Safety CI > vertexproject/vtx-base-image

pyup-update-packaging-24.2-to-26.0

1 month ago

c78d8511

Update packaging from 24.2 to 26.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-wcwidth-0.2.13-to-0.3.0

1 month ago

511594de

Update wcwidth from 0.2.13 to 0.3.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

1 month ago

932fa725

Update regex from 2025.11.3 to 2026.1.15 (#1101)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-pycparser-2.22-to-3.0

1 month ago

1899caef

Update pycparser from 2.22 to 3.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-soupsieve-2.8.1-to-2.8.3

1 month ago

d7329af7

Update soupsieve from 2.8.1 to 2.8.3

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-soupsieve-2.8.1-to-2.8.2

1 month ago

46c42d0c

Update soupsieve from 2.8.1 to 2.8.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-regex-2025.11.3-to-2026.1.15

1 month, 1 week ago

01260258

Update regex from 2025.11.3 to 2026.1.15

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-regex-2025.11.3-to-2026.1.14

1 month, 1 week ago

2250e8d3

Update regex from 2025.11.3 to 2026.1.14

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

1 month, 1 week ago

8af4739c

Remove py313 entirely since its is OBE from this repo (#1099)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

dev_rm_py313

1 month, 1 week ago

f70965ea

Remove py313 entirely since its is OBE from this repo

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

1 month, 1 week ago

c299fbed

Update soupsieve from 2.6 to 2.8.1 (#1092)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

1 month, 1 week ago

25b27e9b

Update beautifulsoup4 from 4.13.4 to 4.14.3 (#1083)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

1 month, 2 weeks ago

07e915b4

Update urllib3 from 2.6.1 to 2.6.3 (#1098)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

1 month, 2 weeks ago

ca36f274

Update aiohttp from 3.12.15 to 3.13.3 (#1094) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-aiohttp-3.12.15-to-3.13.3

1 month, 2 weeks ago

1dc70e9f

Merge branch 'master' into pyup-update-aiohttp-3.12.15-to-3.13.3

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	<46.0.5	show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

cryptography

43.0.3

<46.0.5

show

Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.