From 89fe6a51136ecc76f33edeb4f184fac5f59b1793 Mon Sep 17 00:00:00 2001 From: "github.actions" Date: Thu, 19 Sep 2024 08:05:52 +0000 Subject: [PATCH] Latest data: Thu Sep 19 08:05:52 UTC 2024 --- audits/azure-cli-requirements.audit.json | 1 + audits/scoutsuite-requirements.audit.json | 125 ++++++++++++++++++ requirements/c7n-requirements.txt | 18 +-- .../cyclonedx-python-requirements.txt | 24 ++-- requirements/dstack-requirements.txt | 24 ++-- requirements/esphome-requirements.txt | 6 +- requirements/esptool-requirements.txt | 5 +- requirements/ldeep-requirements.txt | 2 +- requirements/sigstore-requirements.txt | 16 +-- requirements/sqlfluff-requirements.txt | 6 +- requirements/tox-requirements.txt | 8 +- 11 files changed, 181 insertions(+), 54 deletions(-) diff --git a/audits/azure-cli-requirements.audit.json b/audits/azure-cli-requirements.audit.json index d5dec382..55a5f3ed 100644 --- a/audits/azure-cli-requirements.audit.json +++ b/audits/azure-cli-requirements.audit.json @@ -15,6 +15,7 @@ "schema_version": "1.6.0", "id": "GHSA-h4gh-qq45-vh27", "related": [ + "CGA-5rwc-frgf-pfq3", "CGA-6vrp-xf34-j7xv", "CGA-hpm7-m5wg-4f4h", "CGA-xc57-m8vh-5mcg" diff --git a/audits/scoutsuite-requirements.audit.json b/audits/scoutsuite-requirements.audit.json index 69e9a195..c894436a 100644 --- a/audits/scoutsuite-requirements.audit.json +++ b/audits/scoutsuite-requirements.audit.json @@ -649,5 +649,130 @@ "max_severity": "6.8" } ] + }, + { + "package": { + "name": "sqlitedict", + "version": "2.1.0", + "ecosystem": "PyPI" + }, + "dependency_groups": [ + "scoutsuite-requirements" + ], + "vulnerabilities": [ + { + "modified": "2024-09-18T22:49:50Z", + "published": "2024-09-18T15:30:52Z", + "schema_version": "1.6.0", + "id": "GHSA-g4r7-86gm-pgqc", + "aliases": [ + "CVE-2024-35515" + ], + "summary": "sqlitedict insecure deserialization vulnerability", + "details": "Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.", + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "sqlitedict", + "purl": "pkg:pypi/sqlitedict" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2.1.0" + } + ] + } + ], + "versions": [ + "1.0", + "1.0.1", + "1.0.2", + "1.0.3", + "1.0.4", + "1.0.5", + "1.0.6", + "1.0.7", + "1.0.8", + "1.0.9", + "1.1.0", + "1.2.0", + "1.3.0", + "1.4.0", + "1.4.1", + "1.4.2", + "1.5.0", + "1.6.0", + "1.7.0", + "2.0.0", + "2.1.0" + ], + "database_specific": { + "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-g4r7-86gm-pgqc/GHSA-g4r7-86gm-pgqc.json" + } + } + ], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35515" + }, + { + "type": "WEB", + "url": "https://github.com/piskvorky/sqlitedict/issues/174" + }, + { + "type": "PACKAGE", + "url": "https://github.com/piskvorky/sqlitedict" + }, + { + "type": "WEB", + "url": "https://github.com/piskvorky/sqlitedict?tab=readme-ov-file#serialization" + }, + { + "type": "WEB", + "url": "https://wha13.github.io/2024/06/13/mfcve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502", + "CWE-94" + ], + "github_reviewed": true, + "github_reviewed_at": "2024-09-18T17:39:11Z", + "nvd_published_at": "2024-09-18T15:15:14Z", + "severity": "HIGH" + } + } + ], + "groups": [ + { + "ids": [ + "GHSA-g4r7-86gm-pgqc" + ], + "aliases": [ + "CVE-2024-35515", + "GHSA-g4r7-86gm-pgqc" + ], + "max_severity": "8.8" + } + ] } ] \ No newline at end of file diff --git a/requirements/c7n-requirements.txt b/requirements/c7n-requirements.txt index f6d86f66..ac83658c 100644 --- a/requirements/c7n-requirements.txt +++ b/requirements/c7n-requirements.txt @@ -1,18 +1,18 @@ -argcomplete==3.4.0 -attrs==23.2.0 -boto3==1.34.147 -botocore==1.34.147 +argcomplete==3.5.0 +attrs==24.2.0 +boto3==1.35.22 +botocore==1.35.22 docutils==0.21.2 -importlib-metadata==8.1.0 +importlib-metadata==8.5.0 jmespath==1.0.1 jsonschema==4.23.0 jsonschema-specifications==2023.12.1 python-dateutil==2.9.0.post0 -pyyaml==6.0.1 +pyyaml==6.0.2 referencing==0.35.1 -rpds-py==0.19.0 +rpds-py==0.20.0 s3transfer==0.10.2 six==1.16.0 tabulate==0.9.0 -urllib3==2.2.2 -zipp==3.19.2 +urllib3==2.2.3 +zipp==3.20.2 diff --git a/requirements/cyclonedx-python-requirements.txt b/requirements/cyclonedx-python-requirements.txt index 446cf4b8..1111ca32 100644 --- a/requirements/cyclonedx-python-requirements.txt +++ b/requirements/cyclonedx-python-requirements.txt @@ -1,29 +1,29 @@ arrow==1.3.0 -attrs==23.2.0 +attrs==24.2.0 boolean-py==4.0 chardet==5.2.0 -cyclonedx-python-lib==7.4.0 +cyclonedx-python-lib==7.6.1 defusedxml==0.7.1 fqdn==1.5.1 -idna==3.7 +idna==3.10 isoduration==20.11.0 jsonpointer==3.0.0 -jsonschema==4.22.0 +jsonschema==4.23.0 jsonschema-specifications==2023.12.1 -license-expression==30.3.0 -lxml==5.2.2 -packageurl-python==0.15.0 +license-expression==30.3.1 +lxml==5.3.0 +packageurl-python==0.15.6 packaging==24.1 pip-requirements-parser==32.0.1 -py-serializable==1.0.3 -pyparsing==3.1.2 +py-serializable==1.1.1 +pyparsing==3.1.4 python-dateutil==2.9.0.post0 referencing==0.35.1 rfc3339-validator==0.1.4 rfc3987==1.3.8 -rpds-py==0.18.1 +rpds-py==0.20.0 six==1.16.0 sortedcontainers==2.4.0 -types-python-dateutil==2.9.0.20240316 +types-python-dateutil==2.9.0.20240906 uri-template==1.3.0 -webcolors==24.6.0 +webcolors==24.8.0 diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt index 3a7ef836..ddfffe0f 100644 --- a/requirements/dstack-requirements.txt +++ b/requirements/dstack-requirements.txt @@ -10,7 +10,7 @@ apscheduler==3.10.4 asyncpg==0.29.0 attrs==24.2.0 azure-common==1.1.28 -azure-core==1.30.2 +azure-core==1.31.0 azure-identity==1.17.1 azure-mgmt-authorization==4.0.0 azure-mgmt-compute==33.0.0 @@ -19,8 +19,8 @@ azure-mgmt-network==26.0.0 azure-mgmt-resource==23.1.1 azure-mgmt-subscription==3.1.1 bcrypt==4.2.0 -boto3==1.35.16 -botocore==1.35.16 +boto3==1.35.21 +botocore==1.35.21 cached-classproperty==1.0.1 cachetools==5.5.0 charset-normalizer==3.3.2 @@ -29,13 +29,13 @@ cursor==1.3.5 deprecated==1.2.14 dnspython==2.6.1 docker==7.1.0 -fastapi==0.114.1 -filelock==3.16.0 +fastapi==0.115.0 +filelock==3.16.1 frozenlist==1.4.1 gitdb==4.0.11 gitpython==3.1.43 google-api-core==2.19.2 -google-api-python-client==2.145.0 +google-api-python-client==2.146.0 google-auth==2.34.0 google-auth-httplib2==0.2.0 google-cloud-appengine-logging==1.4.5 @@ -58,7 +58,7 @@ h11==0.14.0 httpcore==1.0.5 httplib2==0.22.0 httpx==0.27.2 -idna==3.8 +idna==3.10 importlib-metadata==8.4.0 isodate==0.6.1 jmespath==1.0.1 @@ -75,10 +75,10 @@ multidict==6.1.0 oauthlib==3.2.2 opentelemetry-api==1.27.0 packaging==24.1 -paramiko==3.4.1 +paramiko==3.5.0 portalocker==2.10.1 proto-plus==1.24.0 -protobuf==5.28.0 +protobuf==5.28.1 pyasn1==0.6.1 pyasn1-modules==0.4.1 pydantic==1.10.18 @@ -106,18 +106,18 @@ simple-term-menu==1.6.4 six==1.16.0 smmap==5.0.1 sniffio==1.3.1 -sqlalchemy==2.0.34 +sqlalchemy==2.0.35 sqlalchemy-utils==0.41.2 starlette==0.38.5 tqdm==4.66.5 typing-extensions==4.12.2 tzlocal==5.2 uritemplate==4.1.1 -urllib3==2.2.2 +urllib3==2.2.3 uvicorn==0.30.6 watchfiles==0.24.0 