From 09c068da378f1cbf18fabda098df622febc244b2 Mon Sep 17 00:00:00 2001 From: "github.actions" Date: Sun, 24 Nov 2024 08:05:47 +0000 Subject: [PATCH] Latest data: Sun Nov 24 08:05:47 UTC 2024 --- audits/airshare-requirements.audit.json | 447 ---------------------- audits/jupyterlab-requirements.audit.json | 170 -------- audits/localstack-requirements.audit.json | 4 +- audits/nvchecker-requirements.audit.json | 172 --------- audits/snakeviz-requirements.audit.json | 172 --------- requirements/airshare-requirements.txt | 10 +- requirements/awscli@1-requirements.txt | 2 +- requirements/jupyterlab-requirements.txt | 6 +- requirements/litecli-requirements.txt | 2 +- requirements/localstack-requirements.txt | 4 +- requirements/nvchecker-requirements.txt | 4 +- requirements/ola-requirements.txt | 1 + requirements/snakeviz-requirements.txt | 2 +- requirements/tmt-requirements.txt | 13 +- 14 files changed, 24 insertions(+), 985 deletions(-) delete mode 100644 audits/airshare-requirements.audit.json delete mode 100644 audits/nvchecker-requirements.audit.json delete mode 100644 audits/snakeviz-requirements.audit.json create mode 100644 requirements/ola-requirements.txt diff --git a/audits/airshare-requirements.audit.json b/audits/airshare-requirements.audit.json deleted file mode 100644 index 5d64a247..00000000 --- a/audits/airshare-requirements.audit.json +++ /dev/null @@ -1,447 +0,0 @@ -[ - { - "package": { - "name": "aiohttp", - "version": "3.10.9", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "airshare-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-11-19T21:00:57Z", - "published": "2024-11-18T21:02:17Z", - "schema_version": "1.6.0", - "id": "GHSA-27mf-ghqm-j3j8", - "aliases": [ - "CVE-2024-52303" - ], - "related": [ - "CGA-48j3-hqpv-g3q7" - ], - "summary": "aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method", - "details": "### Summary\n\nA memory leak can occur when a request produces a `MatchInfoError`. This was caused by adding an entry to a cache on each request, due to the building of each `MatchInfoError` producing a unique cache entry.\n\n### Impact\n\nIf the user is making use of any middlewares with `aiohttp.web` then it is advisable to upgrade immediately.\n\nAn attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "aiohttp", - "purl": "pkg:pypi/aiohttp" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "3.10.6" - }, - { - "fixed": "3.10.11" - } - ] - } - ], - "versions": [ - "3.10.10", - "3.10.11rc0", - "3.10.6", - "3.10.7", - "3.10.8", - "3.10.9" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-27mf-ghqm-j3j8/GHSA-27mf-ghqm-j3j8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - }, - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52303" - }, - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936" - }, - { - "type": "PACKAGE", - "url": "https://github.com/aio-libs/aiohttp" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-772" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-18T21:02:17Z", - "nvd_published_at": "2024-11-18T20:15:06Z", - "severity": "MODERATE" - } - }, - { - "modified": "2024-11-19T21:01:54Z", - "published": "2024-11-18T21:02:32Z", - "schema_version": "1.6.0", - "id": "GHSA-8495-4g3g-x7pr", - "aliases": [ - "CVE-2024-52304" - ], - "related": [ - "CGA-hc89-w3pf-6cxj" - ], - "summary": "aiohttp