From d3227501646fee24e2a17c07c5d1b3ef7a90cac0 Mon Sep 17 00:00:00 2001 From: "github.actions" Date: Tue, 10 Oct 2023 08:05:14 +0000 Subject: [PATCH] Latest data: Tue Oct 10 08:05:14 UTC 2023 --- .../anime-downloader-requirements.audit.json | 6 +- ...s-elasticbeanstalk-requirements.audit.json | 6 +- audits/azure-cli-requirements.audit.json | 6 +- audits/bbot-requirements.audit.json | 6 +- audits/buku-requirements.audit.json | 6 +- audits/bzt-requirements.audit.json | 6 +- audits/charmcraft-requirements.audit.json | 6 +- audits/cloudiscovery-requirements.audit.json | 6 +- audits/cycode-requirements.audit.json | 214 ------------------ audits/dstack-requirements.audit.json | 212 ----------------- audits/fava-requirements.audit.json | 6 +- audits/fdroidserver-requirements.audit.json | 6 +- audits/flintrock-requirements.audit.json | 6 +- audits/grip-requirements.audit.json | 6 +- audits/gyb-requirements.audit.json | 6 +- ...enkins-job-builder-requirements.audit.json | 6 +- audits/mvt-requirements.audit.json | 6 +- audits/onlykey-agent-requirements.audit.json | 6 +- audits/openai-whisper-requirements.audit.json | 6 +- audits/pocsuite3-requirements.audit.json | 6 +- audits/recon-ng-requirements.audit.json | 6 +- audits/s4cmd-requirements.audit.json | 6 +- audits/scoutsuite-requirements.audit.json | 6 +- audits/sgr-requirements.audit.json | 6 +- audits/sickchill-requirements.audit.json | 6 +- .../slither-analyzer-requirements.audit.json | 6 +- audits/snapcraft-requirements.audit.json | 6 +- audits/tern-requirements.audit.json | 6 +- audits/theharvester-requirements.audit.json | 6 +- audits/torchvision-requirements.audit.json | 6 +- audits/trezor-agent-requirements.audit.json | 6 +- audits/virt-manager-requirements.audit.json | 6 +- requirements/aws2-wrap-requirements.txt | 1 - requirements/b2-tools-requirements.txt | 1 - requirements/cycode-requirements.txt | 6 +- requirements/datasette-requirements.txt | 1 - requirements/dstack-requirements.txt | 48 ++-- requirements/dvc-requirements.txt | 6 +- requirements/pypy3.10-requirements.txt | 2 +- requirements/pypy3.9-requirements.txt | 2 +- requirements/shodan-requirements.txt | 3 +- 41 files changed, 183 insertions(+), 493 deletions(-) delete mode 100644 audits/cycode-requirements.audit.json delete mode 100644 requirements/aws2-wrap-requirements.txt diff --git a/audits/anime-downloader-requirements.audit.json b/audits/anime-downloader-requirements.audit.json index 99b8a928..466dc09e 100644 --- a/audits/anime-downloader-requirements.audit.json +++ b/audits/anime-downloader-requirements.audit.json @@ -326,7 +326,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -508,6 +508,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/aws-elasticbeanstalk-requirements.audit.json b/audits/aws-elasticbeanstalk-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/aws-elasticbeanstalk-requirements.audit.json +++ b/audits/aws-elasticbeanstalk-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/azure-cli-requirements.audit.json b/audits/azure-cli-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/azure-cli-requirements.audit.json +++ b/audits/azure-cli-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/bbot-requirements.audit.json b/audits/bbot-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/bbot-requirements.audit.json +++ b/audits/bbot-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/buku-requirements.audit.json b/audits/buku-requirements.audit.json index 23df3f88..8726f0f0 100644 --- a/audits/buku-requirements.audit.json +++ b/audits/buku-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/bzt-requirements.audit.json b/audits/bzt-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/bzt-requirements.audit.json +++ b/audits/bzt-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/charmcraft-requirements.audit.json