diff --git a/audits/alot-requirements.audit.json b/audits/alot-requirements.audit.json deleted file mode 100644 index 8db749e6..00000000 --- a/audits/alot-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.6", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/anime-downloader-requirements.audit.json b/audits/anime-downloader-requirements.audit.json deleted file mode 100644 index 2e4a50d6..00000000 --- a/audits/anime-downloader-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/ansible-requirements.audit.json b/audits/ansible-requirements.audit.json deleted file mode 100644 index ab947342..00000000 --- a/audits/ansible-requirements.audit.json +++ /dev/null @@ -1,83 +0,0 @@ -[ - { - "package": { - "name": "kerberos", - "version": "1.3.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2021-07-25T23:34:38Z", - "published": "2017-08-25T18:29:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2017-49", - "aliases": [ - "CVE-2015-3206" - ], - "details": "The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "kerberos", - "purl": "pkg:pypi/kerberos" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0.0" - } - ] - } - ], - "versions": [ - "1.1.1", - "1.1.2", - "1.2.0", - "1.2.2", - "1.2.3", - "1.2.4", - "1.2.5", - "1.3.0", - "1.3.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/kerberos/PYSEC-2017-49.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://pypi.python.org/pypi/kerberos" - }, - { - "type": "REPORT", - "url": "https://github.com/apple/ccs-pykerberos/issues/31" - }, - { - "type": "REPORT", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223802" - }, - { - "type": "WEB", - "url": "http://www.securityfocus.com/bid/74760" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2015/05/21/3" - } - ] - } - ], - "groups": [ - { - "ids": [ - "PYSEC-2017-49" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/athenacli-requirements.audit.json b/audits/athenacli-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/athenacli-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/aws-shell-requirements.audit.json b/audits/aws-shell-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/aws-shell-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/breezy-requirements.audit.json b/audits/breezy-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/breezy-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/certbot-requirements.audit.json b/audits/certbot-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/certbot-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/charmcraft-requirements.audit.json b/audits/charmcraft-requirements.audit.json deleted file mode 100644 index 78b1e76d..00000000 --- a/audits/charmcraft-requirements.audit.json +++ /dev/null @@ -1,155 +0,0 @@ -[ - { - "package": { - "name": "cryptography", - "version": "3.4", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:24:54Z", - "published": "2023-02-07T20:54:10Z", - "schema_version": "1.4.0", - "id": "GHSA-w7pp-m8wf-vj6r", - "aliases": [ - "CVE-2023-23931" - ], - "summary": "Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf", - "details": "Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n>>> outbuf = b\"\\x00\" * 32\n>>> c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n>>> c.update_into(b\"\\x00\" * 16, outbuf)\n16\n>>> outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "cryptography", - "purl": "pkg:pypi/cryptography" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.8" - }, - { - "fixed": "39.0.1" - } - ] - } - ], - "versions": [ - "1.8", - "1.8.1", - "1.8.2", - "1.9", - "2.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.1.4", - "2.2", - "2.2.1", - "2.2.2", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.4.2", - "2.5", - "2.6", - "2.6.1", - "2.7", - "2.8", - "2.9", - "2.9.1", - "2.9.2", - "3.0", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.3", - "3.3.1", - "3.3.2", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.4.5", - "3.4.6", - "3.4.7", - "3.4.8", - "35.0.0", - "36.0.0", - "36.0.1", - "36.0.2", - "37.0.0", - "37.0.1", - "37.0.2", - "37.0.3", - "37.0.4", - "38.0.0", - "38.0.1", - "38.0.2", - "38.0.3", - "38.0.4", - "39.0.0" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-w7pp-m8wf-vj6r/GHSA-w7pp-m8wf-vj6r.