Safety CI > vertexproject/vtx-base-image

pyup-update-lmdb-1.6.2-to-1.7.3

1 week ago

5e7cd66d

Update lmdb from 1.6.2 to 1.7.3

aiohttp 3.11.16 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.11.16	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.11.16

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-coverage-7.6.7-to-7.10.0

1 week ago

97a22740

Update coverage from 7.6.7 to 7.10.0

aiohttp 3.11.16 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.11.16	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.11.16

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-jsonschema-4.23.0-to-4.25.0

2 weeks ago

d96e5fef

Update jsonschema from 4.23.0 to 4.25.0

aiohttp 3.11.16 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.11.16	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.11.16

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-jsonschema-4.23.0-to-4.24.1

2 weeks, 1 day ago

b3502e8b

Update jsonschema from 4.23.0 to 4.24.1

aiohttp 3.11.16 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.11.16	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.11.16

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-certifi-2025.6.15-to-2025.7.14

2 weeks, 4 days ago

d0869a28

Update certifi from 2025.6.15 to 2025.7.14

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-lmdb-1.6.2-to-1.7.2

3 weeks, 1 day ago

f9cf4579

Update lmdb from 1.6.2 to 1.7.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-aiohttp-3.11.16-to-3.12.14

3 weeks, 1 day ago

e5fec1b8

Update aiohttp from 3.11.16 to 3.12.14

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-types-python-dateutil-2.9.0.20241206-to-2.9.0.20250708

3 weeks, 2 days ago

d3f0c8e3

Update types-python-dateutil from 2.9.0.20241206 to 2.9.0.20250708

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-certifi-2025.6.15-to-2025.7.9

3 weeks, 2 days ago

097c2ecf

Update certifi from 2025.6.15 to 2025.7.9

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-lmdb-1.6.2-to-1.7.1

3 weeks, 2 days ago

edf885d9

Update lmdb from 1.6.2 to 1.7.1

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-aiosignal-1.3.2-to-1.4.0

4 weeks ago

803fdd8a

Update aiosignal from 1.3.2 to 1.4.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-coverage-7.6.7-to-7.9.2

4 weeks ago

00fb58c7

Update coverage from 7.6.7 to 7.9.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-typing-extensions-4.13.2-to-4.14.1

4 weeks ago

80c10435

Update typing-extensions from 4.13.2 to 4.14.1

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-cryptography-43.0.3-to-45.0.5

1 month ago

04101e02

Update cryptography from 43.0.3 to 45.0.5

No dependencies with known security vulnerabilities.

master

1 month ago

e9bd43f3

Update urllib3 from 2.4.0 to 2.5.0 (#977)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.