b/audits/charmcraft-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/charmcraft-requirements.audit.json +++ b/audits/charmcraft-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/cloudiscovery-requirements.audit.json b/audits/cloudiscovery-requirements.audit.json index b36361be..9dd4b03c 100644 --- a/audits/cloudiscovery-requirements.audit.json +++ b/audits/cloudiscovery-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/cycode-requirements.audit.json b/audits/cycode-requirements.audit.json deleted file mode 100644 index 1a330ff3..00000000 --- a/audits/cycode-requirements.audit.json +++ /dev/null @@ -1,214 +0,0 @@ -[ - { - "package": { - "name": "urllib3", - "version": "1.26.16", - "ecosystem": "PyPI", - "commit": "" - }, - "vulnerabilities": [ - { - "modified": "2023-10-04T19:48:40Z", - "published": "2023-10-02T23:27:05Z", - "schema_version": "1.6.0", - "id": "GHSA-v845-jxx5-vc9f", - "aliases": [ - "CVE-2023-43804" - ], - "summary": "`Cookie` HTTP header isn't stripped on cross-origin redirects", - "details": "urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.\n\nUsers **must** handle redirects themselves instead of relying on urllib3's automatic redirects to achieve safe processing of the `Cookie` header, thus we decided to strip the header by default in order to further protect users who aren't using the correct approach.\n\n## Affected usages\n\nWe believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:\n\n* Using an affected version of urllib3 (patched in v1.26.17 and v2.0.6)\n* Using the `Cookie` header on requests, which is mostly typical for impersonating a browser.\n* Not disabling HTTP redirects\n* Either not using HTTPS or for the origin server to redirect to a malicious origin.\n\n## Remediation\n\n* Upgrading to at least urllib3 v1.26.17 or v2.0.6\n* Disabling HTTP redirects using `redirects=False` when sending requests.\n* Not using the `Cookie` header.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.0.0" - }, - { - "fixed": "2.0.6" - } - ] - } - ], - "versions": [ - "2.0.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-v845-jxx5-vc9f/GHSA-v845-jxx5-vc9f.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.26.17" - } - ] - } - ], - "versions": [ - "0.2", - "0.3", - "0.3.1", - "0.4.0", - "0.4.1", - "1.0", - "1.0.1", - "1.0.2", - "1.1", - "1.10", - "1.10.1", - "1.10.2", - "1.10.3", - "1.10.4", - "1.11", - "1.12", - "1.13", - "1.13.1", - "1.14", - "1.15", - "1.15.1", - "1.16", - "1.17", - "1.18", - "1.18.1", - "1.19", - "1.19.1", - "1.2", - "1.2.1", - "1.2.2", - "1.20", - "1.21", - "1.21.1", - "1.22", - "1.23", - "1.24", - "1.24.1", - "1.24.2", - "1.24.3", - "1.25", - "1.25.1", - "1.25.10", - "1.25.11", - "1.25.2", - "1.25.3", - "1.25.4", - "1.25.5", - "1.25.6", - "1.25.7", - "1.25.8", - "1.25.9", - "1.26.0", - "1.26.1", - "1.26.10", - "1.26.11", - "1.26.12", - "1.26.13", - "1.26.14", - "1.26.15", - "1.26.16", - "1.26.2", - "1.26.3", - "1.26.4", - "1.26.5", - "1.26.6", - "1.26.7", - "1.26.8", - "1.26.9", - "1.3", - "1.4", - "1.5", - "1.6", - "1.7", - "1.7.1", - "1.8", - "1.8.2", - "1.8.3", - "1.9", - "1.9.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-v845-jxx5-vc9f/GHSA-v845-jxx5-vc9f.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804" - }, - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb" - }, - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d" - }, - { - "type": "PACKAGE", - "url": "https://github.com/urllib3/urllib3" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-10-02T23:27:05Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-v845-jxx5-vc9f" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/dstack-requirements.audit.json b/audits/dstack-requirements.audit.json index 847e56a7..18060ca3 100644 --- a/audits/dstack-requirements.audit.json +++ b/audits/dstack-requirements.audit.json @@ -105,217 +105,5 @@ ] } ] - }, - { - "package": { - "name": "urllib3", - "version": "1.26.16", - "ecosystem": "PyPI", - "commit": "" - }, - "vulnerabilities": [ - { - "modified": "2023-10-04T19:48:40Z", - "published": "2023-10-02T23:27:05Z", - "schema_version": "1.6.0", - "id": "GHSA-v845-jxx5-vc9f", - "aliases": [ - "CVE-2023-43804" - ], - "summary": "`Cookie` HTTP header isn't stripped on cross-origin redirects", - "details": "urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.