Fix CVE

-> Vulnerability found in lxml version 4.6.5 Vulnerability ID: 50748 Affected spec: <4.9.1 ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application... CVE-2022-2309 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-2309/50748/ -> Vulnerability found in ujson version 5.2.0 Vulnerability ID: 49755 Affected spec: <5.4.0 ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string... CVE-2022-31117 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-31117/49755/ -> Vulnerability found in ujson version 5.2.0 Vulnerability ID: 49754 Affected spec: <5.4.0 ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair... CVE-2022-31116 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-31116/49754/ -> Vulnerability found in mako version 1.1.2 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
camptocamp · Oct 3, 2022 · 6835e50 · 6835e50
1 parent b20f747
commit 6835e50
Show file tree

Hide file tree

Showing 2 changed files with 133 additions and 123 deletions.
diff --git a/Pipfile b/Pipfile
@@ -57,7 +57,7 @@ boltons = "==20.1.0"
 cornice = "==4.0.1"
 redis = "==3.5.1"
 gunicorn = "==20.0.4"
-lxml = "==4.6.5"
+lxml = "==4.9.1"
 netifaces = "==0.10.9"
 objgraph = "==3.4.1"
 pipfile = "==0.0.2"
@@ -66,7 +66,7 @@ pyramid = "==1.10.4"
 pyramid-tm = "==2.4"
 sentry-sdk = "==1.5.4"
 requests = "==2.27.1"
-ujson = "==5.2.0"
+ujson = "==5.4.0"
 cee_syslog_handler = "==0.5.0"
 SQLAlchemy = "==1.3.16"
 SQLAlchemy-Utils = "==0.36.5"
@@ -80,7 +80,7 @@ pyyaml = "==5.4.1"
 "graphviz" = "==0.14"
 "hupper" = "==1.10.2"
 "idna" = "==2.9"
-"mako" = "==1.1.2"
+"mako" = "==1.2.3"
 "markupsafe" = "==1.1.1"
 "pastedeploy" = "==2.1.0"
 "plaster" = "==1.0"