diff --git a/audits/alot-requirements.audit.json b/audits/alot-requirements.audit.json index d07f1e54..5a81fe45 100644 --- a/audits/alot-requirements.audit.json +++ b/audits/alot-requirements.audit.json @@ -399,6 +399,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/azure-cli-requirements.audit.json b/audits/azure-cli-requirements.audit.json index 6ce4782f..04b0c630 100644 --- a/audits/azure-cli-requirements.audit.json +++ b/audits/azure-cli-requirements.audit.json @@ -19,6 +19,7 @@ ], "related": [ "CGA-2ph7-wp75-g3rf", + "CGA-326j-45xp-qqrg", "CGA-3727-xg6m-m6g6", "CGA-6v56-8m7g-x649", "CGA-8493-6499-2mc5", diff --git a/audits/charmcraft-requirements.audit.json b/audits/charmcraft-requirements.audit.json index 9fec95c3..9c09779d 100644 --- a/audits/charmcraft-requirements.audit.json +++ b/audits/charmcraft-requirements.audit.json @@ -466,6 +466,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/condure-requirements.audit.json b/audits/condure-requirements.audit.json index 6e6d2bd1..0fcb603d 100644 --- a/audits/condure-requirements.audit.json +++ b/audits/condure-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/distcc-requirements.audit.json b/audits/distcc-requirements.audit.json index c97a800b..360db8b7 100644 --- a/audits/distcc-requirements.audit.json +++ b/audits/distcc-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/dstack-requirements.audit.json b/audits/dstack-requirements.audit.json deleted file mode 100644 index 05f32bf2..00000000 --- a/audits/dstack-requirements.audit.json +++ /dev/null @@ -1,116 +0,0 @@ -[ - { - "package": { - "name": "git-url-parse", - "version": "1.2.2", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "dstack-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-02-16T08:08:47Z", - "published": "2023-05-15T06:30:19Z", - "schema_version": "1.6.0", - "id": "GHSA-4xqq-73wg-5mjp", - "aliases": [ - "CVE-2023-32758" - ], - "summary": "git-url-parse Regular Expression Denial of Service", - "details": "giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "git-url-parse", - "purl": "pkg:pypi/git-url-parse" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "1.2.2" - } - ] - } - ], - "versions": [ - "1.0.0", - "1.0.1", - "1.0.2", - "1.1.0", - "1.2.0", - "1.2.1", - "1.2.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-4xqq-73wg-5mjp/GHSA-4xqq-73wg-5mjp.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32758" - }, - { - "type": "WEB", - "url": "https://github.com/returntocorp/semgrep/pull/7611" - }, - { - "type": "WEB", - "url": "https://github.com/returntocorp/semgrep/pull/7943" - }, - { - "type": "WEB", - "url": "https://github.com/returntocorp/semgrep/pull/7955" - }, - { - "type": "PACKAGE", - "url": "https://github.com/coala/git-url-parse" - }, - { - "type": "WEB", - "url": "https://github.com/coala/git-url-parse/blob/master/giturlparse/parser.py#L53" - }, - { - "type": "WEB", - "url": "https://pypi.org/project/git-url-parse" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-15T20:51:51Z", - "nvd_published_at": "2023-05-15T04:15:10Z", - "severity": "HIGH" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-4xqq-73wg-5mjp" - ], - "aliases": [ - "CVE-2023-32758", - "GHSA-4xqq-73wg-5mjp" - ], - "max_severity": "7.5" - } - ] - } -] \ No newline at end of file diff --git a/audits/evernote-backup-requirements.audit.json b/audits/evernote-backup-requirements.audit.json index da510bf4..73ec3d6c 100644 --- a/audits/evernote-backup-requirements.audit.json +++ b/audits/evernote-backup-requirements.audit.json @@ -550,6 +550,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/gnuradio-requirements.audit.json b/audits/gnuradio-requirements.audit.json index 6a940955..8c8cdeac 100644 --- a/audits/gnuradio-requirements.audit.json +++ b/audits/gnuradio-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/gobject-introspection-requirements.audit.json b/audits/gobject-introspection-requirements.audit.json index 9c778ff2..193ada6b 100644 --- a/audits/gobject-introspection-requirements.audit.json +++ b/audits/gobject-introspection-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/icloudpd-requirements.audit.json b/audits/icloudpd-requirements.audit.json index 504af43c..f74f0ca5 100644 --- a/audits/icloudpd-requirements.audit.json +++ b/audits/icloudpd-requirements.audit.json @@ -19,6 +19,7 @@ ], "related": [ "CGA-2ph7-wp75-g3rf", + "CGA-326j-45xp-qqrg", "CGA-3727-xg6m-m6g6", "CGA-6v56-8m7g-x649", "CGA-8493-6499-2mc5", diff --git a/audits/jenkins-job-builder-requirements.audit.json b/audits/jenkins-job-builder-requirements.audit.json index 8415c9d5..7c1ae25e 100644 --- a/audits/jenkins-job-builder-requirements.audit.json +++ b/audits/jenkins-job-builder-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/keepkey-agent-requirements.audit.json b/audits/keepkey-agent-requirements.audit.json index 1f540de7..2c700257 100644 --- a/audits/keepkey-agent-requirements.audit.json +++ b/audits/keepkey-agent-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/literate-git-requirements.audit.json b/audits/literate-git-requirements.audit.json index 2ff3be76..14327fee 100644 --- a/audits/literate-git-requirements.audit.json +++ b/audits/literate-git-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/mentat-requirements.audit.json b/audits/mentat-requirements.audit.json index 2000aad0..858ee925 100644 --- a/audits/mentat-requirements.audit.json +++ b/audits/mentat-requirements.audit.json @@ -683,6 +683,371 @@ } ] }, + { + "package": { + "name": "sentry-sdk", + "version": "1.34.0", + "ecosystem": "PyPI" + }, + "dependency_groups": [ + "mentat-requirements" + ], + "vulnerabilities": [ + { + "modified": "2024-07-18T20:01:22Z", + "published": "2024-07-18T17:18:46Z", + "schema_version": "1.6.0", + "id": "GHSA-g92j-qhmh-64v2", + "aliases": [ + "CVE-2024-40647" + ], + "summary": "Sentry's Python SDK unintentionally exposes environment variables to subprocesses", + "details": "### Impact\n\nThe bug in Sentry's Python SDK <2.8.0 results in the unintentional exposure of environment variables to subprocesses despite the `env={}` setting.