diff --git a/audits/aider-requirements.audit.json b/audits/aider-requirements.audit.json deleted file mode 100644 index c6fd414f..00000000 --- a/audits/aider-requirements.audit.json +++ /dev/null @@ -1,443 +0,0 @@ -[ - { - "package": { - "name": "aiohttp", - "version": "3.10.10", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "aider-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-11-19T21:00:57Z", - "published": "2024-11-18T21:02:17Z", - "schema_version": "1.6.0", - "id": "GHSA-27mf-ghqm-j3j8", - "aliases": [ - "CVE-2024-52303" - ], - "related": [ - "CGA-48j3-hqpv-g3q7" - ], - "summary": "aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method", - "details": "### Summary\n\nA memory leak can occur when a request produces a `MatchInfoError`. This was caused by adding an entry to a cache on each request, due to the building of each `MatchInfoError` producing a unique cache entry.\n\n### Impact\n\nIf the user is making use of any middlewares with `aiohttp.web` then it is advisable to upgrade immediately.\n\nAn attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "aiohttp", - "purl": "pkg:pypi/aiohttp" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "3.10.6" - }, - { - "fixed": "3.10.11" - } - ] - } - ], - "versions": [ - "3.10.10", - "3.10.11rc0", - "3.10.6", - "3.10.7", - "3.10.8", - "3.10.9" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-27mf-ghqm-j3j8/GHSA-27mf-ghqm-j3j8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - }, - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52303" - }, - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936" - }, - { - "type": "PACKAGE", - "url": "https://github.com/aio-libs/aiohttp" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-772" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-18T21:02:17Z", - "nvd_published_at": "2024-11-18T20:15:06Z", - "severity": "MODERATE" - } - }, - { - "modified": "2024-11-30T05:27:01Z", - "published": "2024-11-18T21:02:32Z", - "schema_version": "1.6.0", - "id": "GHSA-8495-4g3g-x7pr", - "aliases": [ - "CVE-2024-52304" - ], - "related": [ - "CGA-hc89-w3pf-6cxj" - ], - "summary": "aiohttp allows request smuggling due to incorrect parsing of chunk extensions", - "details": "### Summary\nThe Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "aiohttp", - "purl": "pkg:pypi/aiohttp" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "3.10.11" - } - ] - } - ], - "versions": [ - "0.1", - "0.10.0", - "0.10.1", - "0.10.2", - "0.11.0", - "0.12.0", - "0.13.0", - "0.13.1", - "0.14.0", - "0.14.1", - "0.14.2", - "0.14.3", - "0.14.4", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.16.0", - "0.16.1", - "0.16.2", - "0.16.3", - "0.16.4", - "0.16.5", - "0.16.6", - "0.17.0", - "0.17.1", - "0.17.2", - "0.17.3", - "0.17.4", - "0.18.0", - "0.18.1", - "0.18.2", - "0.18.3", - "0.18.4", - "0.19.0", - "0.2", - "0.20.0", - "0.20.1", - "0.20.2", - "0.21.0", - "0.21.1", - "0.21.2", - "0.21.4", - "0.21.5", - "0.21.6", - "0.22.0", - "0.22.0a0", - "0.22.0b0", - "0.22.0b1", - "0.22.0b2", - "0.22.0b3", - "0.22.0b4", - "0.22.0b5", - "0.22.0b6", - "0.22.1", - "0.22.2", - "0.22.3", - "0.22.4", - "0.22.5", - "0.3", - "0.4", - "0.4.1", - "0.4.2", - "0.4.3", - "0.4.4", - "0.5.0", - "0.6.0", - "0.6.1", - "0.6.2", - "0.6.3", - "0.6.4", - "0.6.5", - "0.7.0", - "0.7.1", - "0.7.2", - "0.7.3", - "0.8.0", - "0.8.1", - "0.8.2", - "0.8.3", - "0.8.4", - "0.9.0", - "0.9.1", - "0.9.2", - "0.9.3", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.5", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.2.0", - "1.3.0", - "1.3.1", - "1.3.2", - "1.3.3", - "1.3.4", - "1.3.5", - "2.0.0", - "2.0.0rc1", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5", - "2.0.6", - "2.0.7", - "2.1.0", - "2.2.0", - "2.2.1", - "2.2.2", - "2.2.3", - "2.2.4", - "2.2.5", - "2.3.0", - "2.3.0a1", - "2.3.0a2", - "2.3.0a3", - "2.3.0a4", - "2.3.1", - "2.3.10", - "2.3.1a1", - "2.3.2", - "2.3.2b2", - "2.3.2b3", - "2.3.3", - "2.3.4", - "2.3.5", - "2.3.6", - "2.3.7", - "2.3.8", - "2.3.9", - "3.0.0", - "3.0.0b0", - "3.0.0b1", - "3.0.0b2", - "3.0.0b3", - "3.0.0b4", - "3.0.1", - "3.0.2", - "3.0.3", - "3.0.4", - "3.0.5", - "3.0.6", - "3.0.7", - "3.0.8", - "3.0.9", - "3.1.0", - "3.1.1", - "3.1.2", - "3.1.3", - "3.10.0", - "3.10.0b1", - "3.10.0rc0", - "3.10.1", - "3.10.10", - "3.10.11rc0", - "3.10.2", - "3.10.3", - "3.10.4", - "3.10.5", - "3.10.6", - "3.10.6rc0", - "3.10.6rc1", - "3.10.6rc2", - "3.10.7", - "3.10.8", - "3.10.9", - "3.2.0", - "3.2.1", - "3.3.0", - "3.3.0a0", - "3.3.1", - "3.3.2", - "3.3.2a0", - "3.4.0", - "3.4.0a0", - "3.4.0a3", - "3.4.0b1", - "3.4.0b2", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5.0", - "3.5.0a1", - "3.5.0b1", - "3.5.0b2", - "3.5.0b3", - "3.5.1", - "3.5.2", - "3.5.3", - "3.5.4", - "3.6.0", - "3.6.0a0", - "3.6.0a1", - "3.6.0a11", - "3.6.0a12", - "3.6.0a2", - "3.6.0a3", - "3.6.0a4", - "3.6.0a5", - "3.6.0a6", - "3.6.0a7", - "3.6.0a8", - "3.6.0a9", - "3.6.0b0", - "3.6.1", - "3.6.1b3", - "3.6.1b4", - "3.6.2", - "3.6.2a0", - "3.6.2a1", - "3.6.2a2", - "3.6.3", - "3.7.0", - "3.7.0b0", - "3.7.0b1", - "3.7.1", - "3.7.2", - "3.7.3", - "3.7.4", - "3.7.4.post0", - "3.8.0", - "3.8.0a7", - "3.8.0b0", - "3.8.1", - "3.8.2", - "3.8.3", - "3.8.4", - "3.8.5", - "3.8.6", - "3.9.0", - "3.9.0b0", - "3.9.0b1", - "3.9.0rc0", - "3.9.1", - "3.9.2", - "3.9.3", - "3.9.4", - "3.9.4rc0", - "3.9.5" - ], - "database_specific": { - "last_known_affected_version_range": "<= 3.10.10", - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-8495-4g3g-x7pr/GHSA-8495-4g3g-x7pr.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52304" - }, - { - "type": "WEB", - "url": "https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71" - }, - { - "type": "PACKAGE", - "url": "https://github.com/aio-libs/aiohttp" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-444" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-11-18T21:02:32Z", - "nvd_published_at": "2024-11-18T21:15:06Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-27mf-ghqm-j3j8" - ], - "aliases": [ - "CVE-2024-52303", - "GHSA-27mf-ghqm-j3j8" - ], - "max_severity": "7.5" - }, - { - "ids": [ - "GHSA-8495-4g3g-x7pr" - ], - "aliases": [ - "CVE-2024-52304", - "GHSA-8495-4g3g-x7pr" - ], - "max_severity": "6.3" - } - ] - } -] \ No newline at end of file diff --git a/audits/icloudpd-requirements.audit.json b/audits/icloudpd-requirements.audit.json index