Safety CI > toonarmycaptain/dionysus

development

2 years, 1 month ago

Merge pull request #648 from toonarmycaptain/upate-pytest-7-4-2 Update requirements_dev.txt

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

update-sqlalchemy-2-0-21

2 years, 1 month ago

5775d617

Update sqlalchemy

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

update-pillow-10-0-1-1

2 years, 1 month ago

f6789ae9

Update pillow

No dependencies with known security vulnerabilities.

update-pillow-10-0-1

2 years, 1 month ago

ad54be0a

Update pillow

No dependencies with known security vulnerabilities.

update-matplotlib-3-8-0

2 years, 1 month ago

96b14c2c

Update matplotlib

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

upate-pytest-7-4-2

2 years, 1 month ago

817395b1

Update requirements_dev.txt

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

pyup-scheduled-update-2023-10-01

2 years, 1 month ago

f8315d6c

Update pytest from 7.4.1 to 7.4.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2023-10-01

2 years, 1 month ago

1371eed5

Update sqlalchemy from 2.0.20 to 2.0.21

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2023-10-01

2 years, 1 month ago

02604afa

Update matplotlib from 3.7.2 to 3.8.0

Pillow 10.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
Pillow	10.0.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
Pillow	10.0.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.
Pillow	10.0.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
Pillow	10.0.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

pyup-scheduled-update-2023-10-01

2 years, 1 month ago

f5bc1598

Update coverage from 6.5.0 to 7.3.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2023-10-01

2 years, 1 month ago

bdef6f4d

Update pillow from 10.0.0 to 10.0.1

No dependencies with known security vulnerabilities.

snyk-fix-6054cfc25bb2d77328c4b33dfee4c085

2 years, 1 month ago

d97287a0

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning

No dependencies with known security vulnerabilities.

dependabot/pip/development/sqlalchemy-2.0.21

2 years, 1 month ago

bd90dc39

Bump sqlalchemy from 2.0.20 to 2.0.21 Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy)

No dependencies with known security vulnerabilities.

dependabot/pip/development/pillow-10.0.1

2 years, 1 month ago

c613f600

Bump pillow from 10.0.0 to 10.0.1 Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.0

No dependencies with known security vulnerabilities.

dependabot/pip/development/matplotlib-3.8.0

2 years, 1 month ago

951ca2cd

Bump matplotlib from 3.7.2 to 3.8.0 Bumps [matplotlib](https://github.com/matplotlib/matplotlib) fr

No dependencies with known security vulnerabilities.