From b1e00a290bd01d6c25d49189bbb9832edd2d77d4 Mon Sep 17 00:00:00 2001 From: "github.actions" Date: Mon, 17 Jun 2024 08:05:26 +0000 Subject: [PATCH] Latest data: Mon Jun 17 08:05:26 UTC 2024 --- audits/manim-requirements.audit.json | 231 -------- audits/recon-ng-requirements.audit.json | 738 ------------------------ requirements/autopep8-requirements.txt | 2 +- requirements/beancount-requirements.txt | 32 +- requirements/manim-requirements.txt | 18 +- requirements/recon-ng-requirements.txt | 30 +- 6 files changed, 29 insertions(+), 1022 deletions(-) delete mode 100644 audits/manim-requirements.audit.json delete mode 100644 audits/recon-ng-requirements.audit.json diff --git a/audits/manim-requirements.audit.json b/audits/manim-requirements.audit.json deleted file mode 100644 index 0ad50bac..00000000 --- a/audits/manim-requirements.audit.json +++ /dev/null @@ -1,231 +0,0 @@ -[ - { - "package": { - "name": "tqdm", - "version": "4.66.2", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "manim-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-06-10T19:03:48Z", - "published": "2024-05-03T19:33:28Z", - "schema_version": "1.6.0", - "id": "GHSA-g7vv-2v7x-gj9p", - "aliases": [ - "CVE-2024-34062" - ], - "summary": "tqdm CLI arguments injection attack", - "details": "### Impact\nAny optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. Example:\n\n```sh\npython -m tqdm --manpath=\"\\\" + str(exec(\\\"import os\\nos.system('echo hi && killall python3')\\\")) + \\\"\"\n```\n\n### Patches\nhttps://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316 released in `tqdm>=4.66.3`\n\n### Workarounds\nNone\n\n### References\n- https://github.com/tqdm/tqdm/releases/tag/v4.66.3", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "tqdm", - "purl": "pkg:pypi/tqdm" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.4.0" - }, - { - "fixed": "4.66.3" - } - ] - } - ], - "versions": [ - "4.10.0", - "4.11.0", - "4.11.1", - "4.11.2", - "4.12.0", - "4.13.0", - "4.14.0", - "4.15.0", - "4.16.0", - "4.17.0", - "4.17.1", - "4.18.0", - "4.19.1", - "4.19.1.post1", - "4.19.2", - "4.19.4", - "4.19.5", - "4.19.6", - "4.19.7", - "4.19.8", - "4.19.9", - "4.20.0", - "4.21.0", - "4.22.0", - "4.23.0", - "4.23.1", - "4.23.2", - "4.23.3", - "4.23.4", - "4.24.0", - "4.25.0", - "4.26.0", - "4.27.0", - "4.28.0", - "4.28.1", - "4.29.0", - "4.29.1", - "4.30.0", - "4.31.0", - "4.31.1", - "4.32.0", - "4.32.1", - "4.32.2", - "4.33.0", - "4.34.0", - "4.35.0", - "4.36.0", - "4.36.1", - "4.37.0", - "4.38.0", - "4.39.0", - "4.4.0", - "4.4.1", - "4.4.3", - "4.40.0", - "4.40.1", - "4.40.2", - "4.41.0", - "4.41.1", - "4.42.0", - "4.42.1", - "4.43.0", - "4.44.0", - "4.44.1", - "4.45.0", - "4.46.0", - "4.46.1", - "4.47.0", - "4.48.0", - "4.48.1", - "4.48.2", - "4.49.0", - "4.5.0", - "4.5.2", - "4.50.0", - "4.50.1", - "4.50.2", - "4.51.0", - "4.52.0", - "4.53.0", - "4.54.0", - "4.54.1", - "4.55.0", - "4.55.1", - "4.55.2", - "4.56.0", - "4.56.1", - "4.56.2", - "4.57.0", - "4.58.0", - "4.59.0", - "4.6.1", - "4.6.2", - "4.60.0", - "4.61.0", - "4.61.1", - "4.61.2", - "4.62.0", - "4.62.1", - "4.62.2", - "4.62.3", - "4.63.0", - "4.63.1", - "4.63.2", - "4.64.0", - "4.64.1", - "4.65.0", - "4.65.1", - "4.65.2", - "4.66.0", - "4.66.1", - "4.66.2", - "4.7.0", - "4.7.1", - "4.7.2", - "4.7.4", - "4.7.6", - "4.8.1", - "4.8.2", - "4.8.3", - "4.8.4", - "4.9.0" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-g7vv-2v7x-gj9p/GHSA-g7vv-2v7x-gj9p.