diff --git a/audits/howdoi-requirements.audit.json b/audits/howdoi-requirements.audit.json deleted file mode 100644 index d8477d13..00000000 --- a/audits/howdoi-requirements.audit.json +++ /dev/null @@ -1,104 +0,0 @@ -[ - { - "package": { - "name": "keep", - "version": "2.10.1", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "howdoi-requirements" - ], - "vulnerabilities": [ - { - "modified": "2023-11-08T04:09:20Z", - "published": "2022-06-08T18:15:00Z", - "schema_version": "1.6.0", - "id": "PYSEC-2022-43056", - "aliases": [ - "CVE-2022-30877" - ], - "details": "The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "keep", - "purl": "pkg:pypi/keep" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "versions": [ - "1.1", - "1.2", - "1.3", - "1.3.1", - "1.4", - "1.4.1", - "2", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.10", - "2.10.1", - "2.4.0", - "2.4.1", - "2.4.2", - "2.5", - "2.5.1", - "2.5.2", - "2.6", - "2.6.1", - "2.7", - "2.8", - "2.9" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/keep/PYSEC-2022-43056.yaml" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - } - ], - "references": [ - { - "type": "REPORT", - "url": "https://github.com/OrkoHunter/keep/issues/85" - }, - { - "type": "ADVISORY", - "url": "https://pypi.org/project/keep" - }, - { - "type": "ADVISORY", - "url": "http://pypi.doubanio.com/simple/request" - } - ] - } - ], - "groups": [ - { - "ids": [ - "PYSEC-2022-43056" - ], - "aliases": [ - "CVE-2022-30877", - "PYSEC-2022-43056" - ], - "max_severity": "9.8" - } - ] - } -] \ No newline at end of file diff --git a/requirements/esphome-requirements.txt b/requirements/esphome-requirements.txt index 11fc3e28..7ceec073 100644 --- a/requirements/esphome-requirements.txt +++ b/requirements/esphome-requirements.txt @@ -1,5 +1,5 @@ aioesphomeapi==24.3.0 -aiohappyeyeballs==2.3.2 +aiohappyeyeballs==2.3.4 ajsonrpc==1.2.0 anyio==4.4.0 argcomplete==3.4.0 @@ -8,7 +8,6 @@ bitarray==2.9.2 bitstring==4.2.3 bottle==0.12.25 chacha20poly1305-reuseable==0.12.2 -chardet==5.2.0 charset-normalizer==3.3.2 click==8.1.7 colorama==0.4.6 @@ -26,7 +25,7 @@ noiseprotocol==0.3.1 packaging==24.1 paho-mqtt==1.6.1 platformio==6.1.15 -protobuf==5.27.2 +protobuf==5.27.3 pyelftools==0.31 pyparsing==3.1.2 pyserial==3.5 diff --git a/requirements/howdoi-requirements.txt b/requirements/howdoi-requirements.txt index 73961be4..07299e57 100644 --- a/requirements/howdoi-requirements.txt +++ b/requirements/howdoi-requirements.txt @@ -6,7 +6,7 @@ colorama==0.4.6 cssselect==1.2.0 deprecated==1.2.14 idna==3.7 -keep==2.10.1 +keep==2.11 lxml==5.2.2 markdown-it-py==3.0.0 mdurl==0.1.2 @@ -17,7 +17,7 @@ pynacl==1.5.0 pyquery==2.0.0 requests==2.32.3 rich==13.7.1 -terminaltables==3.1.10 +terminaltables3==4.0.0 typing-extensions==4.12.2 urllib3==2.2.2 wrapt==1.16.0 diff --git a/requirements/locust-requirements.txt b/requirements/locust-requirements.txt index 353dbb0d..6b5e0b6a 100644 --- a/requirements/locust-requirements.txt +++ b/requirements/locust-requirements.txt @@ -17,7 +17,7 @@ msgpack==1.0.8 psutil==6.0.0 pyzmq==26.0.3 requests==2.32.3 -setuptools==70.1.1 +setuptools==72.1.0 urllib3==2.2.2 werkzeug==3.0.3 zope-event==5.0 diff --git a/requirements/pdm-requirements.txt b/requirements/pdm-requirements.txt index 315ecb63..e7220638 100644 --- a/requirements/pdm-requirements.txt +++ b/requirements/pdm-requirements.txt @@ -1,6 +1,6 @@ anyio==4.4.0 blinker==1.8.2 -dep-logic==0.4.3 +dep-logic==0.4.4 distlib==0.3.8 filelock==3.15.4 findpython==0.6.1