Safety CI > toonarmycaptain/dionysus

toonarmycaptain-rm-codeship

1 year, 1 month ago

Ignore matplotlib.pyplot typing problems.

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

toonarmycaptain-rm-codeship

1 year, 1 month ago

b7ee9def

Update matplotlib to avoid import error

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

toonarmycaptain-rm-codeship

1 year, 1 month ago

93a61e93

Update README.md - Rm unused codeship

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

pyup-scheduled-update-2024-07-01

1 year, 1 month ago

159cea10

Update mypy from 1.10.0 to 1.10.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-07-01

1 year, 1 month ago

6eebf1b7

Update coverage from 6.5.0 to 7.5.4

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-07-01

1 year, 1 month ago

c5447e5c

Update sqlalchemy from 2.0.30 to 2.0.31

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-07-01

1 year, 1 month ago

d4242ad1

Update pillow from 10.2.0 to 10.4.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-07-01

1 year, 1 month ago

8fdab1e7

Update matplotlib from 3.7.2 to 3.9.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/pillow-10.4.0

1 year, 1 month ago

c16b07d0

Bump pillow from 10.2.0 to 10.4.0 Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.2

No dependencies with known security vulnerabilities.

dependabot/pip/development/mypy-1.10.1

1 year, 1 month ago

5397a191

Bump mypy from 1.10.0 to 1.10.1 Bumps [mypy](https://github.com/python/mypy) from 1.10.0 to 1.10.1.

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/sqlalchemy-2.0.31

1 year, 1 month ago

6cc15f2d

Bump sqlalchemy from 2.0.30 to 2.0.31 Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy)

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.4

1 year, 1 month ago

d397abd5

Bump coverage from 6.5.0 to 7.5.4 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

dependabot/pip/development/coverage-7.5.3

1 year, 1 month ago

ef0f7ca7

Bump coverage from 6.5.0 to 7.5.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.5.0

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

development

1 year, 1 month ago

30f6df97

Merge pull request #710 from toonarmycaptain/dependabot/pip/development/pytest-8.2.2 Bump pytest fr

Pillow 10.2.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.2.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

snyk-fix-e2528a33373f914d5bf810e44e575f2e

1 year, 1 month ago

a6b15748

fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pin

Pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
Pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244