\n\n### Details\n\nIn Python's `subprocess` calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocesses, you may use `env` argument in `subprocess` calls, like in this example:\n\n```\n>>> subprocess.check_output([\"env\"], env={\"TEST\":\"1\"})\nb'TEST=1\\n'\n```\n\nIf you'd want to not pass any variables, you can set an empty dict:\n\n```\n>>> subprocess.check_output([\"env\"], env={})\nb''\n```\n\nHowever, the bug in Sentry SDK <2.8.0 causes **all environment variables** to be passed to the subprocesses when `env={}` is set, unless the Sentry SDK's [Stdlib](https://docs.sentry.io/platforms/python/integrations/default-integrations/#stdlib) integration is disabled. The Stdlib integration is enabled by default.\n\n### Patches\nThe issue has been patched in https://github.com/getsentry/sentry-python/pull/3251 and the fix released in [sentry-sdk==2.8.0](https://github.com/getsentry/sentry-python/releases/tag/2.8.0).\n\n### Workarounds\n\nWe strongly recommend upgrading to the latest SDK version. However, if it's not possible, and if passing environment variables to child processes poses a security risk for you, there are two options:\n\n1. In your application, replace `env={}` with the minimal dict `env={\"EMPTY_ENV\":\"1\"}` or similar.\n\nOR\n\n2. Disable Stdlib integration:\n```\nimport sentry_sdk\n\n# Should go before sentry_sdk.init\nsentry_sdk.integrations._DEFAULT_INTEGRATIONS.remove(\"sentry_sdk.integrations.stdlib.StdlibIntegration\")\n\nsentry_sdk.init(...)\n```\n\n### References\n* Sentry docs: [Default integrations](https://docs.sentry.io/platforms/python/integrations/default-integrations/)\n* Python docs: [subprocess module](https://docs.python.org/3/library/subprocess.html)\n* Patch https://github.com/getsentry/sentry-python/pull/3251 \n", + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "sentry-sdk", + "purl": "pkg:pypi/sentry-sdk" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.8.0" + } + ] + } + ], + "versions": [ + "0.1.0", + "0.1.0rc1", + "0.1.0rc10", + "0.1.0rc11", + "0.1.0rc12", + "0.1.0rc13", + "0.1.0rc14", + "0.1.0rc15", + "0.1.0rc16", + "0.1.0rc2", + "0.1.0rc3", + "0.1.0rc4", + "0.1.0rc5", + "0.1.0rc6", + "0.1.0rc7", + "0.1.0rc8", + "0.1.0rc9", + "0.1.1", + "0.1.2", + "0.1.3", + "0.10.0", + "0.10.1", + "0.10.2", + "0.11.0", + "0.11.1", + "0.11.2", + "0.12.0", + "0.12.1", + "0.12.2", + "0.12.3", + "0.13.0", + "0.13.1", + "0.13.2", + "0.13.3", + "0.13.4", + "0.13.5", + "0.14.0", + "0.14.1", + "0.14.2", + "0.14.3", + "0.14.4", + "0.15.0", + "0.15.1", + "0.16.0", + "0.16.1", + "0.16.2", + "0.16.3", + "0.16.4", + "0.16.5", + "0.17.0", + "0.17.1", + "0.17.2", + "0.17.3", + "0.17.4", + "0.17.5", + "0.17.6", + "0.17.7", + "0.17.8", + "0.18.0", + "0.19.0", + "0.19.1", + "0.19.2", + "0.19.3", + "0.19.4", + "0.19.5", + "0.2.1", + "0.2.2", + "0.20.0", + "0.20.1", + "0.20.2", + "0.20.3", + "0.3.0", + "0.3.1", + "0.3.10", + "0.3.11", + "0.3.2", + "0.3.3", + "0.3.4", + "0.3.5", + "0.3.6", + "0.3.7", + "0.3.8", + "0.3.9", + "0.4.0", + "0.4.1", + "0.4.2", + "0.4.3", + "0.5.0", + "0.5.1", + "0.5.2", + "0.5.3", + "0.5.4", + "0.5.5", + "0.6.0", + "0.6.1", + "0.6.2", + "0.6.3", + "0.6.4", + "0.6.5", + "0.6.6", + "0.6.7", + "0.6.8", + "0.6.9", + "0.7.0", + "0.7.1", + "0.7.10", + "0.7.11", + "0.7.12", + "0.7.13", + "0.7.14", + "0.7.2", + "0.7.3", + "0.7.4", + "0.7.5", + "0.7.6", + "0.7.7", + "0.7.8", + "0.7.9", + "0.8.0", + "0.8.1", + "0.9.0", + "0.9.1", + "0.9.2", + "0.9.3", + "0.9.4", + "0.9.5", + "1.0.0", + "1.1.0", + "1.10.0", + "1.10.1", + "1.