\n\nUsers **must** handle redirects themselves instead of relying on urllib3's automatic redirects to achieve safe processing of the `Cookie` header, thus we decided to strip the header by default in order to further protect users who aren't using the correct approach.\n\n## Affected usages\n\nWe believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:\n\n* Using an affected version of urllib3 (patched in v1.26.17 and v2.0.6)\n* Using the `Cookie` header on requests, which is mostly typical for impersonating a browser.\n* Not disabling HTTP redirects\n* Either not using HTTPS or for the origin server to redirect to a malicious origin.\n\n## Remediation\n\n* Upgrading to at least urllib3 v1.26.17 or v2.0.6\n* Disabling HTTP redirects using `redirects=False` when sending requests.\n* Not using the `Cookie` header.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.0.0" - }, - { - "fixed": "2.0.6" - } - ] - } - ], - "versions": [ - "2.0.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-v845-jxx5-vc9f/GHSA-v845-jxx5-vc9f.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3", - "purl": "pkg:pypi/urllib3" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.26.17" - } - ] - } - ], - "versions": [ - "0.2", - "0.3", - "0.3.1", - "0.4.0", - "0.4.1", - "1.0", - "1.0.1", - "1.0.2", - "1.1", - "1.10", - "1.10.1", - "1.10.2", - "1.10.3", - "1.10.4", - "1.11", - "1.12", - "1.13", - "1.13.1", - "1.14", - "1.15", - "1.15.1", - "1.16", - "1.17", - "1.18", - "1.18.1", - "1.19", - "1.19.1", - "1.2", - "1.2.1", - "1.2.2", - "1.20", - "1.21", - "1.21.1", - "1.22", - "1.23", - "1.24", - "1.24.1", - "1.24.2", - "1.24.3", - "1.25", - "1.25.1", - "1.25.10", - "1.25.11", - "1.25.2", - "1.25.3", - "1.25.4", - "1.25.5", - "1.25.6", - "1.25.7", - "1.25.8", - "1.25.9", - "1.26.0", - "1.26.1", - "1.26.10", - "1.26.11", - "1.26.12", - "1.26.13", - "1.26.14", - "1.26.15", - "1.26.16", - "1.26.2", - "1.26.3", - "1.26.4", - "1.26.5", - "1.26.6", - "1.26.7", - "1.26.8", - "1.26.9", - "1.3", - "1.4", - "1.5", - "1.6", - "1.7", - "1.7.1", - "1.8", - "1.8.2", - "1.8.3", - "1.9", - "1.9.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-v845-jxx5-vc9f/GHSA-v845-jxx5-vc9f.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804" - }, - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb" - }, - { - "type": "WEB", - "url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d" - }, - { - "type": "PACKAGE", - "url": "https://github.com/urllib3/urllib3" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-10-02T23:27:05Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-v845-jxx5-vc9f" - ] - } - ] } ] \ No newline at end of file diff --git a/audits/fava-requirements.audit.json b/audits/fava-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/fava-requirements.audit.json +++ b/audits/fava-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/fdroidserver-requirements.audit.json b/audits/fdroidserver-requirements.audit.json index 327f8ea0..2408254f 100644 --- a/audits/fdroidserver-requirements.audit.json +++ b/audits/fdroidserver-requirements.audit.json @@ -336,7 +336,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -518,6 +518,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/flintrock-requirements.audit.json b/audits/flintrock-requirements.audit.json index cf8170cd..89f4d8e2 100644 --- a/audits/flintrock-requirements.audit.json +++ b/audits/flintrock-requirements.audit.json @@ -210,7 +210,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -392,6 +392,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/grip-requirements.audit.json b/audits/grip-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/grip-requirements.audit.json +++ b/audits/grip-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/gyb-requirements.audit.json b/audits/gyb-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/gyb-requirements.audit.json +++ b/audits/gyb-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/jenkins-job-builder-requirements.audit.json b/audits/jenkins-job-builder-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/jenkins-job-builder-requirements.audit.json +++ b/audits/jenkins-job-builder-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/mvt-requirements.audit.json b/audits/mvt-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/mvt-requirements.audit.json +++ b/audits/mvt-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/onlykey-agent-requirements.audit.json b/audits/onlykey-agent-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/onlykey-agent-requirements.audit.json +++ b/audits/onlykey-agent-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/openai-whisper-requirements.audit.json b/audits/openai-whisper-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/openai-whisper-requirements.audit.json +++ b/audits/openai-whisper-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/pocsuite3-requirements.audit.json b/audits/pocsuite3-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/pocsuite3-requirements.audit.json +++ b/audits/pocsuite3-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/recon-ng-requirements.audit.json b/audits/recon-ng-requirements.audit.json index 60f54446..ecb45c3b 100644 --- a/audits/recon-ng-requirements.audit.json +++ b/audits/recon-ng-requirements.audit.json @@ -1182,7 +1182,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -1364,6 +1364,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/s4cmd-requirements.audit.json b/audits/s4cmd-requirements.audit.json index b36361be..9dd4b03c 100644 --- a/audits/s4cmd-requirements.audit.json +++ b/audits/s4cmd-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/scoutsuite-requirements.audit.json b/audits/scoutsuite-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/scoutsuite-requirements.audit.json +++ b/audits/scoutsuite-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/sgr-requirements.audit.json b/audits/sgr-requirements.audit.json index 90dcad3d..39e51cc6 100644 --- a/audits/sgr-requirements.audit.json +++ b/audits/sgr-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/sickchill-requirements.audit.json b/audits/sickchill-requirements.audit.json index 5f5f642e..9b66307b 100644 --- a/audits/sickchill-requirements.audit.json +++ b/audits/sickchill-requirements.audit.json @@ -258,7 +258,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -440,6 +440,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/slither-analyzer-requirements.audit.json b/audits/slither-analyzer-requirements.audit.json index 4cf11c2e..2f125570 100644 --- a/audits/slither-analyzer-requirements.audit.json +++ b/audits/slither-analyzer-requirements.audit.json @@ -609,7 +609,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -791,6 +791,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/snapcraft-requirements.audit.json b/audits/snapcraft-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/snapcraft-requirements.audit.json +++ b/audits/snapcraft-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/tern-requirements.audit.json b/audits/tern-requirements.audit.json