diff --git a/audits/aws-elasticbeanstalk-requirements.audit.json b/audits/aws-elasticbeanstalk-requirements.audit.json deleted file mode 100644 index 354d67fb..00000000 --- a/audits/aws-elasticbeanstalk-requirements.audit.json +++ /dev/null @@ -1,399 +0,0 @@ -[ - { - "package": { - "name": "urllib3", - "version": "1.26.16", - "ecosystem": "PyPI", - "commit": "" - }, - "vulnerabilities": [ - { - "modified": "2023-10-13T22:03:00Z", - "published": "2023-10-02T23:27:05Z", - "schema_version": "1.6.0", - "id": "GHSA-v845-jxx5-vc9f", - "aliases": [ - "CVE-2023-43804" - ], - "summary": "`Cookie` HTTP header isn't stripped on cross-origin redirects", - "details": "urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.\n\nUsers **must** handle redirects themselves instead of relying on urllib3's automatic redirects to achieve safe processing of the `Cookie` header, thus we decided to strip the header by default in order to further protect users who aren't using the correct approach.\n\n## Affected usages\n\nWe believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:\n\n* Using an affected version of urllib3 (patched in v1.26.17 and v2.0.6)\n* Using the `Cookie` header on requests, which is mostly typical for impersonating a browser.\n* Not disabling HTTP redirects\n* Either not using HTTPS or for the origin server to redirect to a malicious origin.\n\n## Remediation\n\n* Upgrading to at least urllib3 v1.26.17 or v2.0.6\n* Disabling HTTP redirects using `redirects=False` when sending requests.\n* Not using the `Cookie` header.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.0.0" - }, - { - "fixed": "2.0.6" - } - ] - } - ], - "versions": [ - "2.0.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-v845-jxx5-vc9f/GHSA-v845-jxx5-vc9f.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.26.17" - } - ] - } - ], - "versions": [ - "0.2", - "0.3", - "0.3.1", - "0.4.0", - "0.4.1", - "1.0", - "1.0.1", - "1.0.2", - "1.1", - "1.10", - "1.10.1", - "1.10.2", - "1.10.3", - "1.10.4", - "1.11", - "1.12", - "1.13", - "1.13.1", - "1.14", - "1.15", - "1.15.1", - "1.16", - "1.17", - "1.18", - "1.18.1", - "1.19", - "1.19.1", - "1.2", - "1.2.1", - "1.2.2", - "1.20", - "1.21", - "1.21.1", - "1.22", - "1.23", - "1.24", - "1.24.1", - "1.24.2", - "1.24.3", - "1.25", - "1.25.1", - "1.25.10", - "1.25.11", - "1.25.2", - "1.25.3", - "1.25.4", - "1.25.5", - "1.25.6", - "1.25.7", - "1.25.8", - "1.25.9", - "1.26.0", - "1.26.1", - "1.26.10", - "1.26.11", - "1.26.12", - "1.26.13", - "1.26.14", - "1.26.15", - "1.26.16", - "1.26.2", - "1.26.3", - "1.26.4", - "1.26.5", - "1.26.6", - "1.26.7", - "1.26.8", - "1.26.9", - "1.3", - "1.4", - "1.5", - "1.6", - "1.7", - "1.7.1", - "1.8", - "1.8.2", - "1.8.3", - "1.9", - "1.9.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-v845-jxx5-vc9f/GHSA-v845-jxx5-vc9f.