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34062" - }, - { - "type": "WEB", - "url": "https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316" - }, - { - "type": "PACKAGE", - "url": "https://github.com/tqdm/tqdm" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PA3GIGHPWAHCTT4UF57LTPZGWHAX3GW6" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRECVQCCESHBS3UJOWNXQUIX725TKNY6" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA337CYUS4SLRFV2P6MX6MZ2LKFURKJC" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-74" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-05-03T19:33:28Z", - "nvd_published_at": "2024-05-03T10:15:08Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-g7vv-2v7x-gj9p" - ], - "aliases": [ - "CVE-2024-34062", - "GHSA-g7vv-2v7x-gj9p" - ], - "max_severity": "3.9" - } - ] - } -] \ No newline at end of file diff --git a/audits/recon-ng-requirements.audit.json b/audits/recon-ng-requirements.audit.json deleted file mode 100644 index 817a3aa5..00000000 --- a/audits/recon-ng-requirements.audit.json +++ /dev/null @@ -1,738 +0,0 @@ -[ - { - "package": { - "name": "idna", - "version": "3.6", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "recon-ng-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-04-11T21:56:51Z", - "published": "2024-04-11T21:32:40Z", - "schema_version": "1.6.0", - "id": "GHSA-jjg7-2v4v-x38h", - "aliases": [ - "CVE-2024-3651" - ], - "summary": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode", - "details": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "idna", - "purl": "pkg:pypi/idna" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "3.7" - } - ] - } - ], - "versions": [ - "0.1", - "0.2", - "0.3", - "0.4", - "0.5", - "0.6", - "0.7", - "0.8", - "0.9", - "1.0", - "1.1", - "2.0", - "2.1", - "2.10", - "2.2", - "2.3", - "2.4", - "2.5", - "2.6", - "2.7", - "2.8", - "2.9", - "3.0", - "3.1", - "3.2", - "3.3", - "3.4", - "3.5", - "3.6" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-jjg7-2v4v-x38h/GHSA-jjg7-2v4v-x38h.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h" - }, - { - "type": "PACKAGE", - "url": "https://github.com/kjd/idna" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-400" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-04-11T21:32:40Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-jjg7-2v4v-x38h" - ], - "aliases": [ - "CVE-2024-3651", - "GHSA-jjg7-2v4v-x38h" - ], - "max_severity": "6.2" - } - ] - }, - { - "package": { - "name": "jinja2", - "version": "3.1.3", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "recon-ng-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-06-10T19:01:19Z", - "published": "2024-05-06T14:20:59Z", - "schema_version": "1.6.0", - "id": "GHSA-h75v-3vvj-5mfj", - "aliases": [ - "CVE-2024-34064" - ], - "summary": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", - "details": "The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for the previous GHSA-h5c8-rqwp-cp95 CVE-2024-22195 only addressed spaces but not other characters.\n\nAccepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "jinja2", - "purl": "pkg:pypi/jinja2" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "3.1.4" - } - ] - } - ], - "versions": [ - "2.0", - "2.0rc1", - "2.1", - "2.1.1", - "2.10", - "2.10.1", - "2.10.2", - "2.10.3", - "2.11.0", - "2.11.1", - "2.11.2", - "2.11.3", - "2.2", - "2.2.1", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.5", - "2.5.1", - "2.5.2", - "2.5.3", - "2.5.4", - "2.5.5", - "2.6", - "2.7", - "2.7.1", - "2.7.2", - "2.7.3", - "2.8", - "2.8.1", - "2.9", - "2.9.1", - "2.9.2", - "2.9.3", - "2.9.4", - "2.9.5", - "2.9.6", - "3.0.0", - "3.0.0a1", - "3.0.0rc1", - "3.0.0rc2", - "3.0.1", - "3.0.2", - "3.0.3", - "3.1.0", - "3.1.1", - "3.1.2", - "3.1.3" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-h75v-3vvj-5mfj/GHSA-h75v-3vvj-5mfj.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pallets/jinja" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-79" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-05-06T14:20:59Z", - "nvd_published_at": "2024-05-06T15:15:23Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-h75v-3vvj-5mfj" - ], - "aliases": [ - "CVE-2024-34064", - "GHSA-h75v-3vvj-5mfj" - ], - "max_severity": "5.4" - } - ] - }, - { - "package": { - "name": "requests", - "version": "2.31.0", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "recon-ng-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-06-12T08:14:32Z", - "published": "2024-05-20T20:15:00Z", - "schema_version": "1.6.0", - "id": "GHSA-9wx4-h78v-vm56", - "aliases": [ - "CGA-77h5-pgh2-r2fg", - "CVE-2024-35195" - ], - "summary": "Requests `Session` object does not verify requests after making first request with verify=False", - "details": "When making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool.\n\n### Remediation\nAny of these options can be used to remediate the current issue, we highly recommend upgrading as the preferred mitigation.\n\n* Upgrade to `requests>=2.32.0`.\n* For `requests<2.32.0`, avoid setting `verify=False` for the first request to a host while using a Requests Session.\n* For `requests<2.32.0`, call `close()` on `Session` objects to clear existing connections if `verify=False` is used.\n\n### Related Links\n* https://github.com/psf/requests/pull/6655", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.32.0" - } - ] - } - ], - "versions": [ - "0.0.1", - "0.10.0", - "0.10.1", - "0.10.2", - "0.10.3", - "0.10.4", - "0.10.6", - "0.10.7", - "0.10.8", - "0.11.1", - "0.11.2", - "0.12.0", - "0.12.01", - "0.12.1", - "0.13.0", - "0.13.1", - "0.13.2", - "0.13.3", - "0.13.4", - "0.13.5", - "0.13.6", - "0.13.7", - "0.13.8", - "0.13.9", - "0.14.0", - "0.14.1", - "0.14.2", - "0.2.0", - "0.2.1", - "0.2.2", - "0.2.3", - "0.2.4", - "0.3.0", - "0.3.1", - "0.3.2", - "0.3.3", - "0.3.4", - "0.4.0", - "0.4.1", - "0.5.0", - "0.5.1", - "0.6.0", - "0.6.1", - "0.6.2", - "0.6.3", - "0.6.4", - "0.6.5", - "0.6.6", - "0.7.0", - "0.7.1", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.8.0", - "0.8.1", - "0.8.2", - "0.8.3", - "0.8.4", - "0.8.5", - "0.8.6", - "0.8.7", - "0.8.8", - "0.8.9", - "0.9.0", - "0.9.1", - "0.9.2", - "0.9.3", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.1.0", - "1.2.0", - "1.2.1", - "1.2.2", - "1.2.3", - "2.0.0", - "2.0.1", - "2.1.0", - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.2.0", - "2.2.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.31.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9wx4-h78v-vm56/GHSA-9wx4-h78v-vm56.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/pull/6655" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-670" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-05-20T20:15:00Z", - "nvd_published_at": "2024-05-20T21:15:09Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-9wx4-h78v-vm56" - ], - "aliases": [ - "CGA-77h5-pgh2-r2fg", - "CVE-2024-35195", - "GHSA-9wx4-h78v-vm56" - ], - "max_severity": "5.6" - } - ] - }, - { - "package": { - "name": "werkzeug", - "version": "3.0.1", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "recon-ng-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-06-14T16:19:02Z", - "published": "2024-05-06T14:21:27Z", - "schema_version": "1.6.0", - "id": "GHSA-2g68-c3qc-8985", - "aliases": [ - "CVE-2024-34069" - ], - "summary": "Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain", - "details": "The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug", - "purl": "pkg:pypi/werkzeug" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "3.0.3" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.10.2", - "0.10.3", - "0.10.4", - "0.11", - "0.11.1", - "0.11.10", - "0.11.11", - "0.11.12", - "0.11.13", - "0.11.14", - "0.11.15", - "0.11.2", - "0.11.3", - "0.11.4", - "0.11.5", - "0.11.6", - "0.11.7", - "0.11.8", - "0.11.9", - "0.12", - "0.12.1", - "0.12.2", - "0.13", - "0.14", - "0.14.1", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.15.4", - "0.15.5", - "0.15.6", - "0.16.0", - "0.16.1", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.4.1", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "1.0.0", - "1.0.0rc1", - "1.0.1", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.0rc3", - "2.0.0rc4", - "2.0.0rc5", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.2.0", - "2.2.0a1", - "2.2.1", - "2.2.2", - "2.2.3", - "2.3.0", - "2.3.1", - "2.3.2", - "2.3.3", - "2.3.4", - "2.3.5", - "2.3.6", - "2.3.7", - "2.3.8", - "3.0.0", - "3.0.1", - "3.0.