Latest data: Thu Sep 19 08:05:52 UTC 2024

Homebrew · Sep 19, 2024 · 89fe6a5 · 89fe6a5
1 parent 0e837f5
commit 89fe6a5
Show file tree

Hide file tree

Showing 11 changed files with 181 additions and 54 deletions.
diff --git a/audits/azure-cli-requirements.audit.json b/audits/azure-cli-requirements.audit.json
@@ -15,6 +15,7 @@
         "schema_version": "1.6.0",
         "id": "GHSA-h4gh-qq45-vh27",
         "related": [
+          "CGA-5rwc-frgf-pfq3",
           "CGA-6vrp-xf34-j7xv",
           "CGA-hpm7-m5wg-4f4h",
           "CGA-xc57-m8vh-5mcg"

diff --git a/audits/scoutsuite-requirements.audit.json b/audits/scoutsuite-requirements.audit.json
@@ -649,5 +649,130 @@
         "max_severity": "6.8"
       }
     ]
+  },
+  {
+    "package": {
+      "name": "sqlitedict",
+      "version": "2.1.0",
+      "ecosystem": "PyPI"
+    },
+    "dependency_groups": [
+      "scoutsuite-requirements"
+    ],
+    "vulnerabilities": [
+      {
+        "modified": "2024-09-18T22:49:50Z",
+        "published": "2024-09-18T15:30:52Z",
+        "schema_version": "1.6.0",
+        "id": "GHSA-g4r7-86gm-pgqc",
+        "aliases": [
+          "CVE-2024-35515"
+        ],
+        "summary": "sqlitedict insecure deserialization vulnerability",
+        "details": "Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.",
+        "affected": [
+          {
+            "package": {
+              "ecosystem": "PyPI",
+              "name": "sqlitedict",
+              "purl": "pkg:pypi/sqlitedict"
+            },
+            "ranges": [
+              {
+                "type": "ECOSYSTEM",
+                "events": [
+                  {
+                    "introduced": "0"
+                  },
+                  {
+                    "last_affected": "2.1.0"
+                  }
+                ]
+              }
+            ],
+            "versions": [
+              "1.0",
+              "1.0.1",
+              "1.0.2",
+              "1.0.3",
+              "1.0.4",
+              "1.0.5",
+              "1.0.6",
+              "1.0.7",
+              "1.0.8",
+              "1.0.9",
+              "1.1.0",
+              "1.2.0",
+              "1.3.0",
+              "1.4.0",
+              "1.4.1",
+              "1.4.2",
+              "1.5.0",
+              "1.6.0",
+              "1.7.0",
+              "2.0.0",
+              "2.1.0"
+            ],
+            "database_specific": {
+              "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-g4r7-86gm-pgqc/GHSA-g4r7-86gm-pgqc.json"
+            }
+          }
+        ],
+        "severity": [
+          {
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+          },
+          {
+            "type": "CVSS_V4",
+            "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+          }
+        ],
+        "references": [
+          {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35515"
+          },
+          {
+            "type": "WEB",
+            "url": "https://github.com/piskvorky/sqlitedict/issues/174"
+          },
+          {
+            "type": "PACKAGE",
+            "url": "https://github.com/piskvorky/sqlitedict"
+          },
+          {
+            "type": "WEB",
+            "url": "https://github.com/piskvorky/sqlitedict?tab=readme-ov-file#serialization"
+          },
+          {
+            "type": "WEB",
+            "url": "https://wha13.github.io/2024/06/13/mfcve"
+          }
+        ],
+        "database_specific": {
+          "cwe_ids": [
+            "CWE-502",
+            "CWE-94"
+          ],
+          "github_reviewed": true,
+          "github_reviewed_at": "2024-09-18T17:39:11Z",
+          "nvd_published_at": "2024-09-18T15:15:14Z",
+          "severity": "HIGH"
+        }
+      }
+    ],
+    "groups": [
+      {
+        "ids": [
+          "GHSA-g4r7-86gm-pgqc"
+        ],
+        "aliases": [
+          "CVE-2024-35515",
+          "GHSA-g4r7-86gm-pgqc"
+        ],
+        "max_severity": "8.8"
+      }
+    ]
   }