11.0", + "1.11.1", + "1.12.0", + "1.12.1", + "1.13.0", + "1.14.0", + "1.15.0", + "1.16.0", + "1.17.0", + "1.18.0", + "1.19.0", + "1.19.1", + "1.2.0", + "1.20.0", + "1.21.0", + "1.21.1", + "1.22.0", + "1.22.1", + "1.22.2", + "1.23.0", + "1.23.1", + "1.24.0", + "1.25.0", + "1.25.1", + "1.26.0", + "1.27.0", + "1.27.1", + "1.28.0", + "1.28.1", + "1.29.0", + "1.29.1", + "1.29.2", + "1.3.0", + "1.3.1", + "1.30.0", + "1.31.0", + "1.32.0", + "1.33.0", + "1.33.1", + "1.34.0", + "1.35.0", + "1.36.0", + "1.37.0", + "1.37.1", + "1.38.0", + "1.39.0", + "1.39.1", + "1.39.2", + "1.4.0", + "1.4.1", + "1.4.2", + "1.4.3", + "1.40.0", + "1.40.1", + "1.40.2", + "1.40.3", + "1.40.4", + "1.40.5", + "1.40.6", + "1.41.0", + "1.42.0", + "1.43.0", + "1.44.0", + "1.44.1", + "1.45.0", + "1.5.0", + "1.5.1", + "1.5.10", + "1.5.11", + "1.5.12", + "1.5.2", + "1.5.3", + "1.5.4", + "1.5.5", + "1.5.6", + "1.5.7", + "1.5.8", + "1.5.9", + "1.6.0", + "1.7.0", + "1.7.1", + "1.7.2", + "1.8.0", + "1.9.0", + "1.9.1", + "1.9.10", + "1.9.2", + "1.9.3", + "1.9.4", + "1.9.5", + "1.9.6", + "1.9.7", + "1.9.8", + "1.9.9", + "2.0.0", + "2.0.0a1", + "2.0.0a2", + "2.0.0rc1", + "2.0.0rc2", + "2.0.0rc3", + "2.0.0rc4", + "2.0.0rc5", + "2.0.0rc6", + "2.0.1", + "2.1.0", + "2.1.1", + "2.2.0", + "2.2.1", + "2.3.0", + "2.3.1", + "2.4.0", + "2.5.0", + "2.5.1", + "2.6.0", + "2.7.0", + "2.7.1" + ], + "database_specific": { + "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-g92j-qhmh-64v2/GHSA-g92j-qhmh-64v2.json" + } + } + ], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40647" + }, + { + "type": "WEB", + "url": "https://github.com/getsentry/sentry-python/pull/3251" + }, + { + "type": "WEB", + "url": "https://github.com/getsentry/sentry-python/commit/763e40aa4cb57ecced467f48f78f335c87e9bdff" + }, + { + "type": "WEB", + "url": "https://docs.python.org/3/library/subprocess.html" + }, + { + "type": "WEB", + "url": "https://docs.sentry.io/platforms/python/integrations/default-integrations" + }, + { + "type": "WEB", + "url": "https://docs.sentry.io/platforms/python/integrations/default-integrations/#stdlib" + }, + { + "type": "PACKAGE", + "url": "https://github.com/getsentry/sentry-python" + }, + { + "type": "WEB", + "url": "https://github.com/getsentry/sentry-python/releases/tag/2.8.0" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "github_reviewed": true, + "github_reviewed_at": "2024-07-18T17:18:46Z", + "nvd_published_at": "2024-07-18T17:15:05Z", + "severity": "LOW" + } + } + ], + "groups": [ + { + "ids": [ + "GHSA-g92j-qhmh-64v2" + ], + "aliases": [ + "CVE-2024-40647", + "GHSA-g92j-qhmh-64v2" + ], + "max_severity": "2.5" + } + ] + }, { "package": { "name": "tqdm", diff --git a/audits/pypy-requirements.audit.json b/audits/pypy-requirements.audit.json index e39870fc..cc5d887c 100644 --- a/audits/pypy-requirements.audit.json +++ b/audits/pypy-requirements.audit.json @@ -836,6 +836,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/pypy3.10-requirements.audit.json b/audits/pypy3.10-requirements.audit.json index 39627af2..539100c7 100644 --- a/audits/pypy3.10-requirements.audit.json +++ b/audits/pypy3.10-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/pypy3.9-requirements.audit.json