Latest data: Wed May 22 08:04:42 UTC 2024

Homebrew · May 22, 2024 · 0700f2e · 0700f2e
1 parent 41a0e2b
commit 0700f2e
Show file tree

Hide file tree

Showing 22 changed files with 50 additions and 2,569 deletions.
diff --git a/audits/localstack-requirements.audit.json b/audits/localstack-requirements.audit.json
@@ -244,255 +244,5 @@
         "max_severity": "5.3"
       }
     ]
-  },
-  {
-    "package": {
-      "name": "requests",
-      "version": "2.31.0",
-      "ecosystem": "PyPI"
-    },
-    "dependency_groups": [
-      "localstack-requirements"
-    ],
-    "vulnerabilities": [
-      {
-        "modified": "2024-05-20T22:16:05Z",
-        "published": "2024-05-20T20:15:00Z",
-        "schema_version": "1.6.0",
-        "id": "GHSA-9wx4-h78v-vm56",
-        "aliases": [
-          "CVE-2024-35195"
-        ],
-        "summary": "Requests `Session` object does not verify requests after making first request with verify=False",
-        "details": "When making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool.\n\n### Remediation\nAny of these options can be used to remediate the current issue, we highly recommend upgrading as the preferred mitigation.\n\n* Upgrade to `requests>=2.32.0`.\n* For `requests<2.32.0`, avoid setting `verify=False` for the first request to a host while using a Requests Session.\n* For `requests<2.32.0`, call `close()` on `Session` objects to clear existing connections if `verify=False` is used.\n\n### Related Links\n* https://github.com/psf/requests/pull/6655",
-        "affected": [
-          {
-            "package": {
-              "ecosystem": "PyPI",
-              "name": "requests",
-              "purl": "pkg:pypi/requests"
-            },
-            "ranges": [
-              {
-                "type": "ECOSYSTEM",
-                "events": [
-                  {
-                    "introduced": "0"
-                  },
-                  {
-                    "fixed": "2.32.0"
-                  }
-                ]
-              }
-            ],
-            "versions": [
-              "0.0.1",
-              "0.10.0",
-              "0.10.1",
-              "0.10.2",
-              "0.10.3",
-              "0.10.4",
-              "0.10.6",
-              "0.10.7",
-              "0.10.8",
-              "0.11.1",
-              "0.11.2",
-              "0.12.0",
-              "0.12.01",
-              "0.12.1",
-              "0.13.0",
-              "0.13.1",
-              "0.13.2",
-              "0.13.3",
-              "0.13.4",
-              "0.13.5",
-              "0.13.6",
-              "0.13.7",
-              "0.13.8",
-              "0.13.9",
-              "0.14.0",
-              "0.14.1",
-              "0.14.2",
-              "0.2.0",
-              "0.2.1",
-              "0.2.2",
-              "0.2.3",
-              "0.2.4",
-              "0.3.0",
-              "0.3.1",
-              "0.3.2",
-              "0.3.3",
-              "0.3.4",
-              "0.4.0",
-              "0.4.1",
-              "0.5.0",
-              "0.5.1",
-              "0.6.0",
-              "0.6.1",
-              "0.6.2",
-              "0.6.3",
-              "0.6.4",
-              "0.6.5",
-              "0.6.6",
-              "0.7.0",
-              "0.7.1",
-              "0.7.2",
-              "0.7.3",
-              "0.7.4",
-              "0.7.5",
-              "0.7.6",
-              "0.8.0",
-              "0.8.1",
-              "0.8.2",
-              "0.8.3",
-              "0.8.4",
-              "0.8.5",
-              "0.8.6",
-              "0.8.7",
-              "0.8.8",
-              "0.8.9",
-              "0.9.0",
-              "0.9.1",
-              "0.9.2",
-              "0.9.3",
-              "1.0.0",
-              "1.0.1",
-              "1.0.2",
-              "1.0.3",
-              "1.0.4",
-              "1.1.0",
-              "1.2.0",
-              "1.2.1",
-              "1.2.2",
-              "1.2.3",
-              "2.0.0",
-              "2.0.1",
-              "2.1.0",
-              "2.10.0",
-              "2.11.0",
-              "2.11.1",
-              "2.12.0",
-              "2.12.1",
-              "2.12.2",
-              "2.12.3",
-              "2.12.4",
-              "2.12.5",
-              "2.13.0",
-              "2.14.0",
-              "2.14.1",
-              "2.14.2",
-              "2.15.0",
-              "2.15.1",
-              "2.16.0",
-              "2.16.1",
-              "2.16.2",
-              "2.16.3",
-              "2.16.4",
-              "2.16.5",
-              "2.17.0",
-              "2.17.1",
-              "2.17.2",
-              "2.17.3",
-              "2.18.0",
-              "2.18.1",
-              "2.18.2",
-              "2.18.3",
-              "2.18.4",
-              "2.19.0",
-              "2.19.1",
-              "2.2.0",
-              "2.2.1",
-              "2.20.0",
-              "2.20.1",
-              "2.21.0",
-              "2.22.0",
-              "2.23.0",
-              "2.24.0",
-              "2.25.0",
-              "2.25.1",
-              "2.26.0",
-              "2.27.0",
-              "2.27.1",
-              "2.28.0",
-              "2.28.1",
-              "2.28.2",
-              "2.29.0",
-              "2.3.0",
-              "2.30.0",
-              "2.31.0",
-              "2.4.0",
-              "2.4.1",
-              "2.4.2",
-              "2.4.3",
-              "2.5.0",
-              "2.5.1",
-              "2.5.2",
-              "2.5.3",
-              "2.6.0",
-              "2.6.1",
-              "2.6.2",
-              "2.7.0",
-              "2.8.0",
-              "2.8.1",
-              "2.9.0",
-              "2.9.1",
-              "2.9.2"
-            ],
-            "database_specific": {
-              "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9wx4-h78v-vm56/GHSA-9wx4-h78v-vm56.json"
-            }
-          }
-        ],
-        "severity": [
-          {
-            "type": "CVSS_V3",
-            "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"
-          }
-        ],
-        "references": [
-          {
-            "type": "WEB",
-            "url": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56"
-          },
-          {
-            "type": "ADVISORY",
-            "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195"
-          },
-          {
-            "type": "WEB",
-            "url": "https://github.com/psf/requests/pull/6655"
-          },
-          {
-            "type": "WEB",
-            "url": "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac"
-          },
-          {
-            "type": "PACKAGE",
-            "url": "https://github.com/psf/requests"
-          }
-        ],
-        "database_specific": {
-          "cwe_ids": [
-            "CWE-670"
-          ],
-          "github_reviewed": true,
-          "github_reviewed_at": "2024-05-20T20:15:00Z",
-          "nvd_published_at": "2024-05-20T21:15:09Z",
-          "severity": "MODERATE"
-        }
-      }
-    ],
-    "groups": [
-      {
-        "ids": [
-          "GHSA-9wx4-h78v-vm56"
-        ],
-        "aliases": [
-          "CVE-2024-35195",
-          "GHSA-9wx4-h78v-vm56"
-        ],
-        "max_severity": "5.6"
-      }
-    ]
   }
 ]