Safety CI > vertexproject/vtx-base-image

master

2 months, 1 week ago

Update tornado from 6.4.2 to 6.5 (#939)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-rpds-py-0.24.0-to-0.25.1

2 months, 1 week ago

81a1bbaa

Update rpds-py from 0.24.0 to 0.25.1

tornado 6.4.2 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
tornado	6.4.2	<6.5.0	show When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

tornado

6.4.2

<6.5.0

show

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-coverage-7.6.7-to-7.8.1

2 months, 1 week ago

65736821

Update coverage from 7.6.7 to 7.8.1

tornado 6.4.2 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
tornado	6.4.2	<6.5.0	show When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

tornado

6.4.2

<6.5.0

show

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-multidict-6.4.3-to-6.4.4

2 months, 2 weeks ago

fed329b4

Update multidict from 6.4.3 to 6.4.4

tornado 6.4.2 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
tornado	6.4.2	<6.5.0	show When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

tornado

6.4.2

<6.5.0

show

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-cryptography-43.0.3-to-45.0.2

2 months, 2 weeks ago

8c0110d2

Update cryptography from 43.0.3 to 45.0.2

No dependencies with known security vulnerabilities.

pyup-update-pycryptodome-3.22.0-to-3.23.0

2 months, 2 weeks ago

34fb0d13

Update pycryptodome from 3.22.0 to 3.23.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-cryptography-43.0.3-to-45.0.1

2 months, 2 weeks ago

d920b21c

Update cryptography from 43.0.3 to 45.0.1

No dependencies with known security vulnerabilities.

pyup-update-pyopenssl-24.2.1-to-25.1.0

2 months, 2 weeks ago

7783a139

Update pyopenssl from 24.2.1 to 25.1.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-types-python-dateutil-2.9.0.20241206-to-2.9.0.20250516

2 months, 2 weeks ago

31b15703

Update types-python-dateutil from 2.9.0.20241206 to 2.9.0.20250516

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-tornado-6.4.2-to-6.5

2 months, 2 weeks ago

92112edb

Update tornado from 6.4.2 to 6.5

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

bender/SYN-8899/bump-py311-maint-version

2 months, 2 weeks ago

e92121e7

Merge branch 'master' into bender/SYN-8899/bump-py311-maint-version

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-rpds-py-0.24.0-to-0.25.0

2 months, 2 weeks ago

fce3b2c4

Update rpds-py from 0.24.0 to 0.25.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-pluggy-1.3.0-to-1.6.0

2 months, 2 weeks ago

a4769d43

Update pluggy from 1.3.0 to 1.6.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

2 months, 3 weeks ago

f4808abe

Update certifi from 2025.1.31 to 2025.4.26 (#931)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-exceptiongroup-1.2.0-to-1.3.0

2 months, 3 weeks ago

3faef1b1

Update exceptiongroup from 1.2.0 to 1.3.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.