b/audits/pypy3.9-requirements.audit.json index 52566cb6..baca3def 100644 --- a/audits/pypy3.9-requirements.audit.json +++ b/audits/pypy3.9-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/pytorch-requirements.audit.json b/audits/pytorch-requirements.audit.json index fe3d53d7..b3905979 100644 --- a/audits/pytorch-requirements.audit.json +++ b/audits/pytorch-requirements.audit.json @@ -187,6 +187,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/redex-requirements.audit.json b/audits/redex-requirements.audit.json index 3b29b9d9..0fbec2b8 100644 --- a/audits/redex-requirements.audit.json +++ b/audits/redex-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/scoutsuite-requirements.audit.json b/audits/scoutsuite-requirements.audit.json index e97f3f0d..52eb3acb 100644 --- a/audits/scoutsuite-requirements.audit.json +++ b/audits/scoutsuite-requirements.audit.json @@ -946,6 +946,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/sickchill-requirements.audit.json b/audits/sickchill-requirements.audit.json index 5c583e89..a17b665d 100644 --- a/audits/sickchill-requirements.audit.json +++ b/audits/sickchill-requirements.audit.json @@ -678,6 +678,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/sysaidmin-requirements.audit.json b/audits/sysaidmin-requirements.audit.json index 3a79a55f..343e9b5d 100644 --- a/audits/sysaidmin-requirements.audit.json +++ b/audits/sysaidmin-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/terminator-requirements.audit.json b/audits/terminator-requirements.audit.json index 5862f9fb..364b2d75 100644 --- a/audits/terminator-requirements.audit.json +++ b/audits/terminator-requirements.audit.json @@ -146,6 +146,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/tern-requirements.audit.json b/audits/tern-requirements.audit.json index ba1181bf..e77d1d78 100644 --- a/audits/tern-requirements.audit.json +++ b/audits/tern-requirements.audit.json @@ -1580,6 +1580,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/theharvester-requirements.audit.json b/audits/theharvester-requirements.audit.json index 5de01961..2f9d06de 100644 --- a/audits/theharvester-requirements.audit.json +++ b/audits/theharvester-requirements.audit.json @@ -971,6 +971,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/trailscraper-requirements.audit.json b/audits/trailscraper-requirements.audit.json index fa6ea62e..a8799430 100644 --- a/audits/trailscraper-requirements.audit.json +++ b/audits/trailscraper-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/urh-requirements.audit.json b/audits/urh-requirements.audit.json index aa0f1fe0..1befb0ce 100644 --- a/audits/urh-requirements.audit.json +++ b/audits/urh-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/zim-requirements.audit.json b/audits/zim-requirements.audit.json index d8dca784..a39b4157 100644 --- a/audits/zim-requirements.audit.json +++ b/audits/zim-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/audits/zurl-requirements.audit.json b/audits/zurl-requirements.audit.json index 8fc0f9d9..f5dfc389 100644 --- a/audits/zurl-requirements.audit.json +++ b/audits/zurl-requirements.audit.json @@ -18,6 +18,7 @@ "CVE-2024-6345" ], "related": [ + "CGA-4mw5-xqpj-q4mq", "CGA-c5cf-23gj-ccmf", "CGA-c79m-39cv-2j6g" ], diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt index 8ff57953..dbb2f4e1 100644 --- a/requirements/dstack-requirements.txt +++ b/requirements/dstack-requirements.txt @@ -3,7 +3,7 @@ aiorwlock==1.4.0 aiosignal==1.3.1 aiosqlite==0.20.0 alembic==1.13.2 -alembic-postgresql-enum==1.2.0 +alembic-postgresql-enum==1.3.0 anyio==4.4.0 apscheduler==3.10.4 asyncpg==0.29.0 @@ -18,21 +18,20 @@ azure-mgmt-network==25.4.0 azure-mgmt-resource==23.1.1 azure-mgmt-subscription==3.1.1 bcrypt==4.1.3 -boto3==1.34.143 -botocore==1.34.143 +boto3==1.34.144 +botocore==1.34.144 cached-classproperty==1.0.1 -cachetools==5.3.3 +cachetools==5.4.0 charset-normalizer==3.3.2 click==8.1.7 cursor==1.3.5 dnspython==2.6.1 docker==7.1.0 email-validator==2.2.0 -fastapi==0.111.0 +fastapi==0.111.1 fastapi-cli==0.0.4 filelock==3.15.4 frozenlist==1.4.1 -git-url-parse==1.2.2 gitdb==4.0.11 gitpython==3.1.43 google-api-core==2.19.1 @@ -50,10 +49,10 @@ google-cloud-tpu==1.18.4 google-crc32c==1.5.0 google-resumable-media==2.7.1 googleapis-common-protos==1.63.2 -gpuhunt==0.0.11 +gpuhunt==0.0.12 greenlet==3.0.3 grpc-google-iam-v1==0.13.1 -grpcio==1.64.1 +grpcio==1.65.1 grpcio-status==1.62.2 h11==0.14.0 httpcore==1.0.5 @@ -70,16 +69,14 @@ mako==1.3.5 markdown-it-py==3.0.0 markupsafe==2.1.5 mdurl==0.1.2 -msal==1.29.0 +msal==1.30.0 msal-extensions==1.2.0 msrest==0.7.1 multidict==6.0.5 oauthlib==3.2.2 -orjson==3.10.6 packaging==24.1 paramiko==3.4.0 -pbr==6.0.0 -portalocker==2.10.0 +portalocker==2.10.1 proto-plus==1.24.0 protobuf==4.25.3 pyasn1==0.6.0 @@ -105,7 +102,7 @@ rich-argparse==1.5.2 rpds-py==0.19.0 rsa==4.9 s3transfer==0.10.2 -sentry-sdk==2.9.0 +sentry-sdk==2.10.0 shellingham==1.5.4 simple-term-menu==1.6.4 six==1.16.0 @@ -118,7 +115,6 @@ tqdm==4.66.4 typer==0.12.3 typing-extensions==4.12.2 tzlocal==5.2 -ujson==5.10.0 uritemplate==4.1.1 urllib3==2.2.2 uvicorn==0.30.1 diff --git a/requirements/llm-requirements.txt b/requirements/llm-requirements.txt index 2d54a037..0cc651d2 100644 --- a/requirements/llm-requirements.txt +++ b/requirements/llm-requirements.txt @@ -7,19 +7,19 @@ h11==0.14.0 httpcore==1.0.5 httpx==0.27.0 idna==3.7 -openai==1.34.0 +openai==1.35.15 pluggy==1.5.0 -pydantic==2.7.4 -pydantic-core==2.18.4 +pydantic==2.8.2 +pydantic-core==2.20.1 python-dateutil==2.9.0.post0 -python-ulid==2.6.0 +python-ulid==2.7.0 pyyaml==6.0.1 -setuptools==70.0.0 +setuptools==71.0.3 six==1.16.0 sniffio==1.3.1 sqlite-fts4==1.0.3 sqlite-migrate==0.1b0 -sqlite-utils==3.36 +sqlite-utils==3.37 tabulate==0.9.0 tqdm==4.66.4 typing-extensions==4.12.2 diff --git a/requirements/pdm-requirements.txt b/requirements/pdm-requirements.txt index 5f5a82d8..e9641ecc 100644 --- a/requirements/pdm-requirements.txt +++ b/requirements/pdm-requirements.txt @@ -1,11 +1,11 @@ anyio==4.4.0 blinker==1.8.2 -dep-logic==0.2.0 +dep-logic==0.4.2 distlib==0.3.8 filelock==3.15.4 findpython==0.6.1 h11==0.14.0 -hishel==0.0.29 +hishel==0.0.30 httpcore==1.0.5 httpx==0.27.0 idna==3.7 @@ -24,8 +24,8 @@ rich==13.7.1 shellingham==1.5.4 sniffio==1.3.1 socksio==1.0.0 -tomlkit==0.12.5 +tomlkit==0.13.0 truststore==0.9.1 typing-extensions==4.12.2 -unearth==0.15.5 +unearth==0.16.1 virtualenv==20.26.3