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "cryptography.hazmat.primitives.ciphers.Cipher" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931" - }, - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pyca/cryptography" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-754" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-02-07T20:54:10Z", - "nvd_published_at": "2023-02-07T21:15:00Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-w7pp-m8wf-vj6r" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/dstack-requirements.audit.json b/audits/dstack-requirements.audit.json deleted file mode 100644 index e54b367c..00000000 --- a/audits/dstack-requirements.audit.json +++ /dev/null @@ -1,108 +0,0 @@ -[ - { - "package": { - "name": "git-url-parse", - "version": "1.2.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-09T22:19:10Z", - "published": "2023-05-15T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-4xqq-73wg-5mjp", - "aliases": [ - "CVE-2023-32758" - ], - "summary": "git-url-parse Regular Expression Denial of Service", - "details": "giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "git-url-parse", - "purl": "pkg:pypi/git-url-parse" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "1.2.2" - } - ] - } - ], - "versions": [ - "1.0.0", - "1.0.1", - "1.0.2", - "1.1.0", - "1.2.0", - "1.2.1", - "1.2.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-4xqq-73wg-5mjp/GHSA-4xqq-73wg-5mjp.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32758" - }, - { - "type": "WEB", - "url": "https://github.com/returntocorp/semgrep/pull/7611" - }, - { - "type": "WEB", - "url": "https://github.com/returntocorp/semgrep/pull/7943" - }, - { - "type": "WEB", - "url": "https://github.com/returntocorp/semgrep/pull/7955" - }, - { - "type": "PACKAGE", - "url": "https://github.com/coala/git-url-parse" - }, - { - "type": "WEB", - "url": "https://github.com/coala/git-url-parse/blob/master/giturlparse/parser.py#L53" - }, - { - "type": "WEB", - "url": "https://pypi.org/project/git-url-parse" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-15T20:51:51Z", - "nvd_published_at": null, - "severity": "HIGH" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-4xqq-73wg-5mjp" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/dvc-requirements.audit.json b/audits/dvc-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/dvc-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/dxpy-requirements.audit.json b/audits/dxpy-requirements.audit.json deleted file mode 100644 index 1eaef073..00000000 --- a/audits/dxpy-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/enex2notion-requirements.audit.json b/audits/enex2notion-requirements.audit.json deleted file mode 100644 index 1eaef073..00000000 --- a/audits/enex2notion-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/esphome-requirements.audit.json b/audits/esphome-requirements.audit.json deleted file mode 100644 index 3dea9f6c..00000000 --- a/audits/esphome-requirements.audit.json +++ /dev/null @@ -1,219 +0,0 @@ -[ - { - "package": { - "name": "starlette", - "version": "0.26.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-12T17:01:23Z", - "published": "2023-05-17T03:49:14Z", - "schema_version": "1.4.0", - "id": "GHSA-v5gw-mw7f-84px", - "aliases": [ - "CVE-2023-29159" - ], - "summary": "Starlette has Path Traversal vulnerability in StaticFiles", - "details": "### Summary\nWhen using `StaticFiles`, if there's a file or directory that starts with the same name as the `StaticFiles` directory, that file or directory is also exposed via `StaticFiles` which is a path traversal vulnerability.\n\n### Details\nThe root cause of this issue is the usage of `os.path.commonprefix()`:\nhttps://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174\n\nAs stated in the Python documentation (https://docs.python.org/3/library/os.path.html#os.path.commonprefix) this function returns the longest prefix common to paths.