index 1a2b8366..d18ea31a 100644 --- a/audits/tern-requirements.audit.json +++ b/audits/tern-requirements.audit.json @@ -665,7 +665,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -847,6 +847,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/theharvester-requirements.audit.json b/audits/theharvester-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/theharvester-requirements.audit.json +++ b/audits/theharvester-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/torchvision-requirements.audit.json b/audits/torchvision-requirements.audit.json index f5c15d84..f38f7cb9 100644 --- a/audits/torchvision-requirements.audit.json +++ b/audits/torchvision-requirements.audit.json @@ -326,7 +326,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -508,6 +508,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/trezor-agent-requirements.audit.json b/audits/trezor-agent-requirements.audit.json index 23df3f88..8726f0f0 100644 --- a/audits/trezor-agent-requirements.audit.json +++ b/audits/trezor-agent-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/audits/virt-manager-requirements.audit.json b/audits/virt-manager-requirements.audit.json index 1a330ff3..35b3e8a1 100644 --- a/audits/virt-manager-requirements.audit.json +++ b/audits/virt-manager-requirements.audit.json @@ -8,7 +8,7 @@ }, "vulnerabilities": [ { - "modified": "2023-10-04T19:48:40Z", + "modified": "2023-10-10T05:34:57Z", "published": "2023-10-02T23:27:05Z", "schema_version": "1.6.0", "id": "GHSA-v845-jxx5-vc9f", @@ -190,6 +190,10 @@ { "type": "PACKAGE", "url": "https://github.com/urllib3/urllib3" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html" } ], "database_specific": { diff --git a/requirements/aws2-wrap-requirements.txt b/requirements/aws2-wrap-requirements.txt deleted file mode 100644 index bcce11ae..00000000 --- a/requirements/aws2-wrap-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -psutil==5.9.5 diff --git a/requirements/b2-tools-requirements.txt b/requirements/b2-tools-requirements.txt index 9a8ef63b..15fffbc8 100644 --- a/requirements/b2-tools-requirements.txt +++ b/requirements/b2-tools-requirements.txt @@ -1,4 +1,3 @@ -argcomplete==3.1.2 arrow==1.3.0 b2sdk==1.24.1 charset-normalizer==3.3.0 diff --git a/requirements/cycode-requirements.txt b/requirements/cycode-requirements.txt index 653d6aaf..1cbb6513 100644 --- a/requirements/cycode-requirements.txt +++ b/requirements/cycode-requirements.txt @@ -1,11 +1,11 @@ arrow==0.17.0 binaryornot==0.4.4 chardet==5.2.0 -charset-normalizer==3.2.0 +charset-normalizer==3.3.0 click==8.1.7 colorama==0.4.6 gitdb==4.0.10 -gitpython==3.1.36 +gitpython==3.1.37 idna==3.4 marshmallow==3.8.0 pathspec==0.11.2 @@ -13,4 +13,4 @@ python-dateutil==2.8.2 requests==2.31.0 smmap==5.0.1 texttable==1.6.7 -urllib3==1.26.16 +urllib3==1.26.17 diff --git a/requirements/datasette-requirements.txt b/requirements/datasette-requirements.txt index f593cc06..d533696e 100644 --- a/requirements/datasette-requirements.txt +++ b/requirements/datasette-requirements.txt @@ -4,7 +4,6 @@ asgi-csrf==0.9 asgiref==3.7.2 click==8.1.7 click-default-group==1.2.4 -click-default-group-wheel==1.2.3 h11==0.14.0 httpcore==0.18.0 httpx==0.25.0 diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt index 0b170111..19513bb7 100644 --- a/requirements/dstack-requirements.txt +++ b/requirements/dstack-requirements.txt @@ -1,4 +1,4 @@ -greenlet==2.0.2 +greenlet==3.0.0 adal==1.2.7 aiosqlite==0.19.0 alembic==1.12.0 @@ -11,7 +11,7 @@ azure-graphrbac==0.61.1 azure-identity==1.14.0 azure-keyvault-secrets==4.7.0 azure-mgmt-authorization==4.0.0 -azure-mgmt-compute==30.1.0 +azure-mgmt-compute==30.3.0 azure-mgmt-core==1.4.0 azure-mgmt-keyvault==10.2.3 azure-mgmt-loganalytics==13.0.0b6 @@ -22,52 +22,52 @@ azure-mgmt-resource==23.0.1 azure-mgmt-storage==21.1.0 