 ]
diff --git a/requirements/c7n-requirements.txt b/requirements/c7n-requirements.txt
@@ -1,18 +1,18 @@
-argcomplete==3.4.0
-attrs==23.2.0
-boto3==1.34.147
-botocore==1.34.147
+argcomplete==3.5.0
+attrs==24.2.0
+boto3==1.35.22
+botocore==1.35.22
 docutils==0.21.2
-importlib-metadata==8.1.0
+importlib-metadata==8.5.0
 jmespath==1.0.1
 jsonschema==4.23.0
 jsonschema-specifications==2023.12.1
 python-dateutil==2.9.0.post0
-pyyaml==6.0.1
+pyyaml==6.0.2
 referencing==0.35.1
-rpds-py==0.19.0
+rpds-py==0.20.0
 s3transfer==0.10.2
 six==1.16.0
 tabulate==0.9.0
-urllib3==2.2.2
-zipp==3.19.2
+urllib3==2.2.3
+zipp==3.20.2
diff --git a/requirements/cyclonedx-python-requirements.txt b/requirements/cyclonedx-python-requirements.txt
@@ -1,29 +1,29 @@
 arrow==1.3.0
-attrs==23.2.0
+attrs==24.2.0
 boolean-py==4.0
 chardet==5.2.0
-cyclonedx-python-lib==7.4.0
+cyclonedx-python-lib==7.6.1
 defusedxml==0.7.1
 fqdn==1.5.1
-idna==3.7
+idna==3.10
 isoduration==20.11.0
 jsonpointer==3.0.0
-jsonschema==4.22.0
+jsonschema==4.23.0
 jsonschema-specifications==2023.12.1
-license-expression==30.3.0
-lxml==5.2.2
-packageurl-python==0.15.0
+license-expression==30.3.1
+lxml==5.3.0
+packageurl-python==0.15.6
 packaging==24.1
 pip-requirements-parser==32.0.1
-py-serializable==1.0.3
-pyparsing==3.1.2
+py-serializable==1.1.1
+pyparsing==3.1.4
 python-dateutil==2.9.0.post0
 referencing==0.35.1
 rfc3339-validator==0.1.4
 rfc3987==1.3.8
-rpds-py==0.18.1
+rpds-py==0.20.0
 six==1.16.0
 sortedcontainers==2.4.0
-types-python-dateutil==2.9.0.20240316
+types-python-dateutil==2.9.0.20240906
 uri-template==1.3.0
-webcolors==24.6.0
+webcolors==24.8.0
diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt
@@ -10,7 +10,7 @@ apscheduler==3.10.4
 asyncpg==0.29.0
 attrs==24.2.0
 azure-common==1.1.28
-azure-core==1.30.2
+azure-core==1.31.0
 azure-identity==1.17.1
 azure-mgmt-authorization==4.0.0
 azure-mgmt-compute==33.0.0
@@ -19,8 +19,8 @@ azure-mgmt-network==26.0.0
 azure-mgmt-resource==23.1.1
 azure-mgmt-subscription==3.1.1
 bcrypt==4.2.0
-boto3==1.35.16
-botocore==1.35.16
+boto3==1.35.21
+botocore==1.35.21
 cached-classproperty==1.0.1
 cachetools==5.5.0
 charset-normalizer==3.3.2
@@ -29,13 +29,13 @@ cursor==1.3.5
 deprecated==1.2.14
 dnspython==2.6.1
 docker==7.1.0
-fastapi==0.114.1
-filelock==3.16.0
+fastapi==0.115.0
+filelock==3.16.1
 frozenlist==1.4.1
 gitdb==4.0.11
 gitpython==3.1.43
 google-api-core==2.19.2
-google-api-python-client==2.145.0
+google-api-python-client==2.146.0
 google-auth==2.34.0
 google-auth-httplib2==0.2.0
 google-cloud-appengine-logging==1.4.5
@@ -58,7 +58,7 @@ h11==0.14.0
 httpcore==1.0.5
 httplib2==0.22.0
 httpx==0.27.2
-idna==3.8
+idna==3.10
 importlib-metadata==8.4.0
 isodate==0.6.1
 jmespath==1.0.1
@@ -75,10 +75,10 @@ multidict==6.1.0
 oauthlib==3.2.2
 opentelemetry-api==1.27.0
 packaging==24.1
-paramiko==3.4.1
+paramiko==3.5.0
 portalocker==2.10.1
 proto-plus==1.24.0
-protobuf==5.28.0
+protobuf==5.28.1
 pyasn1==0.6.1
 pyasn1-modules==0.4.1
 pydantic==1.10.18
@@ -106,18 +106,18 @@ simple-term-menu==1.6.4
 six==1.16.0
 smmap==5.0.1
 sniffio==1.3.1
-sqlalchemy==2.0.34
+sqlalchemy==2.0.35
 sqlalchemy-utils==0.41.2
 starlette==0.38.5
 tqdm==4.66.5
 typing-extensions==4.12.2
 tzlocal==5.2
 uritemplate==4.1.1
-urllib3==2.2.2
+urllib3==2.2.3
 uvicorn==0.30.6
 watchfiles==0.24.0
 websocket-client==1.8.0
 wrapt==1.16.0
 www-authenticate==0.9.2
 yarl==1.11.1
-zipp==3.20.1
+zipp==3.20.2
diff --git a/requirements/esphome-requirements.txt b/requirements/esphome-requirements.txt
@@ -16,7 +16,7 @@ esphome-dashboard==20240620.0
 esptool==4.7.0
 h11==0.14.0
 icmplib==3.0.4
-idna==3.8
+idna==3.10
 ifaddr==0.2.0
 intelhex==2.3.0
 kconfiglib==13.7.1
@@ -25,7 +25,7 @@ noiseprotocol==0.3.1
 packaging==24.1
 paho-mqtt==1.6.1
 platformio==6.1.15
-protobuf==5.28.0
+protobuf==5.28.2
 pyelftools==0.31
 pyparsing==3.1.4
 pyserial==3.5
@@ -43,7 +43,7 @@ tabulate==0.9.0
 tornado==6.4
 tzdata==2024.1
 tzlocal==5.2
-urllib3==2.2.2
+urllib3==2.2.3
 uvicorn==0.29.0
 voluptuous==0.14.2
 wsproto==1.2.0