\n\nWhen passing a path like `/static/../static1.txt`, `os.path.commonprefix([full_path, directory])` returns `./static` which is the common part of `./static1.txt` and `./static`, It refers to `/static/../static1.txt` because it is considered in the staticfiles directory. As a result, it becomes possible to view files that should not be open to the public.\n\nThe solution is to use `os.path.commonpath` as the Python documentation explains that `os.path.commonprefix` works a character at a time, it does not treat the arguments as paths.\n\n### PoC\nIn order to reproduce the issue, you need to create the following structure:\n\n```\n\u251c\u2500\u2500 static\n\u2502 \u251c\u2500\u2500 index.html\n\u251c\u2500\u2500 static_disallow\n\u2502 \u251c\u2500\u2500 index.html\n\u2514\u2500\u2500 static1.txt\n```\n\nAnd run the `Starlette` app with:\n\n```py\nimport uvicorn\nfrom starlette.applications import Starlette\nfrom starlette.routing import Mount\nfrom starlette.staticfiles import StaticFiles\n\n\nroutes = [\n Mount(\"/static\", app=StaticFiles(directory=\"static\", html=True), name=\"static\"),\n]\n\napp = Starlette(routes=routes)\n\n\nif __name__ == \"__main__\":\n uvicorn.run(app, host=\"0.0.0.0\", port=8000)\n```\n\nAnd running the commands:\n\n```shell\ncurl --path-as-is 'localhost:8000/static/../static_disallow/'\ncurl --path-as-is 'localhost:8000/static/../static1.txt'\n```\nThe `static1.txt` and the directory `static_disallow` are exposed.\n\n### Impact\nConfidentiality is breached: An attacker may obtain files that should not be open to the public.\n\n### Credits\nSecurity researcher **Masashi Yamane of LAC Co., Ltd** reported this vulnerability to **JPCERT/CC Vulnerability Coordination Group** and they contacted us to coordinate a patch for the security issue.\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "starlette", - "purl": "pkg:pypi/starlette" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0.13.5" - }, - { - "fixed": "0.27.0" - } - ] - } - ], - "versions": [ - "0.13.5", - "0.13.6", - "0.13.7", - "0.13.8", - "0.14.0", - "0.14.1", - "0.14.2", - "0.15.0", - "0.16.0", - "0.17.0", - "0.17.1", - "0.18.0", - "0.19.0", - "0.19.1", - "0.20.0", - "0.20.1", - "0.20.2", - "0.20.3", - "0.20.4", - "0.21.0", - "0.22.0", - "0.23.0", - "0.23.1", - "0.24.0", - "0.25.0", - "0.26.0", - "0.26.0.post1", - "0.26.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-v5gw-mw7f-84px/GHSA-v5gw-mw7f-84px.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "starlette.staticfiles.StaticFiles.lookup_path" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29159" - }, - { - "type": "WEB", - "url": "https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3" - }, - { - "type": "PACKAGE", - "url": "https://github.com/encode/starlette" - }, - { - "type": "WEB", - "url": "https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174" - }, - { - "type": "WEB", - "url": "https://github.com/encode/starlette/releases/tag/0.27.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml" - }, - { - "type": "WEB", - "url": "https://jvn.jp/en/jp/JVN95981715/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-22" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-17T03:49:14Z", - "nvd_published_at": null, - "severity": "LOW" - } - }, - { - "modified": "2023-06-08T05:25:54Z", - "published": "2023-06-01T02:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-83", - "aliases": [ - "CVE-2023-29159", - "GHSA-v5gw-mw7f-84px" - ], - "details": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "starlette", - "purl": "pkg:pypi/starlette" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0.13.5" - }, - { - "fixed": "0.27.0" - } - ] - } - ], - "versions": [ - "0.13.5", - "0.13.6", - "0.13.7", - "0.13.8", - "0.14.0", - "0.14.1", - "0.14.2", - "0.15.0", - "0.16.0", - "0.17.0", - "0.17.1", - "0.18.0", - "0.19.0", - "0.19.1", - "0.20.0", - "0.20.1", - "0.20.2", - "0.20.3", - "0.20.4", - "0.21.0", - "0.22.0", - "0.23.0", - "0.23.1", - "0.24.0", - "0.25.0", - "0.26.0", - "0.26.0.post1", - "0.26.