Safety CI > rnag/dataclass-wizard

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

9b65eb24

Update sphinx-issues from 3.0.1 to 4.1.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

b21a84c6

Update jsons from 1.6.1 to 1.6.3

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

d00b54e4

Update dataclasses-json from 0.5.6 to 0.6.5

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

d9464655

Update pytest from 7.0.1 to 8.2.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

f7b921e5

Update pytest-cov from 3.0.0 to 5.0.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

53318827

Update twine from 3.8.0 to 5.0.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

a2596de3

Update sphinx from 5.3.0 to 7.3.7

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

2765a91f

Update watchdog from 2.1.6 to 4.0.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

852e4635

Update wheel from 0.42.0 to 0.43.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

7debf494

Update wheel from 0.37.1 to 0.43.0

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

pyup/scheduled-update-2024-05-01

1 year, 6 months ago

fb3cf30a

Update tox from 3.24.5 to 4.15.0

pip 24.0 and wheel 0.37.1 have known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

pyup/scheduled-update-2024-04-01

1 year, 7 months ago

46747a4c

Update pytest from 7.0.1 to 8.1.1

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2024-04-01

1 year, 7 months ago

8f8f026b

Update sphinx-issues from 3.0.1 to 4.0.0

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2024-04-01

1 year, 7 months ago

da0718ec

Update jsons from 1.6.1 to 1.6.3

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2024-04-01

1 year, 7 months ago

5ca4f656

Update dataclasses-json from 0.5.6 to 0.6.4

No dependencies with known security vulnerabilities.