Safety CI > rnag/wystia

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

f9699d59

Update pytest-mock from 3.10.0 to 3.15.1

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

0700e8b2

Update pytest from 7.2.2 to 9.0.2

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

551c8be3

Update twine from 4.0.2 to 6.2.0

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

e07c3855

Update sphinx from 5.3.0 to 9.1.0

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

bbd65506

Update coverage from 7.2.3 to 7.13.2

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

6ab6b963

Update tox from 4.4.11 to 4.34.1

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

9a31f934

Update pylint from 2.17.2 to 4.0.4

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

0147fac2

Update pip from 23.0.1 to 26.0

wheel 0.40.0 has known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.40.0	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.

Package

Installed

Affected

Info

wheel

0.40.0

<0.46.2

show

Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

19bb8908

Update watchdog from 3.0.0 to 6.0.0

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-02-01

2 weeks, 3 days ago

f5c07e49

Update wheel from 0.40.0 to 0.46.3

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-01-01

1 month, 2 weeks ago

5ccd9ac4

Update pytest-mock from 3.10.0 to 3.15.1

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-01-01

1 month, 2 weeks ago

24609008

Update pytest from 7.2.2 to 9.0.2

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-01-01

1 month, 2 weeks ago

c83edcab

Update twine from 4.0.2 to 6.2.0

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-01-01

1 month, 2 weeks ago

47a65403

Update sphinx from 5.3.0 to 9.1.0

No dependencies with known security vulnerabilities.

pyup/scheduled-update-2026-01-01

1 month, 2 weeks ago

53cced3f

Update coverage from 7.2.3 to 7.13.1

No dependencies with known security vulnerabilities.