c3e492ad..d8884421 100644 --- a/audits/icloudpd-requirements.audit.json +++ b/audits/icloudpd-requirements.audit.json @@ -10,7 +10,7 @@ ], "vulnerabilities": [ { - "modified": "2024-12-06T05:24:56Z", + "modified": "2024-12-06T18:33:09Z", "published": "2024-07-05T20:06:40Z", "schema_version": "1.6.0", "id": "GHSA-248v-346w-9cwc", @@ -102,6 +102,10 @@ { "type": "WEB", "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20241206-0001" } ], "database_specific": { diff --git a/requirements/aider-requirements.txt b/requirements/aider-requirements.txt index 9c2702cc..2d8eb231 100644 --- a/requirements/aider-requirements.txt +++ b/requirements/aider-requirements.txt @@ -1,5 +1,5 @@ -aiohappyeyeballs==2.4.3 -aiohttp==3.10.10 +aiohappyeyeballs==2.4.4 +aiohttp==3.11.9 aiosignal==1.3.1 annotated-types==0.7.0 anyio==4.6.2.post1 @@ -19,20 +19,20 @@ frozenlist==1.5.0 fsspec==2024.10.0 gitdb==4.0.11 gitpython==3.1.43 -grep-ast==0.3.3 +grep-ast==0.4.1 h11==0.14.0 -httpcore==1.0.6 +httpcore==1.0.7 httpx==0.27.2 -huggingface-hub==0.26.2 +huggingface-hub==0.26.3 idna==3.10 importlib-metadata==7.2.1 importlib-resources==6.4.5 jinja2==3.1.4 -jiter==0.7.0 -json5==0.9.25 +jiter==0.8.0 +json5==0.10.0 jsonschema==4.23.0 jsonschema-specifications==2024.10.1 -litellm==1.51.2 +litellm==1.53.5 markdown-it-py==3.0.0 markupsafe==3.0.2 mccabe==0.7.0 @@ -41,19 +41,19 @@ mixpanel==4.10.1 monotonic==1.6 multidict==6.1.0 networkx==3.2.1 -openai==1.53.0 +openai==1.56.2 packaging==24.2 pathspec==0.12.1 pexpect==4.9.0 -posthog==3.7.0 +posthog==3.7.4 prompt-toolkit==3.0.48 -propcache==0.2.0 +propcache==0.2.1 psutil==6.1.0 ptyprocess==0.7.0 pycodestyle==2.12.1 pycparser==2.22 -pydantic==2.9.2 -pydantic-core==2.23.4 +pydantic==2.10.3 +pydantic-core==2.27.1 pydub==0.25.1 pyflakes==3.2.0 pygments==2.18.0 @@ -63,23 +63,24 @@ python-dateutil==2.9.0.post0 python-dotenv==1.0.1 pyyaml==6.0.2 referencing==0.35.1 -regex==2024.9.11 +regex==2024.11.6 requests==2.32.3 -rich==13.9.3 -rpds-py==0.20.1 +rich==13.9.4 +rpds-py==0.22.3 setuptools==75.6.0 -six==1.16.0 +six==1.17.0 smmap==5.0.1 sniffio==1.3.1 sounddevice==0.5.1 soundfile==0.12.1 soupsieve==2.6 tiktoken==0.8.0 -tokenizers==0.19.1 -tqdm==4.66.6 +tokenizers==0.21.0 +tqdm==4.67.1 tree-sitter==0.21.3 typing-extensions==4.12.2 urllib3==2.2.3 +watchfiles==1.0.0 wcwidth==0.2.13 -yarl==1.17.1 -zipp==3.20.2 +yarl==1.18.3 +zipp==3.21.0 diff --git a/requirements/harlequin-requirements.txt b/requirements/harlequin-requirements.txt index 6a0d0976..33bc782f 100644 --- a/requirements/harlequin-requirements.txt +++ b/requirements/harlequin-requirements.txt @@ -3,6 +3,7 @@ meson-python==0.15.0 click==8.1.7 duckdb==1.1.3 harlequin-mysql==0.3.0 +harlequin-postgres==0.4.0 jinja2==3.1.4 linkify-it-py==2.0.3 markdown-it-py==3.0.0 @@ -12,6 +13,9 @@ mdurl==0.1.2 numpy==1.26.4 platformdirs==4.3.6 prompt-toolkit==3.0.36 +psycopg==3.2.3 +psycopg-c==3.2.3 +psycopg-pool==3.2.4 pyarrow==18.1.0 pygments==2.18.0 pyperclip==1.9.0 diff --git a/requirements/lexicon-requirements.txt b/requirements/lexicon-requirements.txt index b8002373..61747732 100644 --- a/requirements/lexicon-requirements.txt +++ b/requirements/lexicon-requirements.txt @@ -1,7 +1,7 @@ attrs==24.2.0 beautifulsoup4==4.12.3 -boto3==1.35.39 -botocore==1.35.39 +boto3==1.35.76 +botocore==1.35.76 charset-normalizer==3.4.0 circuitbreaker==2.0.0 click==8.1.7 @@ -14,12 +14,12 @@ localzone==0.9.8 lxml==5.3.0 markdown-it-py==3.0.0 mdurl==0.1.2 -oci==2.135.2 +oci==2.139.0 platformdirs==4.3.6 -prettytable==3.11.0 +prettytable==3.12.0 prompt-toolkit==3.0.48 pygments==2.18.0 -pyopenssl==24.2.1 +pyopenssl==24.3.0 pyotp==2.9.0 python-dateutil==2.9.0.post0 pytz==2024.2 @@ -28,12 +28,12 @@ requests==2.32.3 requests-file==2.1.0 requests-toolbelt==1.0.0 rich==13.7.1 -s3transfer==0.10.3 -six==1.16.0 +s3transfer==0.10.4 +six==1.17.0 softlayer==6.2.5 soupsieve==2.6 -tencentcloud-sdk-python==3.0.1248 -tldextract==5.1.2 +tencentcloud-sdk-python==3.0.1277 +tldextract==5.1.3 urllib3==2.2.3 wcwidth==0.2.13 -zeep==4.2.1 +zeep==4.3.1 diff --git a/requirements/ola-requirements.txt b/requirements/ola-requirements.txt index d51ea8cb..83497221 100644 --- a/requirements/ola-requirements.txt +++ b/requirements/ola-requirements.txt @@ -1 +1 @@ -protobuf==5.29.0 +protobuf==5.29.1 diff --git a/requirements/poetry-requirements.txt b/requirements/poetry-requirements.txt index 69a803e4..2c49fc92 100644 --- a/requirements/poetry-requirements.txt +++ b/requirements/poetry-requirements.txt @@ -1,11 +1,11 @@ build==1.2.2.post1 -cachecontrol==0.14.0 +cachecontrol==0.14.1 charset-normalizer==3.4.0 cleo==2.1.0 crashtest==0.4.1 distlib==0.3.9 dulwich==0.21.7 -fastjsonschema==2.20.0 +fastjsonschema==2.21.1 filelock==3.16.1 idna==3.10 installer==0.7.0 @@ -14,21 +14,21 @@ jeepney==0.8.0 keyring==24.3.1 more-itertools==10.5.0 msgpack==1.1.0 -packaging==24.1 +packaging==24.2 pexpect==4.9.0 -pkginfo==1.11.2 +pkginfo==1.12.0 platformdirs==4.3.6 poetry-core==1.9.1 poetry-plugin-export==1.8.0 ptyprocess==0.7.0 pyproject-hooks==1.2.0 -rapidfuzz==3.10.0 +rapidfuzz==3.10.1 requests==2.32.3 requests-toolbelt==1.0.0 secretstorage==3.3.3 shellingham==1.5.4 tomlkit==0.13.2 -trove-classifiers==2024.10.13 +trove-classifiers==2024.10.21.16 urllib3==2.2.3 -virtualenv==20.26.6 +virtualenv==20.28.0 xattr==1.1.0 diff --git a/requirements/python@3.12-requirements.txt b/requirements/python@3.12-requirements.txt index d7c038f1..e74962d0 100644 --- a/requirements/python@3.12-requirements.txt +++ b/requirements/python@3.12-requirements.txt @@ -1,4 +1,4 @@ -flit-core==3.9.0 -pip==24.2 -setuptools==75.1.0 -wheel==0.44.0 +flit-core==3.10.1 +pip==24.3.1 +setuptools==75.6.0 +wheel==0.45.1 diff --git a/requirements/weaviate-cli-requirements.txt b/requirements/weaviate-cli-requirements.txt new file mode 100644 index 00000000..d7266ecd --- /dev/null +++ b/requirements/weaviate-cli-requirements.txt @@ -0,0 +1,25 @@ +annotated-types==0.7.0 +anyio==4.7.0 +authlib==1.3.1 +charset-normalizer==3.4.0 +click==8.1.7 +grpcio==1.68.1 +grpcio-health-checking==1.68.1 +grpcio-tools==1.68.1 +h11==0.14.0 +httpcore==1.0.7 +httpx==0.27.0 +idna==3.10 +importlib-resources==6.4.5 +numpy==2.1.3 +protobuf==5.29.1 +pydantic==2.10.3 +pydantic-core==2.27.1 +requests==2.32.3 +semver==3.0.2 +setuptools==75.6.0 +sniffio==1.3.1 +typing-extensions==4.12.2 +urllib3==2.2.3 +validators==0.34.0 +weaviate-client==4.9.6