pyup-update-sphinx-click-2.1.0-to-4.3.0
1 day, 16 hours ago
Update sphinx-click from 2.1.0 to 4.3.0
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-tox-3.12.1-to-3.25.1
5 days, 17 hours ago
Update tox from 3.12.1 to 3.25.1
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-sphinx-click-2.1.0-to-4.2.0
2 weeks, 1 day ago
Update sphinx-click from 2.1.0 to 4.2.0
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-sphinx-2.1.0-to-5.0.2
2 weeks, 5 days ago
Update sphinx from 2.1.0 to 5.0.2
pip 19.1.1, twine 1.13.0 and pytest-runner 5.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-watchdog-0.9.0-to-2.1.9
3 weeks, 4 days ago
Update watchdog from 0.9.0 to 2.1.9
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-sphinx-2.1.0-to-5.0.1
1 month ago
Update sphinx from 2.1.0 to 5.0.1
pip 19.1.1, twine 1.13.0 and pytest-runner 5.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-coverage-4.5.3-to-6.4.1
1 month ago
Update coverage from 4.5.3 to 6.4.1
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-twine-1.13.0-to-4.0.1
1 month ago
Update twine from 1.13.0 to 4.0.1
pip 19.1.1, Sphinx 2.1.0 and pytest-runner 5.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-pip-19.1.1-to-22.1.2
1 month ago
Update pip from 19.1.1 to 22.1.2
Sphinx 2.1.0, twine 1.13.0 and pytest-runner 5.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-sphinx-click-2.1.0-to-4.1.0
1 month ago
Update sphinx-click from 2.1.0 to 4.1.0
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-sphinx-2.1.0-to-5.0.0
1 month ago
Update sphinx from 2.1.0 to 5.0.0
pip 19.1.1, twine 1.13.0 and pytest-runner 5.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-coverage-4.5.3-to-6.4
1 month, 1 week ago
Update coverage from 4.5.3 to 6.4
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-pip-19.1.1-to-22.1.1
1 month, 2 weeks ago
Update pip from 19.1.1 to 22.1.1
Sphinx 2.1.0, twine 1.13.0 and pytest-runner 5.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-watchdog-0.9.0-to-2.1.8
1 month, 3 weeks ago
Update watchdog from 0.9.0 to 2.1.8
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
pyup-update-coverage-4.5.3-to-6.3.3
1 month, 3 weeks ago
Update coverage from 4.5.3 to 6.3.3
pip 19.1.1, Sphinx 2.1.0 and 2 other dependencies have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pip | 19.1.1 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
| pip | 19.1.1 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
| pip | 19.1.1 | <19.2 |
show Pip before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 2.1.0 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| twine | 1.13.0 | <2.0.0 |
show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix. |
| pytest-runner | 5.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
Python 3 badge
URL
https://pyup.io/repos/github/py4ds/gitone/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/py4ds/gitone/)
Restructured Text
.. image:: https://pyup.io/repos/github/py4ds/gitone/python-3-shield.svg
:target: https://pyup.io/repos/github/py4ds/gitone/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/py4ds/gitone/"><img src="https://pyup.io/repos/github/py4ds/gitone/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/py4ds/gitone/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/py4ds/gitone/
RDoc
{<img src="https://pyup.io/repos/github/py4ds/gitone/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/py4ds/gitone/]
pyup.io badge
URL
https://pyup.io/repos/github/py4ds/gitone/shield.svg
Markdown
[](https://pyup.io/repos/github/py4ds/gitone/)
Restructured Text
.. image:: https://pyup.io/repos/github/py4ds/gitone/shield.svg
:target: https://pyup.io/repos/github/py4ds/gitone/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/py4ds/gitone/"><img src="https://pyup.io/repos/github/py4ds/gitone/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/py4ds/gitone/shield.svg(Updates)!:https://pyup.io/repos/github/py4ds/gitone/
RDoc
{<img src="https://pyup.io/repos/github/py4ds/gitone/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/py4ds/gitone/]