Safety CI > qinyu/refactorguide

pyup-update-wheel-0.36.2-to-0.43.0

2 months, 1 week ago

Update wheel from 0.36.2 to 0.43.0

pip 20.3.3 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-24.0

3 months, 2 weeks ago

b1a91f8c

Update pip from 20.3.3 to 24.0

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.3.2

5 months ago

6bfe69ee

Update pip from 20.3.3 to 23.3.2

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pytest-runner-5.2-to-6.0.1

5 months, 2 weeks ago

d16b6b13

Update pytest-runner from 5.2 to 6.0.1

pip 20.3.3, wheel 0.36.2 and pytest-runner 6.0.1 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	6.0.1	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-wheel-0.36.2-to-0.42.0

5 months, 3 weeks ago

bef1b6ce

Update wheel from 0.36.2 to 0.42.0

pip 20.3.3 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-wheel-0.36.2-to-0.41.3

6 months, 3 weeks ago

7a862a88

Update wheel from 0.36.2 to 0.41.3

pip 20.3.3 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.3.1

6 months, 4 weeks ago

7a320554

Update pip from 20.3.3 to 23.3.1

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.3

7 months ago

129a2ddd

Update pip from 20.3.3 to 23.3

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-wheel-0.36.2-to-0.41.2

9 months ago

44efa74c

Update wheel from 0.36.2 to 0.41.2

pip 20.3.3 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-wheel-0.36.2-to-0.41.1

9 months, 2 weeks ago

a06e070f

Update wheel from 0.36.2 to 0.41.1

pip 20.3.3 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-wheel-0.36.2-to-0.41.0

10 months ago

152e43f0

Update wheel from 0.36.2 to 0.41.0

pip 20.3.3 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	20.3.3	>=0	show DISPUTED An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.
pip	20.3.3	<21.1	show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
pip	20.3.3	<23.3	show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
pip	20.3.3	<21.1	show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.2.1

10 months ago

0a7af5bc

Update pip from 20.3.3 to 23.2.1

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.2

10 months, 1 week ago

12d4d505

Update pip from 20.3.3 to 23.2

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.1.2

1 year ago

117def80

Update pip from 20.3.3 to 23.1.2

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

pyup-update-pip-20.3.3-to-23.1.1

1 year ago

ff59ccbe

Update pip from 20.3.3 to 23.1.1

wheel 0.36.2 and pytest-runner 5.2 have known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.36.2	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
pytest-runner	5.2	>0	show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst

Package

Installed

Affected

Info

wheel

0.36.2

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pytest-runner

5.2

>0

show

Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
- Select a tool to bootstrap and then run tests such as tox.
https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst