Safety CI > toonarmycaptain/dionysus

development

1 year ago

8e59c6d8

Merge pull request #727 from toonarmycaptain/dependabot/pip/development/pytest-8.3.1 Bump pytest fr

No dependencies with known security vulnerabilities.

dependabot/pip/development/pytest-8.3.1

1 year ago

a5663191

Bump pytest from 8.2.2 to 8.3.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.2 to

No dependencies with known security vulnerabilities.

development

1 year ago

1772e889

Merge pull request #728 from toonarmycaptain/dependabot/pip/development/mypy-1.11.0 Bump mypy from

No dependencies with known security vulnerabilities.

dependabot/pip/development/mypy-1.11.0

1 year ago

44cc20d9

Bump mypy from 1.10.1 to 1.11.0 Bumps [mypy](https://github.com/python/mypy) from 1.10.1 to 1.11.0.

No dependencies with known security vulnerabilities.

dependabot/pip/development/pytest-8.3.1

1 year ago

b447aff8

Bump pytest from 8.2.2 to 8.3.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.2 to

No dependencies with known security vulnerabilities.

snyk-fix-8820bd6e335582f736960e4db8325007

1 year, 1 month ago

14c63278

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

No dependencies with known security vulnerabilities.

development

1 year, 1 month ago

9d8cf791

Merge pull request #725 from toonarmycaptain/dependabot/pip/development/coverage-7.6.0 Bump coverag

No dependencies with known security vulnerabilities.

dependabot/pip/development/coverage-7.6.0

1 year, 1 month ago

7467029c

Bump coverage from 7.5.4 to 7.6.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.5.4

No dependencies with known security vulnerabilities.

development

1 year, 1 month ago

84e98cde

Add 3.13 to test matrix as experimental

No dependencies with known security vulnerabilities.

development

1 year, 1 month ago

3c2fe514

Merge branch 'master' into development

No dependencies with known security vulnerabilities.

development

1 year, 1 month ago

db573d97

Update CHANGELOG.md

No dependencies with known security vulnerabilities.

snyk-fix-c1e2a143cf574ffda2b46a94065886ec

1 year, 1 month ago

472efe70

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning

No dependencies with known security vulnerabilities.

snyk-fix-032502fe7d246fbbbfa27efd0c01e2f0

1 year, 1 month ago

2c198b43

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning

Pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244

snyk-fix-86b6b3e73766745c6d8849ecb99cc7b8

1 year, 1 month ago

43ea1f23

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

No dependencies with known security vulnerabilities.

snyk-fix-d97de0c426f8a5a3201ecda5ca080d16

1 year, 1 month ago

870ab750

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

Pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244