azure-mgmt-subscription==3.1.1 azure-monitor-query==1.2.0 -azure-storage-blob==12.18.1 +azure-storage-blob==12.18.2 bcrypt==4.0.1 -boto3==1.28.49 -botocore==1.31.49 +boto3==1.28.59 +botocore==1.31.59 cachetools==5.3.1 -charset-normalizer==3.2.0 +charset-normalizer==3.3.0 click==8.1.7 cursor==1.3.5 dnspython==2.4.2 docker==6.1.3 -fastapi==0.103.1 +fastapi==0.103.2 file-read-backwards==3.0.0 filelock==3.12.4 git-url-parse==1.2.2 gitdb==4.0.10 -gitpython==3.1.36 -google-api-core==2.11.1 -google-api-python-client==2.99.0 -google-auth==2.23.0 +gitpython==3.1.37 +google-api-core==2.12.0 +google-api-python-client==2.102.0 +google-auth==2.23.2 google-auth-httplib2==0.1.1 -google-cloud-appengine-logging==1.3.1 +google-cloud-appengine-logging==1.3.2 google-cloud-audit-log==0.2.5 -google-cloud-billing==1.11.3 +google-cloud-billing==1.11.5 google-cloud-compute==1.14.1 google-cloud-core==2.3.3 -google-cloud-logging==3.6.0 -google-cloud-secret-manager==2.16.3 -google-cloud-storage==2.10.0 +google-cloud-logging==3.7.0 +google-cloud-secret-manager==2.16.4 +google-cloud-storage==2.11.0 google-crc32c==1.5.0 google-resumable-media==2.6.0 googleapis-common-protos==1.60.0 grpc-google-iam-v1==0.12.6 -grpcio==1.58.0 -grpcio-status==1.58.0 +grpcio==1.59.0 +grpcio-status==1.59.0 h11==0.14.0 httplib2==0.22.0 idna==3.4 isodate==0.6.1 jmespath==1.0.1 -jsonschema==4.19.0 +jsonschema==4.19.1 jsonschema-specifications==2023.7.1 mako==1.2.4 markdown-it-py==3.0.0 markupsafe==2.1.3 mdurl==0.1.2 -msal==1.24.0 +msal==1.24.1 msal-extensions==1.0.0 msrest==0.7.1 msrestazure==0.6.4 @@ -89,20 +89,20 @@ python-dateutil==2.8.2 referencing==0.30.2 requests==2.31.0 requests-oauthlib==1.3.1 -rich==13.5.3 +rich==13.6.0 rich-argparse==1.3.0 rpds-py==0.10.3 rsa==4.9 -s3transfer==0.6.2 +s3transfer==0.7.0 simple-term-menu==1.6.1 smmap==5.0.1 sniffio==1.3.0 -sqlalchemy==2.0.20 +sqlalchemy==2.0.21 starlette==0.27.0 tqdm==4.66.1 tzlocal==5.0.1 uritemplate==4.1.1 -urllib3==1.26.16 +urllib3==1.26.17 uvicorn==0.23.2 watchfiles==0.20.0 websocket-client==1.6.3 diff --git a/requirements/dvc-requirements.txt b/requirements/dvc-requirements.txt index 63d1b934..7fa8edbc 100644 --- a/requirements/dvc-requirements.txt +++ b/requirements/dvc-requirements.txt @@ -8,7 +8,7 @@ aiosignal==1.3.1 aliyun-python-sdk-core==2.14.0 aliyun-python-sdk-kms==2.16.2 amqp==5.1.1 -annotated-types==0.5.0 +annotated-types==0.6.0 antlr4-python3-runtime==4.9.3 anyio==4.0.0 appdirs==1.4.4 @@ -77,7 +77,7 @@ google-crc32c==1.5.0 google-resumable-media==2.6.0 googleapis-common-protos==1.60.0 grandalf==0.8 -gto==1.3.0 +gto==1.4.0 h11==0.14.0 httpcore==0.18.0 httplib2==0.22.0 @@ -127,7 +127,7 @@ ruamel-yaml-clib==0.2.8 s3fs==2023.6.0 s3transfer==0.6.2 scmrepo==1.3.1 -semver==3.0.1 +semver==3.0.2 shortuuid==1.0.11 shtab==1.6.4 smmap==5.0.1 diff --git a/requirements/pypy3.10-requirements.txt b/requirements/pypy3.10-requirements.txt index 48cf0f14..4a086247 100644 --- a/requirements/pypy3.10-requirements.txt +++ b/requirements/pypy3.10-requirements.txt @@ -1,2 +1,2 @@ setuptools==59.8.0 -pip==23.1.2 +pip==23.2.1 diff --git a/requirements/pypy3.9-requirements.txt b/requirements/pypy3.9-requirements.txt index 48cf0f14..4a086247 100644 --- a/requirements/pypy3.9-requirements.txt +++ b/requirements/pypy3.9-requirements.txt @@ -1,2 +1,2 @@ setuptools==59.8.0 -pip==23.1.2 +pip==23.2.1 diff --git a/requirements/shodan-requirements.txt b/requirements/shodan-requirements.txt index ec52cbff..2d0df758 100644 --- a/requirements/shodan-requirements.txt +++ b/requirements/shodan-requirements.txt @@ -1,5 +1,4 @@ charset-normalizer==3.3.0 -click==8.1.7 click-plugins==1.1.1 colorama==0.4.6 filelock==3.12.4 @@ -8,4 +7,4 @@ requests==2.31.0 requests-file==1.5.1 tldextract==3.6.0 urllib3==2.0.6 -xlsxwriter==3.1.6 +xlsxwriter==3.1.7