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/starlette/PYSEC-2023-83.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/encode/starlette/releases/tag/0.27.0" - }, - { - "type": "WEB", - "url": "https://jvn.jp/en/jp/JVN95981715/" - }, - { - "type": "ADVISORY", - "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-v5gw-mw7f-84px", - "PYSEC-2023-83" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/fdroidserver-requirements.audit.json b/audits/fdroidserver-requirements.audit.json deleted file mode 100644 index 1eaef073..00000000 --- a/audits/fdroidserver-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/flintrock-requirements.audit.json b/audits/flintrock-requirements.audit.json deleted file mode 100644 index a1ea7585..00000000 --- a/audits/flintrock-requirements.audit.json +++ /dev/null @@ -1,203 +0,0 @@ -[ - { - "package": { - "name": "paramiko", - "version": "2.7.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2022-05-17T03:06:38Z", - "published": "2022-03-17T22:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-166", - "aliases": [ - "CVE-2022-24302", - "GHSA-f8q4-jwww-x3wv" - ], - "details": "In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "paramiko", - "purl": "pkg:pypi/paramiko" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.9.3" - }, - { - "introduced": "2.10.0" - }, - { - "fixed": "2.10.1" - } - ] - } - ], - "versions": [ - "0.1-bulbasaur", - "0.1-charmander", - "0.9-doduo", - "0.9-eevee", - "0.9-fearow", - "0.9-gyarados", - "0.9-horsea", - "0.9-ivysaur", - "1.0", - "1.1", - "1.10.0", - "1.10.1", - "1.10.2", - "1.10.3", - "1.10.4", - "1.10.5", - "1.10.6", - "1.10.7", - "1.11.0", - "1.11.1", - "1.11.2", - "1.11.3", - "1.11.4", - "1.11.5", - "1.11.6", - "1.12.0", - "1.12.1", - "1.12.2", - "1.12.3", - "1.12.4", - "1.13.0", - "1.13.1", - "1.13.2", - "1.13.3", - "1.13.4", - "1.14.0", - "1.14.1", - "1.14.2", - "1.14.3", - "1.15.0", - "1.15.1", - "1.15.2", - "1.15.3", - "1.15.4", - "1.15.5", - "1.16.0", - "1.16.1", - "1.16.2", - "1.16.3", - "1.17.0", - "1.17.1", - "1.17.2", - "1.17.3", - "1.17.4", - "1.17.5", - "1.17.6", - "1.18.0", - "1.18.1", - "1.18.2", - "1.18.3", - "1.18.4", - "1.18.5", - "1.2", - "1.3", - "1.3.1", - "1.4", - "1.5.1", - "1.5.2", - "1.5.4", - "1.6", - "1.6.1", - "1.6.2", - "1.6.3", - "1.6.4", - "1.7", - "1.7.1", - "1.7.2", - "1.7.4", - "1.7.5", - "1.7.6", - "1.7.7.1", - "1.7.7.2", - "1.8.0", - "1.8.1", - "1.9.0", - "2.0.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.0.4", - "2.0.5", - "2.0.6", - "2.0.7", - "2.0.8", - "2.0.9", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.1.4", - "2.1.5", - "2.1.6", - "2.10.0", - "2.2.0", - "2.2.1", - "2.2.2", - "2.2.3", - "2.2.4", - "2.3.0", - "2.3.1", - "2.3.2", - "2.3.3", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.6.0", - "2.7.0", - "2.7.1", - "2.7.2", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2022-166.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://www.paramiko.org/changelog.html" - }, - { - "type": "WEB", - "url": "https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-f8q4-jwww-x3wv" - } - ] - } - ], - "groups": [ - { - "ids": [ - "PYSEC-2022-166" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/gyb-requirements.audit.json b/audits/gyb-requirements.audit.json deleted file mode 100644 index 2e4a50d6..00000000 --- a/audits/gyb-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/iredis-requirements.audit.json b/audits/iredis-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/iredis-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/jenkins-job-builder-requirements.audit.json b/audits/jenkins-job-builder-requirements.audit.json deleted file mode 100644 index 1eaef073..00000000 --- a/audits/jenkins-job-builder-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/khal-requirements.audit.json b/audits/khal-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/khal-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/khard-requirements.audit.json