Safety CI > spacemanspiff2007/HABApp

pyup-pin-ujson-5.3.0

3 years, 7 months ago

6ed71824

Pin ujson to latest version 5.3.0

No dependencies with known security vulnerabilities.

pyup-pin-autodoc_pydantic-1.7.0

3 years, 7 months ago

47b90a50

Pin autodoc_pydantic to latest version 1.7.0

No dependencies with known security vulnerabilities.

Develop

3 years, 7 months ago

f4b1de62

updated docs and added user module

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

f0492492

.

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

d8897291

.

No dependencies with known security vulnerabilities.

pyup-update-easyconfig-0.2.3-to-0.2.4

3 years, 8 months ago

ed2b9c1f

Update easyconfig from 0.2.3 to 0.2.4

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

384e6a84

.

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

5c2a45ee

.

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

90ef5287

.

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

3407bb03

.

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

aede0f0e

removed stackprinter

No dependencies with known security vulnerabilities.

pyup-pin-sphinx-autodoc-typehints-1.18.1

3 years, 8 months ago

ccffe6d0

Pin sphinx-autodoc-typehints to latest version 1.18.1

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

09bfb871

doc fixes

No dependencies with known security vulnerabilities.

Develop

3 years, 8 months ago

ffe32a51

Added support for thing/item label

No dependencies with known security vulnerabilities.

pyup-pin-sphinx-autodoc-typehints-1.18.0

3 years, 8 months ago

9b38a54e

Pin sphinx-autodoc-typehints to latest version 1.18.0

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff