Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update dependency with security issues
``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 118 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pycryptodome | 3.10.3 | <3.11.0 | 42084 | +==============================================================================+ | Pycryptodome version 3.11.0 includes a fix for the DSA construction | | algorithm. Modulus "p" primality check wasn't working. | | Legrandin/pycryptodome@183f8d1c7a5e145e7 | | 8b86fb54da7e327a277d9c6 | +==============================================================================+ | babel | 2.9.0 | <2.9.1 | 42203 | +==============================================================================+ | Babel 2.9.1 includes a fix for CVE-2021-42771: Babel.Locale in Babel before | | 2.9.1 allows attackers to load arbitrary locale .dat files (containing | | serialized Python objects) via directory traversal, leading to code | | execution. | | python-babel/babel#782 | | https://lists.debian.org/debian-lts/2021/10/msg00040.html | | https://www.tenable.com/security/research/tra-2021-14 | | https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html | +==============================================================================+ | sqlalchemy-utils | 0.36.8 | >=0.27.0 | 42194 | +==============================================================================+ | Sqlalchemy-utils from version 0.27.0 'EncryptedType' uses by default AES | | with CBC mode. The IV that it uses is not random though. | | kvesteri/sqlalchemy-utils#166 | +==============================================================================+ | babel | 2.9.0 | <2.9.1 | 42203 | +==============================================================================+ | Babel 2.9.1 includes a fix for CVE-2021-42771: Babel.Locale in Babel before | | 2.9.1 allows attackers to load arbitrary locale .dat files (containing | | serialized Python objects) via directory traversal, leading to code | | execution. | | python-babel/babel#782 | | https://lists.debian.org/debian-lts/2021/10/msg00040.html | | https://www.tenable.com/security/research/tra-2021-14 | | https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html | +==============================================================================+ ```
- Loading branch information