websocket-client==1.8.0 wrapt==1.16.0 www-authenticate==0.9.2 yarl==1.11.1 -zipp==3.20.1 +zipp==3.20.2 diff --git a/requirements/esphome-requirements.txt b/requirements/esphome-requirements.txt index 9c7f566a..b1325191 100644 --- a/requirements/esphome-requirements.txt +++ b/requirements/esphome-requirements.txt @@ -16,7 +16,7 @@ esphome-dashboard==20240620.0 esptool==4.7.0 h11==0.14.0 icmplib==3.0.4 -idna==3.8 +idna==3.10 ifaddr==0.2.0 intelhex==2.3.0 kconfiglib==13.7.1 @@ -25,7 +25,7 @@ noiseprotocol==0.3.1 packaging==24.1 paho-mqtt==1.6.1 platformio==6.1.15 -protobuf==5.28.0 +protobuf==5.28.2 pyelftools==0.31 pyparsing==3.1.4 pyserial==3.5 @@ -43,7 +43,7 @@ tabulate==0.9.0 tornado==6.4 tzdata==2024.1 tzlocal==5.2 -urllib3==2.2.2 +urllib3==2.2.3 uvicorn==0.29.0 voluptuous==0.14.2 wsproto==1.2.0 diff --git a/requirements/esptool-requirements.txt b/requirements/esptool-requirements.txt index b1972cb7..68d4359d 100644 --- a/requirements/esptool-requirements.txt +++ b/requirements/esptool-requirements.txt @@ -1,8 +1,9 @@ +argcomplete==3.5.0 bitarray==2.9.2 -bitstring==4.1.4 +bitstring==4.2.3 ecdsa==0.19.0 intelhex==2.3.0 pyserial==3.5 -pyyaml==6.0.1 +pyyaml==6.0.2 reedsolo==1.7.0 six==1.16.0 diff --git a/requirements/ldeep-requirements.txt b/requirements/ldeep-requirements.txt index 57d344e9..7e2a785d 100644 --- a/requirements/ldeep-requirements.txt +++ b/requirements/ldeep-requirements.txt @@ -5,7 +5,7 @@ dnspython==2.6.1 gssapi==1.8.3 ldap3-bleeding-edge==2.10.1.1337 oscrypto==1.3.0 -pyasn1==0.6.0 +pyasn1==0.6.1 pycryptodome==3.20.0 pycryptodomex==3.20.0 six==1.16.0 diff --git a/requirements/sigstore-requirements.txt b/requirements/sigstore-requirements.txt index b6b3c2bb..de639725 100644 --- a/requirements/sigstore-requirements.txt +++ b/requirements/sigstore-requirements.txt @@ -8,25 +8,25 @@ h2==4.1.0 hpack==4.0.0 hyperframe==6.0.1 id==1.4.0 -idna==3.7 +idna==3.10 markdown-it-py==3.0.0 mdurl==0.1.2 -multidict==6.0.5 -platformdirs==4.2.2 -pyasn1==0.6.0 -pydantic==2.8.2 -pydantic-core==2.20.1 +multidict==6.1.0 +platformdirs==4.3.6 +pyasn1==0.6.1 +pydantic==2.9.2 +pydantic-core==2.23.4 pygments==2.18.0 pyjwt==2.9.0 pyopenssl==24.2.1 python-dateutil==2.9.0.post0 requests==2.32.3 rfc8785==0.1.3 -rich==13.7.1 +rich==13.8.1 securesystemslib==1.1.0 sigstore-protobuf-specs==0.3.2 sigstore-rekor-types==0.0.13 six==1.16.0 tuf==5.0.0 typing-extensions==4.12.2 -urllib3==2.2.2 +urllib3==2.2.3 diff --git a/requirements/sqlfluff-requirements.txt b/requirements/sqlfluff-requirements.txt index 6c78e85b..e27ee2ca 100644 --- a/requirements/sqlfluff-requirements.txt +++ b/requirements/sqlfluff-requirements.txt @@ -2,7 +2,7 @@ appdirs==1.4.4 chardet==5.2.0 click==8.1.7 colorama==0.4.6 -diff-cover==9.1.1 +diff-cover==9.2.0 iniconfig==2.0.0 jinja2==3.1.4 markupsafe==2.1.5 @@ -10,8 +10,8 @@ packaging==24.1 pathspec==0.12.1 pluggy==1.5.0 pygments==2.18.0 -pytest==8.3.2 +pytest==8.3.3 pyyaml==6.0.2 -regex==2024.7.24 +regex==2024.9.11 tblib==3.0.0 tqdm==4.66.5 diff --git a/requirements/tox-requirements.txt b/requirements/tox-requirements.txt index 7f6b7481..b9b66afc 100644 --- a/requirements/tox-requirements.txt +++ b/requirements/tox-requirements.txt @@ -2,9 +2,9 @@ cachetools==5.5.0 chardet==5.2.0 colorama==0.4.6 distlib==0.3.8 -filelock==3.16.0 +filelock==3.16.1 packaging==24.1 -platformdirs==4.3.4 +platformdirs==4.3.6 pluggy==1.5.0 -pyproject-api==1.7.1 -virtualenv==20.26.4 +pyproject-api==1.8.0 +virtualenv==20.26.5