b/audits/khard-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/khard-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/litecli-requirements.audit.json b/audits/litecli-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/litecli-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/literate-git-requirements.audit.json b/audits/literate-git-requirements.audit.json deleted file mode 100644 index db57cc54..00000000 --- a/audits/literate-git-requirements.audit.json +++ /dev/null @@ -1,471 +0,0 @@ -[ - { - "package": { - "name": "pygments", - "version": "2.5.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:49:22Z", - "published": "2021-04-20T16:35:47Z", - "schema_version": "1.4.0", - "id": "GHSA-9w8r-397f-prfh", - "aliases": [ - "CVE-2021-20270" - ], - "summary": "Infinite Loop in Pygments", - "details": "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "pygments", - "purl": "pkg:pypi/pygments" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.5" - }, - { - "fixed": "2.7.4" - } - ] - } - ], - "versions": [ - "1.5", - "1.6", - "1.6rc1", - "2.0", - "2.0.1", - "2.0.2", - "2.0rc1", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.4.1", - "2.4.2", - "2.5.1", - "2.5.2", - "2.6.0", - "2.6.1", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-9w8r-397f-prfh/GHSA-9w8r-397f-prfh.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270" - }, - { - "type": "WEB", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2021/dsa-4889" - }, - { - "type": "WEB", - "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-835" - ], - "github_reviewed": true, - "github_reviewed_at": "2021-04-12T20:58:03Z", - "nvd_published_at": "2021-03-23T17:15:00Z", - "severity": "HIGH" - } - }, - { - "modified": "2023-04-11T01:33:30Z", - "published": "2021-03-29T16:33:03Z", - "schema_version": "1.4.0", - "id": "GHSA-pq64-v7f5-gqh8", - "aliases": [ - "CVE-2021-27291" - ], - "summary": "Regular Expression Denial of Service (ReDoS) in Pygments", - "details": "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "pygments", - "purl": "pkg:pypi/pygments" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.1" - }, - { - "fixed": "2.7.4" - } - ] - } - ], - "versions": [ - "1.1", - "1.1.1", - "1.2", - "1.2.1", - "1.2.2", - "1.3", - "1.3.1", - "1.4", - "1.5", - "1.6", - "1.6rc1", - "2.0", - "2.0.1", - "2.0.2", - "2.0rc1", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.4.1", - "2.4.2", - "2.5.1", - "2.5.2", - "2.6.0", - "2.6.1", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-pq64-v7f5-gqh8/GHSA-pq64-v7f5-gqh8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291" - }, - { - "type": "WEB", - "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14" - }, - { - "type": "WEB", - "url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pygments/pygments" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2021/dsa-4878" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2021/dsa-4889" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-400" - ], - "github_reviewed": true, - "github_reviewed_at": "2021-03-22T20:28:40Z", - "nvd_published_at": "2021-03-17T13:15:00Z", - "severity": "HIGH" - } - }, - { - "modified": "2021-08-27T03:22:17Z", - "published": "2021-03-23T17:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2021-140", - "aliases": [ - "CVE-2021-20270", - "GHSA-9w8r-397f-prfh" - ], - "details": "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "pygments", - "purl": "pkg:pypi/pygments" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.5" - }, - { - "fixed": "2.7.4" - } - ] - } - ], - "versions": [ - "1.5", - "1.6", - "1.6rc1", - "2.0", - "2.0.1", - "2.0.2", - "2.0rc1", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.4.1", - "2.4.2", - "2.5.1", - "2.5.2", - "2.6.0", - "2.6.1", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-140.yaml" - } - } - ], - "references": [ - { - "type": "REPORT", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136" - }, - { - "type": "ADVISORY", - "url": "https://www.debian.org/security/2021/dsa-4889" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-9w8r-397f-prfh" - } - ] - }, - { - "modified": "2021-08-27T03:22:17Z", - "published": "2021-03-17T13:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2021-141", - "aliases": [ - "CVE-2021-27291", - "GHSA-pq64-v7f5-gqh8" - ], - "details": "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "pygments", - "purl": "pkg:pypi/pygments" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2e7e8c4a7b318f4032493773732754e418279a14" - } - ], - "repo": "https://github.com/pygments/pygments" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.1" - }, - { - "fixed": "2.7.4" - } - ] - } - ], - "versions": [ - "1.1", - "1.1.1", - "1.2", - "1.2.1", - "1.2.2", - "1.3", - "1.3.1", - "1.4", - "1.5", - "1.6", - "1.6rc1", - "2.0", - "2.0.1", - "2.0.2", - "2.0rc1", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.4.1", - "2.4.2", - "2.5.1", - "2.5.2", - "2.6.0", - "2.6.1", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-141.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce" - }, - { - "type": "FIX", - "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html" - }, - { - "type": "ADVISORY", - "url": "https://www.debian.org/security/2021/dsa-4878" - }, - { - "type": "ADVISORY", - "url": "https://www.debian.org/security/2021/dsa-4889" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-9w8r-397f-prfh", - "PYSEC-2021-140" - ] - }, - { - "ids": [ - "GHSA-pq64-v7f5-gqh8", - "PYSEC-2021-141" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/mitmproxy-requirements.audit.json b/audits/mitmproxy-requirements.audit.json deleted file mode 100644 index 24e97757..00000000 --- a/audits/mitmproxy-requirements.audit.json +++ /dev/null @@ -1,155 +0,0 @@ -[ - { - "package": { - "name": "cryptography", - "version": "38.0.4", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:24:54Z", - "published": "2023-02-07T20:54:10Z", - "schema_version": "1.4.0", - "id": "GHSA-w7pp-m8wf-vj6r", - "aliases": [ - "CVE-2023-23931" - ], - "summary": "Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf", - "details": "Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n>>> outbuf = b\"\\x00\" * 32\n>>> c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n>>> c.update_into(b\"\\x00\" * 16, outbuf)\n16\n>>> outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "cryptography", - "purl": "pkg:pypi/cryptography" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.8" - }, - { - "fixed": "39.0.1" - } - ] - } - ], - "versions": [ - "1.8", - "1.8.1", - "1.8.2", - "1.9", - "2.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.1.4", - "2.2", - "2.2.1", - "2.2.2", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.4.2", - "2.5", - "2.6", - "2.6.1", - "2.7", - "2.8", - "2.9", - "2.9.1", - "2.9.2", - "3.0", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.3", - "3.3.1", - "3.3.2", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.4.5", - "3.4.6", - "3.4.7", - "3.4.8", - "35.0.0", - "36.0.0", - "36.0.1", - "36.0.2", - "37.0.0", - "37.0.1", - "37.0.2", - "37.0.3", - "37.0.4", - "38.0.0", - "38.0.1", - "38.0.2", - "38.0.3", - "38.0.4", - "39.0.0" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-w7pp-m8wf-vj6r/GHSA-w7pp-m8wf-vj6r.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "cryptography.hazmat.primitives.ciphers.Cipher" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931" - }, - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pyca/cryptography" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-754" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-02-07T20:54:10Z", - "nvd_published_at": "2023-02-07T21:15:00Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-w7pp-m8wf-vj6r" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/mycli-requirements.audit.json b/audits/mycli-requirements.audit.json deleted file mode 100644 index 6d1ace27..00000000 --- a/audits/mycli-requirements.audit.json +++ /dev/null @@ -1,260 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - }, - { - "package": { - "name": "cryptography", - "version": "36.0.