Safety CI > vertexproject/vtx-base-image

rm_pyrsistent

1 year, 5 months ago

9b2ce61a

Remove unused pyrsistent library

idna 3.6 and pyOpenSSL 24.1.0 have known security vulnerabilities.

Package	Installed	Affected	Info
idna	3.6	<3.7	show Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

Package

Installed

Affected

Info

idna

3.6

<3.7

show

Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

pyup-update-pyrsistent-0.19.3-to-0.20.0

1 year, 5 months ago

2935acbb

Merge branch 'master' into pyup-update-pyrsistent-0.19.3-to-0.20.0

idna 3.6 and pyOpenSSL 24.1.0 have known security vulnerabilities.

Package	Installed	Affected	Info
idna	3.6	<3.7	show Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

Package

Installed

Affected

Info

idna

3.6

<3.7

show

Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

pyup-update-aiohttp-3.9.3-to-3.9.4

1 year, 5 months ago

ae309c85

Merge branch 'master' into pyup-update-aiohttp-3.9.3-to-3.9.4

idna 3.6 and pyOpenSSL 24.1.0 have known security vulnerabilities.

Package	Installed	Affected	Info
idna	3.6	<3.7	show Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

Package

Installed

Affected

Info

idna

3.6

<3.7

show

Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

master

1 year, 5 months ago

169c3f69

Update stix2-validator, remove old libraries, add new libraries (SYN-7177) (#610) * Remove unneeded

idna 3.6 and pyOpenSSL 24.1.0 have known security vulnerabilities.

Package	Installed	Affected	Info
idna	3.6	<3.7	show Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

Package

Installed

Affected

Info

idna

3.6

<3.7

show

Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

pyup-update-aiohttp-3.9.3-to-3.9.4

1 year, 6 months ago

71f63eeb

Update aiohttp from 3.9.3 to 3.9.4