Safety CI > toonarmycaptain/worksheet

pyup-scheduled-update-2026-04-01

3 days, 5 hours ago

e7da5d77

Update pytest-cov from 7.0.0 to 7.1.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-04-01

3 days, 5 hours ago

4bea04c0

Update mypy from 1.19.1 to 1.20.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-04-01

3 days, 5 hours ago

74dc6357

Update coverage from 7.13.4 to 7.13.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-04-01

3 days, 5 hours ago

f6178d54

Update numpy from 2.4.2 to 2.4.4

No dependencies with known security vulnerabilities.

dependabot/pip/coverage-7.13.5

3 days, 10 hours ago

ce76409c

Bump coverage from 7.13.4 to 7.13.5 Bumps [coverage](https://github.com/coveragepy/coveragepy) from

No dependencies with known security vulnerabilities.

dependabot/pip/pytest-cov-7.1.0

3 days, 10 hours ago

154fb8c8

Bump pytest-cov from 7.0.0 to 7.1.0 Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) fr

No dependencies with known security vulnerabilities.

dependabot/pip/mypy-1.20.0

3 days, 10 hours ago

792ed72e

Bump mypy from 1.19.1 to 1.20.0 Bumps [mypy](https://github.com/python/mypy) from 1.19.1 to 1.20.0.

No dependencies with known security vulnerabilities.

dependabot/pip/numpy-2.4.4

3 days, 10 hours ago

55bcf94f

Bump numpy from 2.4.2 to 2.4.4 Bumps [numpy](https://github.com/numpy/numpy) from 2.4.2 to 2.4.4. -

No dependencies with known security vulnerabilities.

master

3 weeks, 1 day ago

4b625007

Merge pull request #373 from toonarmycaptain/pyup-scheduled-update-2026-03-01 Scheduled monthly dep

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-03-01

1 month ago

6cbc8865

Update coverage from 7.13.1 to 7.13.4

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-03-01

1 month ago

fb72c6c0

Update weasyprint from 67.0 to 68.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-03-01

1 month ago

d6e7acaf

Update numpy from 2.4.0 to 2.4.2

weasyprint 67.0 has known security vulnerabilities.

Package	Installed	Affected	Info
weasyprint	67.0	<68.0	show Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

Package

Installed

Affected

Info

weasyprint

67.0

<68.0

show

Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

pyup-scheduled-update-2026-02-01

2 months ago

52d7a5e9

Update coverage from 7.13.1 to 7.13.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-02-01

2 months ago

c0aba9ce

Update weasyprint from 67.0 to 68.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-02-01

2 months ago

60a9d60a

Update numpy from 2.4.0 to 2.4.2

weasyprint 67.0 has known security vulnerabilities.

Package	Installed	Affected	Info
weasyprint	67.0	<68.0	show Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

Package

Installed

Affected

Info

weasyprint

67.0

<68.0

show

Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

toonarmycaptain/worksheet_generator