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2g68-c3qc-8985/GHSA-2g68-c3qc-8985.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pallets/werkzeug" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ" - }, - { - "type": "WEB", - "url": "https://security.netapp.com/advisory/ntap-20240614-0004" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-352" - ], - "github_reviewed": true, - "github_reviewed_at": "2024-05-06T14:21:27Z", - "nvd_published_at": "2024-05-06T15:15:23Z", - "severity": "HIGH" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-2g68-c3qc-8985" - ], - "aliases": [ - "CVE-2024-34069", - "GHSA-2g68-c3qc-8985" - ], - "max_severity": "7.5" - } - ] - } -] \ No newline at end of file diff --git a/requirements/autopep8-requirements.txt b/requirements/autopep8-requirements.txt index 81f5e612..d008740b 100644 --- a/requirements/autopep8-requirements.txt +++ b/requirements/autopep8-requirements.txt @@ -1 +1 @@ -pycodestyle==2.11.1 +pycodestyle==2.12.0 diff --git a/requirements/beancount-requirements.txt b/requirements/beancount-requirements.txt index 581c55cf..2afee256 100644 --- a/requirements/beancount-requirements.txt +++ b/requirements/beancount-requirements.txt @@ -1,32 +1,4 @@ -beautifulsoup4==4.12.3 -bottle==0.12.25 -cachetools==5.3.3 -chardet==5.2.0 -charset-normalizer==3.3.2 -google-api-core==2.19.0 -google-api-python-client==2.129.0 -google-auth==2.29.0 -google-auth-httplib2==0.2.0 -googleapis-common-protos==1.63.0 -httplib2==0.22.0 -idna==3.7 -iniconfig==2.0.0 -lxml==5.2.2 -packaging==24.0 -pdfminer2==20151206 -pluggy==1.5.0 -ply==3.11 -proto-plus==1.23.0 -protobuf==4.25.3 -pyasn1==0.6.0 -pyasn1-modules==0.4.0 -pyparsing==3.1.2 -pytest==8.2.1 +click==8.1.7 python-dateutil==2.9.0.post0 -python-magic==0.4.27 -requests==2.32.1 -rsa==4.9 +regex==2024.5.15 six==1.16.0 -soupsieve==2.5 -uritemplate==4.1.1 -urllib3==2.2.1 diff --git a/requirements/manim-requirements.txt b/requirements/manim-requirements.txt index 31d734d7..914f84a5 100644 --- a/requirements/manim-requirements.txt +++ b/requirements/manim-requirements.txt @@ -1,5 +1,6 @@ click==8.1.7 cloup==3.0.5 +cython==3.0.10 decorator==5.1.1 glcontext==2.5.0 isosurfaces==0.1.2 @@ -8,20 +9,23 @@ mapbox-earcut==1.0.1 markdown-it-py==3.0.0 mdurl==0.1.2 moderngl==5.10.0 -moderngl-window==2.4.5 +moderngl-window==2.4.6 multipledispatch==1.0.0 networkx==3.3 +pillow==10.3.0 +pycairo==1.26.0 pydub==0.25.1 pyglet==2.0.15 -pygments==2.17.2 -pyobjc-core==10.2 -pyobjc-framework-cocoa==10.2 +pygments==2.18.0 +pyobjc-core==10.3.1 +pyobjc-framework-cocoa==10.3.1 pyrr==0.10.3 rich==13.7.1 +scipy==1.13.1 screeninfo==0.8.1 skia-pathops==0.8.0.post1 srt==3.5.3 svgelements==1.9.6 -tqdm==4.66.2 -typing-extensions==4.11.0 -watchdog==4.0.0 +tqdm==4.66.4 +typing-extensions==4.12.2 +watchdog==4.0.1 diff --git a/requirements/recon-ng-requirements.txt b/requirements/recon-ng-requirements.txt index 7f40b04b..e8142fd5 100644 --- a/requirements/recon-ng-requirements.txt +++ b/requirements/recon-ng-requirements.txt @@ -1,34 +1,34 @@ aniso8601==9.0.1 attrs==23.2.0 -blinker==1.7.0 +blinker==1.8.2 charset-normalizer==3.3.2 click==8.1.7 dicttoxml==1.7.16 dnspython==2.6.1 flasgger==0.9.7.1 -flask==3.0.2 +flask==3.0.3 flask-restful==0.3.10 html5lib==1.1 -idna==3.6 -itsdangerous==2.1.2 -jinja2==3.1.3 -jsonschema==4.21.1 +idna==3.7 +itsdangerous==2.2.0 +jinja2==3.1.4 +jsonschema==4.22.0 jsonschema-specifications==2023.12.1 -lxml==5.1.0 +lxml==5.2.2 markupsafe==2.1.5 -mechanize==0.4.9 +mechanize==0.4.10 mistune==3.0.2 -packaging==23.2 +packaging==24.1 pytz==2024.1 pyyaml==6.0.1 -redis==5.0.1 -referencing==0.33.0 -requests==2.31.0 -rpds-py==0.18.0 -rq==1.15.1 +redis==5.0.6 +referencing==0.35.1 +requests==2.32.3 +rpds-py==0.18.1 +rq==1.16.2 six==1.16.0 unicodecsv==0.14.1 urllib3==2.2.1 webencodings==0.5.1 -werkzeug==3.0.1 +werkzeug==3.0.3 xlsxwriter==3.2.0