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804" - }, - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb" - }, - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml" - }, - { - "type": "PACKAGE", - "url": "https://github.com/urllib3/urllib3" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-10-02T23:27:05Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-10-10T14:28:19Z", - "published": "2023-10-04T17:15:00Z", - "schema_version": "1.6.0", - "id": "PYSEC-2023-192", - "aliases": [ - "CVE-2023-43804", - "GHSA-v845-jxx5-vc9f" - ], - "details": "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "644124ecd0b6e417c527191f866daa05a5a2056d" - }, - { - "fixed": "01220354d389cd05474713f8c982d05c9b17aafb" - } - ], - "repo": "https://github.com/urllib3/urllib3" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.0.0" - }, - { - "fixed": "2.0.6" - }, - { - "introduced": "0" - }, - { - "fixed": "1.26.17" - } - ] - } - ], - "versions": [ - "0.2", - "0.3", - "0.3.1", - "0.4.0", - "0.4.1", - "1.0", - "1.0.1", - "1.0.2", - "1.1", - "1.10", - "1.10.1", - "1.10.2", - "1.10.3", - "1.10.4", - "1.11", - "1.12", - "1.13", - "1.13.1", - "1.14", - "1.15", - "1.15.1", - "1.16", - "1.17", - "1.18", - "1.18.1", - "1.19", - "1.19.1", - "1.2", - "1.2.1", - "1.2.2", - "1.20", - "1.21", - "1.21.1", - "1.22", - "1.23", - "1.24", - "1.24.1", - "1.24.2", - "1.24.3", - "1.25", - "1.25.1", - "1.25.10", - "1.25.11", - "1.25.2", - "1.25.3", - "1.25.4", - "1.25.5", - "1.25.6", - "1.25.7", - "1.25.8", - "1.25.9", - "1.26.0", - "1.26.1", - "1.26.10", - "1.26.11", - "1.26.12", - "1.26.13", - "1.26.14", - "1.26.15", - "1.26.16", - "1.26.2", - "1.26.3", - "1.26.4", - "1.26.5", - "1.26.6", - "1.26.7", - "1.26.8", - "1.26.9", - "1.3", - "1.4", - "1.5", - "1.6", - "1.7", - "1.7.1", - "1.8", - "1.8.2", - "1.8.3", - "1.9", - "1.9.1", - "2.0.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2023-192.yaml" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" - } - ], - "references": [ - { - "type": "FIX", - "url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d" - }, - { - "type": "ADVISORY", - "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f" - }, - { - "type": "FIX", - "url": "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-v845-jxx5-vc9f", - "PYSEC-2023-192" - ] - } - ] - } -] \ No newline at end of file diff --git a/requirements/aws-elasticbeanstalk-requirements.txt b/requirements/aws-elasticbeanstalk-requirements.txt index 951ce3e9..3a38e5f7 100644 --- a/requirements/aws-elasticbeanstalk-requirements.txt +++ b/requirements/aws-elasticbeanstalk-requirements.txt @@ -1,28 +1,14 @@ -attrs==23.1.0 -bcrypt==4.0.1 blessed==1.20.0 -botocore==1.31.39 +botocore==1.31.63 cement==2.8.2 -charset-normalizer==3.2.0 +charset-normalizer==3.3.0 colorama==0.4.3 -distro==1.8.0 -docker==6.1.3 -docker-compose==1.29.2 -dockerpty==0.4.1 -docopt==0.6.2 idna==3.4 jmespath==1.0.1 -jsonschema==3.2.0 -paramiko==3.3.1 pathspec==0.10.1 -pynacl==1.5.0 -pyrsistent==0.19.3 