://github.com/python-pillow/Pillow/pull/5921 https://github.com/advisories/GHSA-4fx9-vc88-q2xc
Pillow	8.3.1	<9.0.0	show Pillow 9.0.0 excludes carriage return in PDF regex to help prevent ReDoS. https://github.com/python-pillow/Pillow/pull/5912 https://github.com/python-pillow/Pillow/commit/43b800d933c996226e4d7df00c33fcbe46d97363
Pillow	8.3.1	<9.0.1	show Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
Pillow	8.3.1	<9.2.0	show Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Pillow	8.3.1	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	8.3.1	<9.0.0	show Pillow 9.0.0 includes a fix for CVE-2022-22815: path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
Pillow	8.3.1	<9.0.1	show Pillow 9.0.1 includes a fix for CVE-2022-22817: PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A first patch was issued for version 9.0.0 but it did not prevent builtins available to lambda expressions. https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
Pillow	8.3.1	<9.0.0	show Pillow 9.0.0 includes a fix for CVE-2022-22816: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
Pillow	8.3.1	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	8.3.1	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	8.3.1	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244
Pillow	8.3.1	>=5.2.0,<8.3.2	show Pillow from 5.2.0 and before 8.3.2 is vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

dependabot/pip/pillow-8.3.2

3 years, 7 months ago

e2e44772

Bump pillow from 8.3.1 to 8.3.2 Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.3.1

No dependencies with known security vulnerabilities.

pyup-update-pillow-8.3.1-to-8.3.2

3 years, 7 months ago

d7e07900

Update pillow from 8.3.1 to 8.3.2

No dependencies with known security vulnerabilities.

master

3 years, 8 months ago

fc78a4f8

Merge pull request #167 from mzollin/pyup-update-icrawler-0.6.4-to-0.6.6 Update icrawler to 0.6.6

No dependencies with known security vulnerabilities.

pyup-update-icrawler-0.6.4-to-0.6.6

3 years, 8 months ago

94391517

Update icrawler from 0.6.4 to 0.6.6

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

aaba1a9b

Merge pull request #166 from mzollin/pyup-update-requests-2.25.1-to-2.26.0 Update requests to 2.26.

No dependencies with known security vulnerabilities.

pyup-update-requests-2.25.1-to-2.26.0

3 years, 9 months ago

0f5a0ce3

Update requests from 2.25.1 to 2.26.0

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

a9bfa2dc

Merge pull request #165 from mzollin/pyup-update-pillow-8.2.0-to-8.3.1 Update pillow to 8.3.1

No dependencies with known security vulnerabilities.

pyup-update-pillow-8.2.0-to-8.3.1

3 years, 9 months ago

1a979535

Update pillow from 8.2.0 to 8.3.1

No dependencies with known security vulnerabilities.

pyup-update-pillow-8.2.0-to-8.3.0

3 years, 9 months ago

ac51e02a

Update pillow from 8.2.0 to 8.3.0

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

a0c69d49

Merge pull request #163 from mzollin/pyup-update-urllib3-1.26.5-to-1.26.6 Update urllib3 to 1.26.6

No dependencies with known security vulnerabilities.