Safety CI > vertexproject/vtx-base-image

master

8 hours ago

Update types-python-dateutil from 2.9.0.20241206 to 2.9.0.20250809 (#1012)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

8 hours ago

9495f365

Update yarl from 1.19.0 to 1.20.1 (#966)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

8 hours ago

a7c31ec9

Update aiosignal from 1.3.2 to 1.4.0 (#988)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

8 hours ago

5e1d1efe

Update tornado from 6.5.1 to 6.5.2 (#1009) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-tornado-6.5.1-to-6.5.2

8 hours ago

708dfd7f

Merge branch 'master' into pyup-update-tornado-6.5.1-to-6.5.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

8 hours ago

2f74103e

Update oauthlib from 3.2.2 to 3.3.1 (#978) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

8 hours ago

d71c74ff

Update python-socks from 2.7.1 to 2.7.2 (#1005)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

8 hours ago

a0ebc144

Update charset-normalizer from 3.4.1 to 3.4.3 (#1011)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

9 hours ago

480d66eb

Update multidict from 6.4.3 to 6.6.4 (#1014)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

9 hours ago

e786515e

Update aiohttp from 3.11.16 to 3.12.15 (#1000) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

9 hours ago

bb668bb9

Update certifi from 2025.7.14 to 2025.8.3 (#1006) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

9 hours ago

52d6a64c

Update regex from 2025.7.29 to 2025.7.34 (#1004)

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-aiohttp-3.11.16-to-3.12.15

9 hours ago

4a874057

Merge branch 'master' into pyup-update-aiohttp-3.11.16-to-3.12.15

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-certifi-2025.7.14-to-2025.8.3

9 hours ago

b23e45bc

Merge branch 'master' into pyup-update-certifi-2025.7.14-to-2025.8.3

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

9 hours ago

451f2841

Update requests from 2.32.4 to 2.32.5 (#1020)

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.