python-dateutil==2.8.2 -python-dotenv==0.21.1 requests==2.31.0 semantic-version==2.8.5 termcolor==1.1.0 -texttable==1.6.7 -urllib3==1.26.16 +urllib3==1.26.17 wcwidth==0.1.9 -websocket-client==0.59.0 diff --git a/requirements/aws-sam-cli-requirements.txt b/requirements/aws-sam-cli-requirements.txt index 027783b6..be3efdea 100644 --- a/requirements/aws-sam-cli-requirements.txt +++ b/requirements/aws-sam-cli-requirements.txt @@ -1,14 +1,14 @@ -annotated-types==0.5.0 +annotated-types==0.6.0 arrow==1.3.0 attrs==23.1.0 aws-lambda-builders==1.38.0 aws-sam-translator==1.75.0 binaryornot==0.4.4 -blinker==1.6.2 -boto3==1.28.59 +blinker==1.6.3 +boto3==1.28.64 boto3-stubs==1.28.55 -botocore==1.31.59 -botocore-stubs==1.31.59 +botocore==1.31.64 +botocore-stubs==1.31.64 cfn-lint==0.80.4 chardet==5.2.0 charset-normalizer==3.3.0 @@ -34,17 +34,17 @@ markupsafe==2.1.3 mdurl==0.1.2 mpmath==1.3.0 mypy-boto3-apigateway==1.28.36 -mypy-boto3-cloudformation==1.28.48 +mypy-boto3-cloudformation==1.28.64 mypy-boto3-ecr==1.28.45 mypy-boto3-iam==1.28.37 -mypy-boto3-lambda==1.28.36 +mypy-boto3-lambda==1.28.63 mypy-boto3-s3==1.28.55 mypy-boto3-schemas==1.28.36 mypy-boto3-secretsmanager==1.28.36 mypy-boto3-signer==1.28.36 mypy-boto3-stepfunctions==1.28.36 mypy-boto3-sts==1.28.58 -mypy-boto3-xray==1.28.47 +mypy-boto3-xray==1.28.64 networkx==3.1 pbr==5.11.1 pydantic==2.4.2 @@ -56,8 +56,8 @@ referencing==0.30.2 regex==2023.10.3 requests==2.31.0 rich==13.5.3 -rpds-py==0.10.3 -ruamel-yaml==0.17.34 +rpds-py==0.10.6 +ruamel-yaml==0.17.35 ruamel-yaml-clib==0.2.8 s3transfer==0.7.0 sarif-om==1.0.4 @@ -68,8 +68,8 @@ types-awscrt==0.19.2 types-python-dateutil==2.8.19.14 types-s3transfer==0.7.0 tzlocal==5.0.1 -urllib3==1.26.17 +urllib3==2.0.6 watchdog==3.0.0 -websocket-client==1.6.3 +websocket-client==1.6.4 werkzeug==3.0.0 wheel==0.41.2 diff --git a/requirements/aws-sso-util-requirements.txt b/requirements/aws-sso-util-requirements.txt index 730265f7..a37f2792 100644 --- a/requirements/aws-sso-util-requirements.txt +++ b/requirements/aws-sso-util-requirements.txt @@ -1,8 +1,8 @@ attrs==23.1.0 aws-error-utils==2.7.0 aws-sso-lib==1.14.0 -boto3==1.28.58 -botocore==1.31.58 +boto3==1.28.64 +botocore==1.31.64 charset-normalizer==3.3.0 click==8.1.7 idna==3.4 @@ -12,4 +12,4 @@ pyrsistent==0.19.3 python-dateutil==2.8.2 requests==2.31.0 s3transfer==0.7.0 -urllib3==1.26.17 +urllib3==2.0.6 diff --git a/requirements/b2-tools-requirements.txt b/requirements/b2-tools-requirements.txt index 15fffbc8..0cf4370a 100644 --- a/requirements/b2-tools-requirements.txt +++ b/requirements/b2-tools-requirements.txt @@ -3,7 +3,7 @@ b2sdk==1.24.1 charset-normalizer==3.3.0 idna==3.4 logfury==1.0.1 -phx-class-registry==4.0.6 +phx-class-registry==4.1.0 python-dateutil==2.8.2 requests==2.31.0 rst2ansi==0.1.5 diff --git a/requirements/borgmatic-requirements.txt b/requirements/borgmatic-requirements.txt index 690d4e03..035c6029 100644 --- a/requirements/borgmatic-requirements.txt +++ b/requirements/borgmatic-requirements.txt @@ -6,7 +6,7 @@ jsonschema==4.19.1 jsonschema-specifications==2023.7.1 referencing==0.30.2 requests==2.31.0 -rpds-py==0.10.3 -ruamel-yaml==0.17.33 -ruamel-yaml-clib==0.2.7 +rpds-py==0.10.6 +ruamel-yaml==0.17.35 +ruamel-yaml-clib==0.2.8 urllib3==2.0.6 diff --git a/requirements/bzt-requirements.txt b/requirements/bzt-requirements.txt index e008bec2..85dd952a 100644 --- a/requirements/bzt-requirements.txt +++ b/requirements/bzt-requirements.txt @@ -1,11 +1,11 @@ aiodogstatsd==0.16.0.post0 -aiohttp==3.8.5 +aiohttp==3.9.0b0 aiosignal==1.3.1 astunparse==1.6.3 async-timeout==4.0.3 attrs==23.1.0 bidict==0.22.1 -charset-normalizer==3.2.0 +charset-normalizer==3.3.0 colorlog==6.7.0 cssselect==1.2.0 dill==0.3.7 @@ -17,24 +17,24 @@ humanize==4.8.0 idna==3.4 influxdb==5.3.1 molotov==2.6 -msgpack==1.0.6 +msgpack==1.0.7 multidict==6.0.4 multiprocess==0.70.15 progressbar33==2.4 prompt-toolkit==3.0.39 -psutil==5.9.5 +psutil==5.9.6 python-dateutil==2.8.2 -python-engineio==4.7.1 -python-socketio==5.9.0 +python-engineio==4.8.0 +python-socketio==5.10.0 pyvirtualdisplay==3.0 -rapidfuzz==3.3.0 +rapidfuzz==3.4.0 requests==2.31.0 -simple-websocket==0.10.1 +simple-websocket==1.0.0 terminaltables==3.1.10 urllib3==1.26.16 urwid==2.1.2 -wcwidth==0.2.6 -websocket-client==1.6.3 +wcwidth==0.2.8 +websocket-client==1.6.4 wheel==0.41.2 wsproto==1.2.0 yarl==1.9.2 diff --git a/requirements/checkov-requirements.txt b/requirements/checkov-requirements.txt index aac9d380..ee057474 100644 --- a/requirements/checkov-requirements.txt +++ b/requirements/checkov-requirements.txt @@ -1,5 +1,5 @@ -aiodns==3.0.0 -aiohttp==3.8.5 +aiodns==3.1.1 +aiohttp==3.8.6 aiomultiprocess==0.9.0 aiosignal==1.3.1 async-timeout==4.0.3 @@ -7,17 +7,17 @@ attrs==23.1.0 bc-detect-secrets==1.4.30 bc-jsonpath-ng==1.5.9 bc-python-hcl2==0.3.51 -beartype==0.16.2 +beartype==0.16.3 beautifulsoup4==4.12.2 boolean-py==4.0 -boto3==1.28.61 -botocore==1.31.61 +boto3==1.28.63 +botocore==1.31.63 cached-property==1.5.2 cachetools==5.3.1 charset-normalizer==3.3.0 click==8.1.7 click-option-group==0.5.6 -cloudsplaining==0.6.1 +cloudsplaining==0.6.2 colorama==0.4.6 configargparse==1.7 contextlib2==21.6.0 @@ -48,14 +48,14 @@ ply==3.11 policy-sentry==0.12.10 policyuniverse==1.5.1.20230817 prettytable==3.9.0 -pycares==4.3.0 +pycares==4.4.0 pycep-parser==0.4.1 python-dateutil==2.8.2 rdflib==7.0.0 referencing==0.30.2 regex==2023.10.3 requests==2.31.0 -rpds-py==0.10.4 +rpds-py==0.10.6 rustworkx==0.13.2 s3transfer==0.7.0 schema==0.7.5 @@ -63,16 +63,16 @@ semantic-version==2.10.0 smmap==5.0.1 sortedcontainers==2.4.0 soupsieve==2.5 -spdx-tools==0.8.1 +spdx-tools==0.8.2 termcolor==2.3.0 texttable==1.7.0 tqdm==4.66.1 unidiff==0.7.5 update-checker==0.18.0 uritools==4.0.2 -urllib3==1.26.17 +urllib3==2.0.6 wcwidth==0.2.8 -websocket-client==1.6.3 +websocket-client==1.6.4 