diff --git a/requirements/esptool-requirements.txt b/requirements/esptool-requirements.txt
@@ -1,8 +1,9 @@
+argcomplete==3.5.0
 bitarray==2.9.2
-bitstring==4.1.4
+bitstring==4.2.3
 ecdsa==0.19.0
 intelhex==2.3.0
 pyserial==3.5
-pyyaml==6.0.1
+pyyaml==6.0.2
 reedsolo==1.7.0
 six==1.16.0
diff --git a/requirements/ldeep-requirements.txt b/requirements/ldeep-requirements.txt
@@ -5,7 +5,7 @@ dnspython==2.6.1
 gssapi==1.8.3
 ldap3-bleeding-edge==2.10.1.1337
 oscrypto==1.3.0
-pyasn1==0.6.0
+pyasn1==0.6.1
 pycryptodome==3.20.0
 pycryptodomex==3.20.0
 six==1.16.0

diff --git a/requirements/sigstore-requirements.txt b/requirements/sigstore-requirements.txt
@@ -8,25 +8,25 @@ h2==4.1.0
 hpack==4.0.0
 hyperframe==6.0.1
 id==1.4.0
-idna==3.7
+idna==3.10
 markdown-it-py==3.0.0
 mdurl==0.1.2
-multidict==6.0.5
-platformdirs==4.2.2
-pyasn1==0.6.0
-pydantic==2.8.2
-pydantic-core==2.20.1
+multidict==6.1.0
+platformdirs==4.3.6
+pyasn1==0.6.1
+pydantic==2.9.2
+pydantic-core==2.23.4
 pygments==2.18.0
 pyjwt==2.9.0
 pyopenssl==24.2.1
 python-dateutil==2.9.0.post0
 requests==2.32.3
 rfc8785==0.1.3
-rich==13.7.1
+rich==13.8.1
 securesystemslib==1.1.0
 sigstore-protobuf-specs==0.3.2
 sigstore-rekor-types==0.0.13
 six==1.16.0
 tuf==5.0.0
 typing-extensions==4.12.2
-urllib3==2.2.2
+urllib3==2.2.3
diff --git a/requirements/sqlfluff-requirements.txt b/requirements/sqlfluff-requirements.txt
@@ -2,16 +2,16 @@ appdirs==1.4.4
 chardet==5.2.0
 click==8.1.7
 colorama==0.4.6
-diff-cover==9.1.1
+diff-cover==9.2.0
 iniconfig==2.0.0
 jinja2==3.1.4
 markupsafe==2.1.5
 packaging==24.1
 pathspec==0.12.1
 pluggy==1.5.0
 pygments==2.18.0
-pytest==8.3.2
+pytest==8.3.3
 pyyaml==6.0.2
-regex==2024.7.24
+regex==2024.9.11
 tblib==3.0.0
 tqdm==4.66.5