Safety CI > toonarmycaptain/dionysus

dependabot/pip/development/mypy-1.10.1

11 months, 1 week ago

Bump mypy from 1.10.0 to 1.10.1 Bumps [mypy](https://github.com/python/mypy) from 1.10.0 to 1.10.1.

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/sqlalchemy-2.0.31

11 months, 2 weeks ago

6cc15f2d

Bump sqlalchemy from 2.0.30 to 2.0.31 Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy)

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.4

11 months, 2 weeks ago

d397abd5

Bump coverage from 6.5.0 to 7.5.4 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.3

11 months, 3 weeks ago

ef0f7ca7

Bump coverage from 6.5.0 to 7.5.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

development

11 months, 3 weeks ago

30f6df97

Merge pull request #710 from toonarmycaptain/dependabot/pip/development/pytest-8.2.2 Bump pytest fr

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

snyk-fix-e2528a33373f914d5bf810e44e575f2e

11 months, 3 weeks ago

a6b15748

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

Pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244

dependabot/pip/development/pytest-8.2.2

12 months ago

0c366da6

Bump pytest from 8.2.1 to 8.2.2 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.1 to

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.3

1 year ago

180e7729

Bump coverage from 6.5.0 to 7.5.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

pyup-scheduled-update-2024-06-01

1 year ago

1d27f58f

Update coverage from 6.5.0 to 7.5.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-06-01

1 year ago

07ca30e9

Update pillow from 10.2.0 to 10.3.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-06-01

1 year ago

3ae20863

Update matplotlib from 3.7.2 to 3.9.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.2

1 year ago

ae6bc896

Bump coverage from 6.5.0 to 7.5.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.1

1 year ago

98ac225c

Bump coverage from 6.5.0 to 7.5.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

development

1 year ago

91d23193

Merge pull request #703 from toonarmycaptain/dependabot/pip/development/coveralls-4.0.1 Bump covera

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.1

1 year ago

2d7d0b65

Bump coverage from 6.5.0 to 7.5.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.