Safety CI > toonarmycaptain/dionysus

dependabot/pip/development/coveralls-4.0.1

1 year ago

Bump coveralls from 4.0.0 to 4.0.1 Bumps [coveralls](https://github.com/TheKevJames/coveralls-pytho

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

development

1 year ago

d04135bb

Merge pull request #705 from toonarmycaptain/dependabot/pip/development/pytest-8.2.1 Bump pytest fr

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

snyk-fix-7a985f4e455fc67e63f6fd6af5123aa5

1 year ago

987b2716

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

Pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244

dependabot/pip/development/pytest-8.2.1

1 year ago

0e5946a9

Bump pytest from 8.2.0 to 8.2.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.2.0 to

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/matplotlib-3.9.0

1 year ago

ef902512

Bump matplotlib from 3.7.2 to 3.9.0 Bumps [matplotlib](https://github.com/matplotlib/matplotlib) fr

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coveralls-4.0.1

1 year ago

400d3374

Bump coveralls from 4.0.0 to 4.0.1 Bumps [coveralls](https://github.com/TheKevJames/coveralls-pytho

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.1

1 year, 1 month ago

3a1cea2a

Bump coverage from 6.5.0 to 7.5.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

development

1 year, 1 month ago

b54218e7

Merge pull request #702 from toonarmycaptain/dependabot/pip/development/coveralls-4.0.0 Bump covera

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/pillow-10.3.0

1 year, 1 month ago

bdb05a15

Bump pillow from 10.2.0 to 10.3.0 Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.2

No dependencies with known security vulnerabilities.

dependabot/pip/development/matplotlib-3.8.4

1 year, 1 month ago

191fb23d

Bump matplotlib from 3.7.2 to 3.8.4 Bumps [matplotlib](https://github.com/matplotlib/matplotlib) fr

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

development

1 year, 1 month ago

eebc8733

Merge pull request #701 from toonarmycaptain/dependabot/pip/development/sqlalchemy-2.0.30 Bump sqla

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coveralls-4.0.0

1 year, 1 month ago

142a1e49

Bump coveralls from 3.3.1 to 4.0.0 Bumps [coveralls](https://github.com/TheKevJames/coveralls-pytho

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/sqlalchemy-2.0.30

1 year, 1 month ago

7d954f17

Bump sqlalchemy from 2.0.29 to 2.0.30 Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy)

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.1

1 year, 1 month ago

10eb5393

Bump coverage from 6.5.0 to 7.5.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

pyup-scheduled-update-2024-05-01

1 year, 1 month ago

d8f14cb4

Update coveralls from 3.3.1 to 4.0.0

No dependencies with known security vulnerabilities.