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:24:54Z", - "published": "2023-02-07T20:54:10Z", - "schema_version": "1.4.0", - "id": "GHSA-w7pp-m8wf-vj6r", - "aliases": [ - "CVE-2023-23931" - ], - "summary": "Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf", - "details": "Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n>>> outbuf = b\"\\x00\" * 32\n>>> c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n>>> c.update_into(b\"\\x00\" * 16, outbuf)\n16\n>>> outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "cryptography", - "purl": "pkg:pypi/cryptography" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.8" - }, - { - "fixed": "39.0.1" - } - ] - } - ], - "versions": [ - "1.8", - "1.8.1", - "1.8.2", - "1.9", - "2.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.1.4", - "2.2", - "2.2.1", - "2.2.2", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.4.2", - "2.5", - "2.6", - "2.6.1", - "2.7", - "2.8", - "2.9", - "2.9.1", - "2.9.2", - "3.0", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.3", - "3.3.1", - "3.3.2", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.4.5", - "3.4.6", - "3.4.7", - "3.4.8", - "35.0.0", - "36.0.0", - "36.0.1", - "36.0.2", - "37.0.0", - "37.0.1", - "37.0.2", - "37.0.3", - "37.0.4", - "38.0.0", - "38.0.1", - "38.0.2", - "38.0.3", - "38.0.4", - "39.0.0" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-w7pp-m8wf-vj6r/GHSA-w7pp-m8wf-vj6r.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "cryptography.hazmat.primitives.ciphers.Cipher" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931" - }, - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pyca/cryptography" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-754" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-02-07T20:54:10Z", - "nvd_published_at": "2023-02-07T21:15:00Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-w7pp-m8wf-vj6r" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/offlineimap-requirements.audit.json b/audits/offlineimap-requirements.audit.json deleted file mode 100644 index fde408c4..00000000 --- a/audits/offlineimap-requirements.audit.json +++ /dev/null @@ -1,194 +0,0 @@ -[ - { - "package": { - "name": "certifi", - "version": "2021.10.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:23:07Z", - "published": "2022-12-07T23:05:18Z", - "schema_version": "1.4.0", - "id": "GHSA-43fp-rhv2-5gv8", - "aliases": [ - "CVE-2022-23491" - ], - "summary": "Certifi removing TrustCor root certificate", - "details": "Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store.\n\nTrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ).", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.05" - }, - { - "fixed": "2022.12.07" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-43fp-rhv2-5gv8/GHSA-43fp-rhv2-5gv8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23491" - }, - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8" - }, - { - "type": "PACKAGE", - "url": "https://github.com/certifi/python-certifi" - }, - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-345" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-07T23:05:18Z", - "nvd_published_at": "2022-12-07T22:15:00Z", - "severity": "MODERATE" - } - }, - { - "modified": "2023-05-04T03:49:45Z", - "published": "2022-12-07T22:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-42986", - "aliases": [ - "CVE-2022-23491", - "GHSA-43fp-rhv2-5gv8" - ], - "details": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.5" - }, - { - "fixed": "2022.12.7" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/certifi/PYSEC-2022-42986.