Latest data: Fri Nov 1 08:09:42 UTC 2024

audits/buku-requirements.audit.json

@@ -202,7 +202,8 @@
           "CVE-2024-49766"
         ],
         "related": [
-          "CGA-386h-56mx-h78g"
+          "CGA-386h-56mx-h78g",
+          "CGA-wr84-3crr-hf7w"
         ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
@@ -377,7 +378,8 @@
           "CVE-2024-49767"
         ],
         "related": [
-          "CGA-3m9h-7wmp-p5r3"
+          "CGA-3m9h-7wmp-p5r3",
+          "CGA-4gfj-4gfq-284g"
         ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",

audits/certsync-requirements.audit.json

@@ -18,7 +18,8 @@
           "CVE-2024-49766"
         ],
         "related": [
-          "CGA-386h-56mx-h78g"
+          "CGA-386h-56mx-h78g",
+          "CGA-wr84-3crr-hf7w"
         ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
@@ -193,7 +194,8 @@
           "CVE-2024-49767"
         ],
         "related": [
-          "CGA-3m9h-7wmp-p5r3"
+          "CGA-3m9h-7wmp-p5r3",
+          "CGA-4gfj-4gfq-284g"
         ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",

audits/gdbgui-requirements.audit.json

@@ -790,7 +790,8 @@
           "CVE-2024-49766"
         ],
         "related": [
-          "CGA-386h-56mx-h78g"
+          "CGA-386h-56mx-h78g",
+          "CGA-wr84-3crr-hf7w"
         ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
@@ -1186,7 +1187,8 @@
           "CVE-2024-49767"
         ],
         "related": [
-          "CGA-3m9h-7wmp-p5r3"
+          "CGA-3m9h-7wmp-p5r3",
+          "CGA-4gfj-4gfq-284g"
         ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",

audits/mapproxy-requirements.audit.json

@@ -202,7 +202,8 @@
           "CVE-2024-49766"
         ],
         "related": [
-          "CGA-386h-56mx-h78g"
+          "CGA-386h-56mx-h78g",
+          "CGA-wr84-3crr-hf7w"
         ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
@@ -767,7 +768,8 @@
           "CVE-2024-49767"
         ],
         "related": [
-          "CGA-3m9h-7wmp-p5r3"
+          "CGA-3m9h-7wmp-p5r3",
+          "CGA-4gfj-4gfq-284g"
         ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",

audits/recon-ng-requirements.audit.json

@@ -18,7 +18,8 @@
           "CVE-2024-49766"
         ],
         "related": [
-          "CGA-386h-56mx-h78g"
+          "CGA-386h-56mx-h78g",
+          "CGA-wr84-3crr-hf7w"
         ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
@@ -193,7 +194,8 @@
           "CVE-2024-49767"
         ],
         "related": [
-          "CGA-3m9h-7wmp-p5r3"
+          "CGA-3m9h-7wmp-p5r3",
+          "CGA-4gfj-4gfq-284g"
         ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",

requirements/bbot-requirements.txt

@@ -24,7 +24,7 @@ omegaconf==2.3.0
 ordered-set==4.1.0
 packaging==24.1
 pexpect==4.9.0
-psutil==5.9.8
+psutil==6.1.0
 ptyprocess==0.7.0
 pycryptodome==3.21.0
 pydantic==2.9.2
@@ -39,7 +39,7 @@ requests==2.32.3
 requests-file==2.1.0
 resolvelib==1.0.1
 setproctitle==1.3.3
-setuptools==75.2.0
+setuptools==75.3.0
 sniffio==1.3.1
 socksio==1.0.0
 soupsieve==2.6

requirements/dstack-requirements.txt

@@ -19,8 +19,8 @@ azure-mgmt-network==27.0.0
 azure-mgmt-resource==23.2.0
 azure-mgmt-subscription==3.1.1
 bcrypt==4.2.0
-boto3==1.35.51
-botocore==1.35.51
+boto3==1.35.52
+botocore==1.35.52
 cached-classproperty==1.0.1
 cachetools==5.5.0
 charset-normalizer==3.4.0
@@ -35,7 +35,7 @@ frozenlist==1.5.0
 gitdb==4.0.11
 gitpython==3.1.43
 google-api-core==2.22.0
-google-api-python-client==2.149.0
+google-api-python-client==2.151.0
 google-auth==2.35.0
 google-auth-httplib2==0.2.0
 google-cloud-appengine-logging==1.5.0
@@ -91,15 +91,15 @@ pyparsing==3.2.0
 python-dateutil==2.9.0.post0
 python-dxf==12.1.0
 python-json-logger==2.0.7
-python-multipart==0.0.16
+python-multipart==0.0.17
 pytz==2024.2
 pyyaml==6.0.2
 referencing==0.35.1
 requests==2.32.3
 requests-oauthlib==2.0.0
 rich==13.9.3
 rich-argparse==1.5.2
-rpds-py==0.20.0
+rpds-py==0.20.1
 rsa==4.9
 s3transfer==0.10.3
 sentry-sdk==2.17.0
@@ -120,5 +120,5 @@ watchfiles==0.24.0
 websocket-client==1.8.0
 wrapt==1.16.0
 www-authenticate==0.9.2
-yarl==1.17.0
+yarl==1.17.1
 zipp==3.20.2

requirements/flit-requirements.txt

@@ -1,6 +1,6 @@
 charset-normalizer==3.4.0
 docutils==0.21.2
-flit-core==3.9.0
+flit-core==3.10.0
 idna==3.10
 requests==2.32.3
 tomli-w==1.1.0

requirements/graph-tool-requirements.txt

@@ -6,6 +6,6 @@ matplotlib==3.9.2
 packaging==24.1
 pyparsing==3.2.0
 python-dateutil==2.9.0.post0
-setuptools==75.2.0
+setuptools==75.3.0
 six==1.16.0
 zstandard==0.23.0

requirements/lizard-analyzer-requirements.txt

@@ -0,0 +1 @@
+pygments==2.18.0

requirements/pdm-requirements.txt

@@ -19,13 +19,13 @@ platformdirs==4.3.6
 pygments==2.18.0
 pyproject-hooks==1.2.0
 python-dotenv==1.0.1
-resolvelib==1.0.1
-rich==13.9.2
+resolvelib==1.1.0
+rich==13.9.3
 shellingham==1.5.4
 sniffio==1.3.1
 socksio==1.0.0
 tomlkit==0.13.2
-truststore==0.9.2
+truststore==0.10.0
 typing-extensions==4.12.2
 unearth==0.17.2
-virtualenv==20.27.0
+virtualenv==20.27.1

requirements/semgrep-requirements.txt

@@ -33,7 +33,7 @@ pygments==2.18.0
 referencing==0.35.1
 requests==2.32.3
 rich==13.5.3
-rpds-py==0.20.0
+rpds-py==0.20.1
 ruamel-yaml==0.17.40
 setuptools==75.3.0
 tomli==2.0.2