allows request smuggling due to incorrect parsing of chunk extensions", - "details": "### Summary\nThe Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "aiohttp", - "purl": "pkg:pypi/aiohttp" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "3.10.11" - } - ] - } - ], - "versions": [ - "0.1", - "0.10.0", - "0.10.1", - "0.10.2", - "0.11.0", - "0.12.0", - "0.13.0", - "0.13.1", - "0.14.0", - "0.14.1", - "0.14.2", - "0.14.3", - "0.14.4", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.16.0", - "0.16.1", - "0.16.2", - "0.16.3", - "0.16.4", - "0.16.5", - "0.16.6", - "0.17.0", - "0.17.1", - "0.17.2", - "0.17.3", - "0.17.4", - "0.18.0", - "0.18.1", - "0.18.2", - "0.18.3", - "0.18.4", - "0.19.0", - "0.2", - "0.20.0", - "0.20.1", - "0.20.2", - "0.21.0", - "0.21.1", - "0.21.2", - "0.21.4", - "0.21.5", - "0.21.6", - "0.22.0", - "0.22.0a0", - "0.22.0b0", - "0.22.0b1", - "0.22.0b2", - "0.22.0b3", - "0.22.0b4", - "0.22.0b5", - "0.22.0b6", - "0.22.1", - "0.22.2", - "0.22.3", - "0.22.4", - "0.22.5", - "0.3", - "0.4", - "0.4.1", - "0.4.2", - "0.4.3", - "0.4.4", - "0.5.0", - "0.6.0", - "0.6.1", - "0.6.2", - "0.6.3", - "0.6.4", - "0.6.5", - "0.7.0", - "0.7.1", - "0.7.2", - "0.7.3", - "0.8.0", - "0.8.1", - "0.8.2", - "0.8.3", - "0.8.4", - "0.9.0", - "0.9.1", - "0.9.2", - "0.9.3", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.5", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.2.0", - "1.3.0", - "1.3.1", - "1.3.2", - "1.3.3", - "1.3.4", - "1.3.5", - "2.0.0", - "2.0.0rc1", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5", - "2.0.6", - "2.0.7", - "2.1.0", - "2.2.0", - "2.2.1", - "2.2.2", - "2.2.3", - "2.2.4", - "2.2.5", - "2.3.0", - "2.3.0a1", - "2.3.0a2", - "2.3.0a3", - "2.3.0a4", - "2.3.1", - "2.3.10", - "2.3.1a1", - "2.3.2", - "2.3.2b2", - "2.3.2b3", - "2.3.3", - "2.3.4", - "2.3.5", - "2.3.6", - "2.3.7", - "2.3.8", - "2.3.9", - "3.0.0", - "3.0.0b0", - "3.0.0b1", - "3.0.0b2", - "3.0.0b3", - "3.0.0b4", - "3.0.1", - "3.0.2", - "3.0.3", - "3.0.4", - "3.0.5", - "3.0.6", - "3.0.7", - "3.0.8", - "3.0.9", - "3.1.0", - "3.1.1", - "3.1.2", - "3.1.3", - "3.10.0", - "3.10.0b1", - "3.10.0rc0", - "3.10.1", - "3.10.10", - "3.10.11rc0", - "3.10.2", - "3.10.3", - "3.10.4", - "3.10.5", - "3.10.6", - "3.10.6rc0", - "3.10.6rc1", - "3.10.6rc2", - "3.10.7", - "3.10.8", - "3.10.9", - "3.2.0", - "3.2.1", - "3.3.0", - "3.3.0a0", - "3.3.1", - "3.3.2", - "3.3.2a0", - "3.4.0", - "3.4.0a0", - "3.4.0a3", - "3.4.0b1", - "3.4.0b2", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5.0", - "3.5.0a1", - "3.5.0b1", - "3.5.0b2", - "3.5.0b3", - "3.5.1", - "3.5.2", - "3.5.3", - "3.5.4", - "3.6.0", - "3.6.0a0", - "3.6.0a1", - "3.6.0a11", - "3.6.0a12", - "3.6.0a2", - "3.6.0a3", - "3.6.0a4", - "3.6.0a5", - "3.6.0a6", - "3.6.0a7", - "3.6.0a8", - "3.6.0a9", - "3.6.0b0", - "3.6.1", - "3.6.1b3", - "3.6.1b4", - "3.6.2", - "3.6.2a0", - "3.6.2a1", - "3.6.2a2", - "3.6.3", - "3.7.0", - "3.7.0b0", - "3.7.0b1", - "3.7.1", - "3.7.2", - "3.7.3", - "3.7.4", - "3.7.4.post0", - "3.8.0", - "3.8.0a7", - "3.8.0b0", - "3.8.1", - "3.8.2", - "3.8.3", - "3.8.4", - "3.8.5", - "3.8.6", - "3.9.0", - "3.9.0b0", - "3.9.0b1", - "3.9.0rc0", - "3.9.1", - "3.9.2", - "3.9.3", - "3.9.4", - "3.9.4rc0", - "3.9.5" - ], - "database_specific": { - "last_known_affected_version_range": "<= 3.10.10", - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-8495-4g3g-x7pr/GHSA-8495-4g3g-x7pr.