xmltodict==0.13.0 yarl==1.9.2 zipp==3.17.0 diff --git a/requirements/doc8-requirements.txt b/requirements/doc8-requirements.txt index a55a0ab8..3e190b12 100644 --- a/requirements/doc8-requirements.txt +++ b/requirements/doc8-requirements.txt @@ -1,3 +1,3 @@ -pbr==5.11.0 +pbr==5.11.1 restructuredtext-lint==1.4.0 -stevedore==4.1.1 +stevedore==5.1.0 diff --git a/requirements/dvc-requirements.txt b/requirements/dvc-requirements.txt index 1833cd4b..eaee521c 100644 --- a/requirements/dvc-requirements.txt +++ b/requirements/dvc-requirements.txt @@ -104,7 +104,7 @@ pathspec==0.11.2 platformdirs==3.11.0 portalocker==2.8.2 prompt-toolkit==3.0.39 -psutil==5.9.5 +psutil==5.9.6 pyasn1==0.5.0 pyasn1-modules==0.3.0 pycryptodome==3.19.0 diff --git a/requirements/dxpy-requirements.txt b/requirements/dxpy-requirements.txt index 601c2bc2..d6da4bf3 100644 --- a/requirements/dxpy-requirements.txt +++ b/requirements/dxpy-requirements.txt @@ -1,6 +1,6 @@ charset-normalizer==3.3.0 idna==3.4 -psutil==5.9.5 +psutil==5.9.6 python-dateutil==2.8.2 requests==2.28.2 urllib3==1.26.17 diff --git a/requirements/ford-requirements.txt b/requirements/ford-requirements.txt index 8574b34e..bae6372f 100644 --- a/requirements/ford-requirements.txt +++ b/requirements/ford-requirements.txt @@ -2,7 +2,11 @@ beautifulsoup4==4.12.2 graphviz==0.20.1 jinja2==3.1.2 markdown-include==0.7.2 +markdown-it-py==3.0.0 +mdurl==0.1.2 +pcpp==1.30 python-markdown-math==0.8 -soupsieve==2.4.1 +rich==13.6.0 +soupsieve==2.5 toposort==1.7 tqdm==4.64.1 diff --git a/requirements/ruff-lsp-requirements.txt b/requirements/ruff-lsp-requirements.txt index be7d2178..f13f3acf 100644 --- a/requirements/ruff-lsp-requirements.txt +++ b/requirements/ruff-lsp-requirements.txt @@ -1,5 +1,5 @@ attrs==23.1.0 cattrs==23.1.2 lsprotocol==2023.0.0b1 -pygls==1.1.0 +pygls==1.1.1 typeguard==3.0.2 diff --git a/requirements/virtualfish-requirements.txt b/requirements/virtualfish-requirements.txt index 2211f263..eec3252d 100644 --- a/requirements/virtualfish-requirements.txt +++ b/requirements/virtualfish-requirements.txt @@ -1,6 +1,5 @@ -distlib==0.3.6 -filelock==3.12.0 +distlib==0.3.7 +filelock==3.12.4 pkgconfig==1.5.5 -platformdirs==3.5.0 -psutil==5.9.5 -virtualenv==20.23.0 +platformdirs==3.11.0 +virtualenv==20.24.5 diff --git a/requirements/watson-requirements.txt b/requirements/watson-requirements.txt index 59911c3c..e7ecab93 100644 --- a/requirements/watson-requirements.txt +++ b/requirements/watson-requirements.txt @@ -1,6 +1,5 @@ arrow==1.3.0 charset-normalizer==3.3.0 -click==8.1.7 click-didyoumean==0.3.0 idna==3.4 python-dateutil==2.8.2 diff --git a/requirements/waybackpy-requirements.txt b/requirements/waybackpy-requirements.txt index 7d8757e6..68bf0810 100644 --- a/requirements/waybackpy-requirements.txt +++ b/requirements/waybackpy-requirements.txt @@ -1,5 +1,4 @@ charset-normalizer==3.3.0 -click==8.1.7 idna==3.4 requests==2.31.0 urllib3==2.0.6