Safety CI > mzollin/qr-pirate

dependabot/pip/urllib3-2.0.7

1 year, 5 months ago

2bf01456

Bump urllib3 from 2.0.6 to 2.0.7 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to

No dependencies with known security vulnerabilities.

master

1 year, 5 months ago

9ea30c3b

Merge pull request #243 from mzollin/pyup-update-pillow-10.0.1-to-10.1.0 Update pillow to 10.1.0

No dependencies with known security vulnerabilities.

pyup-update-pillow-10.0.1-to-10.1.0

1 year, 6 months ago

eb9bef44

Update pillow from 10.0.1 to 10.1.0

No dependencies with known security vulnerabilities.

master

1 year, 6 months ago

67995a66

Merge pull request #242 from mzollin/dependabot/pip/urllib3-2.0.6 Bump urllib3 from 2.0.3 to 2.0.6

No dependencies with known security vulnerabilities.

master

1 year, 6 months ago

c41098e8

Merge pull request #241 from mzollin/pyup-update-urllib3-2.0.3-to-2.0.6 Update urllib3 to 2.0.6

No dependencies with known security vulnerabilities.

pyup-update-urllib3-2.0.3-to-2.0.6

1 year, 6 months ago

8b90ee29

Merge branch 'master' into pyup-update-urllib3-2.0.3-to-2.0.6

No dependencies with known security vulnerabilities.

dependabot/pip/urllib3-2.0.6

1 year, 6 months ago

f5e14303

Bump urllib3 from 2.0.3 to 2.0.6 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to

No dependencies with known security vulnerabilities.

master

1 year, 6 months ago

13699a19

Merge pull request #239 from mzollin/pyup-update-pillow-10.0.0-to-10.0.1 Update pillow to 10.0.1

No dependencies with known security vulnerabilities.

master

1 year, 6 months ago

b5384c80

Merge pull request #238 from mzollin/pyup-update-soupsieve-2.4.1-to-2.5 Update soupsieve to 2.5

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

master

1 year, 6 months ago

0b8fda34

Merge pull request #237 from mzollin/pyup-update-chardet-5.1.0-to-5.2.0 Update chardet to 5.2.0

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

pyup-update-chardet-5.1.0-to-5.2.0

1 year, 6 months ago

f57ab087

Merge branch 'master' into pyup-update-chardet-5.1.0-to-5.2.0

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

master

1 year, 6 months ago

39ff9ab0

Merge pull request #236 from mzollin/dependabot/pip/certifi-2023.7.22 Bump certifi from 2022.12.7 t

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

master

1 year, 6 months ago

8f55bb76

Merge pull request #235 from mzollin/pyup-update-certifi-2022.12.7-to-2023.7.22 Update certifi to 2

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

pyup-update-urllib3-2.0.3-to-2.0.6

1 year, 6 months ago

874ea750

Update urllib3 from 2.0.3 to 2.0.6

Pillow 10.0.0 and certifi 2022.12.7 have known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
certifi	2022.12.7	>=2015.04.28,<2023.07.22	show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
certifi	2022.12.7	>=2021.05.30,<2024.07.04	show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.

pyup-update-urllib3-2.0.3-to-2.0.5

1 year, 6 months ago

620e1cc2

Update urllib3 from 2.0.3 to 2.0.5

certifi 2022.12.7 has known security vulnerabilities.

Package	Installed	Affected	Info
certifi	2022.12.7	>=2015.04.28,<2023.07.22	show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
certifi	2022.12.7	>=2021.05.30,<2024.07.04	show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.

Package

Installed

Affected

Info

certifi

2022.12.7

>=2015.04.28,<2023.07.22

show

Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

certifi

2022.12.7

>=2021.05.30,<2024.07.04

show

Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.