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" - }, - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52304" - }, - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71" - }, - { - "type": "PACKAGE", - "url": "https://github.com/aio-libs/aiohttp" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-444" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-18T21:02:32Z", - "nvd_published_at": "2024-11-18T21:15:06Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-27mf-ghqm-j3j8" - ], - "aliases": [ - "CVE-2024-52303", - "GHSA-27mf-ghqm-j3j8" - ], - "max_severity": "7.5" - }, - { - "ids": [ - "GHSA-8495-4g3g-x7pr" - ], - "aliases": [ - "CVE-2024-52304", - "GHSA-8495-4g3g-x7pr" - ], - "max_severity": "6.3" - } - ] - } -] \ No newline at end of file diff --git a/audits/jupyterlab-requirements.audit.json b/audits/jupyterlab-requirements.audit.json index cbcf0e5b..2661fa3c 100644 --- a/audits/jupyterlab-requirements.audit.json +++ b/audits/jupyterlab-requirements.audit.json @@ -672,175 +672,5 @@ "max_severity": "8.8" } ] - }, - { - "package": { - "name": "tornado", - "version": "6.4.1", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "jupyterlab-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-11-22T22:35:53Z", - "published": "2024-11-22T20:26:41Z", - "schema_version": "1.6.0", - "id": "GHSA-8w49-h785-mj3c", - "aliases": [ - "CVE-2024-52804" - ], - "summary": "Tornado has an HTTP cookie parsing DoS vulnerability", - "details": "The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.\n\nSee also CVE-2024-7592 for a similar vulnerability in cpython.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "tornado", - "purl": "pkg:pypi/tornado" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "6.4.2" - } - ] - } - ], - "versions": [ - "0.2", - "1.0", - "1.1", - "1.1.1", - "1.2", - "1.2.1", - "2.0", - "2.1", - "2.1.1", - "2.2", - "2.2.1", - "2.3", - "2.4", - "2.4.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.2.2", - "4.0", - "4.0.1", - "4.0.2", - "4.1", - "4.1b2", - "4.2", - "4.2.1", - "4.2b1", - "4.3", - "4.3b1", - "4.3b2", - "4.4", - "4.4.1", - "4.4.2", - "4.4.3", - "4.4b1", - "4.5", - "4.5.1", - "4.5.2", - "4.5.3", - "4.5b1", - "4.5b2", - "5.0", - "5.0.1", - "5.0.2", - "5.0a1", - "5.0b1", - "5.1", - "5.1.1", - "5.1b1", - "6.0", - "6.0.1", - "6.0.2", - "6.0.3", - "6.0.4", - "6.0a1", - "6.0b1", - "6.1", - "6.1b1", - "6.1b2", - "6.2", - "6.2b1", - "6.2b2", - "6.3", - "6.3.1", - "6.3.2", - "6.3.3", - "6.3b1", - "6.4", - "6.4.1", - "6.4b1" - ], - "database_specific": { - "last_known_affected_version_range": "<= 6.4.1", - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-8w49-h785-mj3c/GHSA-8w49-h785-mj3c.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52804" - }, - { - "type": "WEB", - "url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533" - }, - { - "type": "PACKAGE", - "url": "https://github.com/tornadoweb/tornado" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-400", - "CWE-770" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-22T20:26:41Z", - "nvd_published_at": "2024-11-22T16:15:34Z", - "severity": "HIGH" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-8w49-h785-mj3c" - ], - "aliases": [ - "CVE-2024-52804", - "GHSA-8w49-h785-mj3c" - ], - "max_severity": "7.5" - } - ] } ] \ No newline at end of file diff --git a/audits/localstack-requirements.audit.json b/audits/localstack-requirements.audit.json index b17be159..65186985 100644 --- a/audits/localstack-requirements.audit.json +++ b/audits/localstack-requirements.audit.json @@ -10,7 +10,7 @@ ], "vulnerabilities": [ { - "modified": "2024-09-03T22:02:47Z", + "modified": "2024-11-24T05:23:00Z", "published": "2024-04-26T00:30:35Z", "schema_version": "1.6.0", "id": "GHSA-6c5p-j8vq-pqhj", @@ -118,7 +118,7 @@ "github_reviewed": true, "github_reviewed_at": "2024-04-26T16:57:59Z", "nvd_published_at": "2024-04-26T00:15:09Z", - "severity": "HIGH" + "severity": "CRITICAL" } }, { diff --git a/audits/nvchecker-requirements.audit.json b/audits/nvchecker-requirements.audit.json deleted file mode 100644 index 8db05309..00000000 --- a/audits/nvchecker-requirements.audit.json +++ /dev/null @@ -1,172 +0,0 @@ -[ - { - "package": { - "name": "tornado", - "version": "6.4.1", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "nvchecker-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-11-22T22:35:53Z", - "published": "2024-11-22T20:26:41Z", - "schema_version": "1.6.0", - "id": "GHSA-8w49-h785-mj3c", - "aliases": [ - "CVE-2024-52804" - ], - "summary": "Tornado has an HTTP cookie parsing DoS vulnerability", - "details": "The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.\n\nSee also CVE-2024-7592 for a similar vulnerability in cpython.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "tornado", - "purl": "pkg:pypi/tornado" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "6.4.2" - } - ] - } - ], - "versions": [ - "0.2", - "1.0", - "1.1", - "1.1.1", - "1.2", - "1.2.1", - "2.0", - "2.1", - "2.1.1", - "2.2", - "2.2.1", - "2.3", - "2.4", - "2.4.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.2.2", - "4.0", - "4.0.1", - "4.0.2", - "4.1", - "4.1b2", - "4.2", - "4.2.1", - "4.2b1", - "4.3", - "4.3b1", - "4.3b2", - "4.4", - "4.4.1", - "4.4.2", - "4.4.3", - "4.4b1", - "4.5", - "4.5.1", - "4.5.2", - "4.5.3", - "4.5b1", - "4.5b2", - "5.0", - "5.0.1", - "5.0.2", - "5.0a1", - "5.0b1", - "5.1", - "5.1.1", - "5.1b1", - "6.0", - "6.0.1", - "6.0.2", - "6.0.3", - "6.0.4", - "6.0a1", - "6.0b1", - "6.1", - "6.1b1", - "6.1b2", - "6.2", - "6.2b1", - "6.2b2", - "6.3", - "6.3.1", - "6.3.2", - "6.3.3", - "6.3b1", - "6.4", - "6.4.1", - "6.4b1" - ], - "database_specific": { - "last_known_affected_version_range": "<= 6.4.1", - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-8w49-h785-mj3c/GHSA-8w49-h785-mj3c.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52804" - }, - { - "type": "WEB", - "url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533" - }, - { - "type": "PACKAGE", - "url": "https://github.com/tornadoweb/tornado" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-400", - "CWE-770" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-22T20:26:41Z", - "nvd_published_at": "2024-11-22T16:15:34Z", - "severity": "HIGH" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-8w49-h785-mj3c" - ], - "aliases": [ - "CVE-2024-52804", - "GHSA-8w49-h785-mj3c" - ], - "max_severity": "7.5" - } - ] - } -] \ No newline at end of file diff --git a/audits/snakeviz-requirements.audit.json b/audits/snakeviz-requirements.audit.json deleted file mode 100644 index 8b76fa71..00000000 --- a/audits/snakeviz-requirements.audit.json +++ /dev/null @@ -1,172 +0,0 @@ -[ - { - "package": { - "name": "tornado", - "version": "6.4.1", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "snakeviz-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-11-22T22:35:53Z", - "published": "2024-11-22T20:26:41Z", - "schema_version": "1.6.0", - "id": "GHSA-8w49-h785-mj3c", - "aliases": [ - "CVE-2024-52804" - ], - "summary": "Tornado has an HTTP cookie parsing DoS vulnerability", - "details": "The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.\n\nSee also CVE-2024-7592 for a similar vulnerability in cpython.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "tornado", - "purl": "pkg:pypi/tornado" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "6.4.2" - } - ] - } - ], - "versions": [ - "0.2", - "1.0", - "1.1", - "1.1.1", - "1.2", - "1.2.1", - "2.0", - "2.1", - "2.1.1", - "2.2", - "2.2.1", - "2.3", - "2.4", - "2.4.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.2.2", - "4.0", - "4.0.1", - "4.0.2", - "4.1", - "4.1b2", - "4.2", - "4.2.1", - "4.2b1", - "4.3", - "4.3b1", - "4.3b2", - "4.4", - "4.4.1", - "4.4.2", - "4.4.3", - "4.4b1", - "4.5", - "4.5.1", - "4.5.2", - "4.5.3", - "4.5b1", - "4.5b2", - "5.0", - "5.0.1", - "5.0.2", - "5.0a1", - "5.0b1", - "5.1", - "5.1.1", - "5.1b1", - "6.0", - "6.0.1", - "6.0.2", - "6.0.3", - "6.0.4", - "6.0a1", - "6.0b1", - "6.1", - "6.1b1", - "6.1b2", - "6.2", - "6.2b1", - "6.2b2", - "6.3", - "6.3.1", - "6.3.2", - "6.3.3", - "6.3b1", - "6.4", - "6.4.1", - "6.4b1" - ], - "database_specific": { - "last_known_affected_version_range": "<= 6.4.1", - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-8w49-h785-mj3c/GHSA-8w49-h785-mj3c.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52804" - }, - { - "type": "WEB", - "url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533" - }, - { - "type": "PACKAGE", - "url": "https://github.com/tornadoweb/tornado" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-400", - "CWE-770" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-22T20:26:41Z", - "nvd_published_at": "2024-11-22T16:15:34Z", - "severity": "HIGH" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-8w49-h785-mj3c" - ], - "aliases": [ - "CVE-2024-52804", - "GHSA-8w49-h785-mj3c" - ], - "max_severity": "7.5" - } - ] - } -] \ No newline at end of file diff --git a/requirements/airshare-requirements.txt b/requirements/airshare-requirements.txt index cd1da3a1..bc32103b 100644 --- a/requirements/airshare-requirements.txt +++ b/requirements/airshare-requirements.txt @@ -1,5 +1,5 @@ aiohappyeyeballs==2.4.3 -aiohttp==3.10.9 +aiohttp==3.11.7 aiosignal==1.3.1 asyncio==3.4.3 attrs==24.2.0 @@ -7,7 +7,7 @@ certifi==2024.8.30 charset-normalizer==3.4.0 click==8.1.7 colorama==0.4.6 -frozenlist==1.4.1 +frozenlist==1.5.0 humanize==4.11.0 idna==3.10 ifaddr==0.2.0 @@ -17,7 +17,7 @@ pyperclip==1.9.0 requests==2.32.3 requests-toolbelt==1.0.0 termcolor==2.5.0 -tqdm==4.66.5 +tqdm==4.67.0 urllib3==2.2.3 -yarl==1.14.0 -zeroconf==0.135.0 +yarl==1.18.0 +zeroconf==0.136.2 diff --git a/requirements/awscli@1-requirements.txt b/requirements/awscli@1-requirements.txt index 525d14eb..0fc531a8 100644 --- a/requirements/awscli@1-requirements.txt +++ b/requirements/awscli@1-requirements.txt @@ -6,6 +6,6 @@ pyasn1==0.6.1 python-dateutil==2.9.0.post0 pyyaml==6.0.2 rsa==4.7.2 -s3transfer==0.10.3 +s3transfer==0.10.4 six==1.16.0 urllib3==2.2.3 diff --git a/requirements/jupyterlab-requirements.txt b/requirements/jupyterlab-requirements.txt index 20acb9ad..404724b6 100644 --- a/requirements/jupyterlab-requirements.txt +++ b/requirements/jupyterlab-requirements.txt @@ -12,7 +12,7 @@ bleach==6.2.0 cffi==1.17.1 charset-normalizer==3.4.0 comm==0.2.2 -debugpy==1.8.8 +debugpy==1.8.9 decorator==5.1.1 defusedxml==0.7.1 executing==2.1.0 @@ -77,14 +77,14 @@ rfc3339-validator==0.1.4 rfc3986-validator==0.1.1 rpds-py==0.21.0 send2trash==1.8.3 -setuptools==75.5.0 +setuptools==75.6.0 six==1.16.0 sniffio==1.3.1 soupsieve==2.6 stack-data==0.6.3 terminado==0.18.1 tinycss2==1.4.0 -tornado==6.4.1 +tornado==6.4.2 traitlets==5.14.3 trove-classifiers==2024.10.21.16 types-python-dateutil==2.9.0.20241003 diff --git a/requirements/litecli-requirements.txt b/requirements/litecli-requirements.txt index dd9acfb8..1f7b5ef6 100644 --- a/requirements/litecli-requirements.txt +++ b/requirements/litecli-requirements.txt @@ -3,6 +3,6 @@ click==8.1.7 configobj==5.0.9 prompt-toolkit==3.0.48 pygments==2.18.0 -sqlparse==0.5.1 +sqlparse==0.5.2 tabulate==0.9.0 wcwidth==0.2.13 diff --git a/requirements/localstack-requirements.txt b/requirements/localstack-requirements.txt index f3fb52b5..dd70a821 100644 --- a/requirements/localstack-requirements.txt +++ b/requirements/localstack-requirements.txt @@ -7,8 +7,8 @@ dnslib==0.9.25 dnspython==2.7.0 ecdsa==0.19.0 idna==3.10 -localstack-core==4.0.1 -localstack-ext==4.0.1 +localstack-core==4.0.2 +localstack-ext==4.0.2 markdown-it-py==3.0.0 mdurl==0.1.2 packaging==24.2 diff --git a/requirements/nvchecker-requirements.txt b/requirements/nvchecker-requirements.txt index 3f7aa6df..43b27310 100644 --- a/requirements/nvchecker-requirements.txt +++ b/requirements/nvchecker-requirements.txt @@ -1,5 +1,5 @@ -packaging==24.1 +packaging==24.2 platformdirs==4.3.6 pycurl==7.45.3 structlog==24.4.0 -tornado==6.4.1 +tornado==6.4.2 diff --git a/requirements/ola-requirements.txt b/requirements/ola-requirements.txt new file mode 100644 index 00000000..cfbe9759 --- /dev/null +++ b/requirements/ola-requirements.txt @@ -0,0 +1 @@ +protobuf==5.28.3 diff --git a/requirements/snakeviz-requirements.txt b/requirements/snakeviz-requirements.txt index 0f21d3ed..660d3d65 100644 --- a/requirements/snakeviz-requirements.txt +++ b/requirements/snakeviz-requirements.txt @@ -1 +1 @@ -tornado==6.4.1 +tornado==6.4.2 diff --git a/requirements/tmt-requirements.txt b/requirements/tmt-requirements.txt index 443fa4e2..59453510 100644 --- a/requirements/tmt-requirements.txt +++ b/requirements/tmt-requirements.txt @@ -1,23 +1,22 @@ -appdirs==1.4.4 attrs==24.2.0 charset-normalizer==3.4.0 click==8.1.7 docutils==0.21.2 filelock==3.16.1 flexcache==0.3 -flexparser==0.3.1 +flexparser==0.4 idna==3.10 jinja2==3.1.4 jsonschema==4.23.0 jsonschema-specifications==2024.10.1 -markupSafe==3.0.2 -packaging==24.1 -pint==0.24.3 +markupsafe==3.0.2 +packaging==24.2 +pint==0.24.4 +platformdirs==4.3.6 pygments==2.18.0 referencing==0.35.1 requests==2.32.3 -rpds-py==0.20.0 +rpds-py==0.21.0 ruamel-yaml==0.18.6 -ruamel-yaml-clib==0.2.8 typing-extensions==4.12.2 urllib3==2.2.3