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - }, - { - "type": "ADVISORY", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-43fp-rhv2-5gv8", - "PYSEC-2022-42986" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/pgcli-requirements.audit.json b/audits/pgcli-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/pgcli-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/pypy-requirements.audit.json b/audits/pypy-requirements.audit.json deleted file mode 100644 index 10c9d6e4..00000000 --- a/audits/pypy-requirements.audit.json +++ /dev/null @@ -1,1581 +0,0 @@ -[ - { - "package": { - "name": "pip", - "version": "20.3.4", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:15:33Z", - "published": "2021-11-15T17:45:01Z", - "schema_version": "1.4.0", - "id": "GHSA-5xp3-jfq3-5q8x", - "aliases": [ - "CVE-2021-3572" - ], - "summary": "Improper Input Validation in pip", - "details": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "pip", - "purl": "pkg:pypi/pip" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "21.1" - } - ] - } - ], - "versions": [ - "0.2", - "0.2.1", - "0.3", - "0.3.1", - "0.4", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.6.3", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "1.0", - "1.0.1", - "1.0.2", - "1.1", - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.4", - "1.4.1", - "1.5", - "1.5.1", - "1.5.2", - "1.5.3", - "1.5.4", - "1.5.5", - "1.5.6", - "10.0.0", - "10.0.0b1", - "10.0.0b2", - "10.0.1", - "18.0", - "18.1", - "19.0", - "19.0.1", - "19.0.2", - "19.0.3", - "19.1", - "19.1.1", - "19.2", - "19.2.1", - "19.2.2", - "19.2.3", - "19.3", - "19.3.1", - "20.0", - "20.0.1", - "20.0.2", - "20.1", - "20.1.1", - "20.1b1", - "20.2", - "20.2.1", - "20.2.2", - "20.2.3", - "20.2.4", - "20.2b1", - "20.3", - "20.3.1", - "20.3.2", - "20.3.3", - "20.3.4", - "20.3b1", - "21.0", - "21.0.1", - "6.0", - "6.0.1", - "6.0.2", - "6.0.3", - "6.0.4", - "6.0.5", - "6.0.6", - "6.0.7", - "6.0.8", - "6.1.0", - "6.1.1", - "7.0.0", - "7.0.1", - "7.0.2", - "7.0.3", - "7.1.0", - "7.1.1", - "7.1.2", - "8.0.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.1.0", - "8.1.1", - "8.1.2", - "9.0.0", - "9.0.1", - "9.0.2", - "9.0.3" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-5xp3-jfq3-5q8x/GHSA-5xp3-jfq3-5q8x.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3572" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/pip/pull/9827" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b" - }, - { - "type": "WEB", - "url": "https://access.redhat.com/errata/RHSA-2021:3254" - }, - { - "type": "WEB", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pypa/pip" - }, - { - "type": "WEB", - "url": "https://packetstormsecurity.com/files/162712/USN-4961-1.txt" - }, - { - "type": "WEB", - "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" - }, - { - "type": "WEB", - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-20" - ], - "github_reviewed": true, - "github_reviewed_at": "2021-11-12T19:41:47Z", - "nvd_published_at": "2021-11-10T18:15:00Z", - "severity": "MODERATE" - } - }, - { - "modified": "2021-11-29T23:42:09Z", - "published": "2021-11-10T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2021-437", - "aliases": [ - "CVE-2021-3572", - "GHSA-5xp3-jfq3-5q8x" - ], - "details": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "pip", - "purl": "pkg:pypi/pip" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "21.1" - } - ] - } - ], - "versions": [ - "0.2", - "0.2.1", - "0.3", - "0.3.1", - "0.4", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.6.3", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "1.0", - "1.0.1", - "1.0.2", - "1.1", - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.4", - "1.4.1", - "1.5", - "1.5.1", - "1.5.2", - "1.5.3", - "1.5.4", - "1.5.5", - "1.5.6", - "10.0.0", - "10.0.0b1", - "10.0.0b2", - "10.0.1", - "18.0", - "18.1", - "19.0", - "19.0.1", - "19.0.2", - "19.0.3", - "19.1", - "19.1.1", - "19.2", - "19.2.1", - "19.2.2", - "19.2.3", - "19.3", - "19.3.1", - "20.0", - "20.0.1", - "20.0.2", - "20.1", - "20.1.1", - "20.1b1", - "20.2", - "20.2.1", - "20.2.2", - "20.2.3", - "20.2.4", - "20.2b1", - "20.3", - "20.3.1", - "20.3.2", - "20.3.3", - "20.3.4", - "20.3b1", - "21.0", - "21.0.1", - "6.0", - "6.0.1", - "6.0.2", - "6.0.3", - "6.0.4", - "6.0.5", - "6.0.6", - "6.0.7", - "6.0.8", - "6.1.0", - "6.1.1", - "7.0.0", - "7.0.1", - "7.0.2", - "7.0.3", - "7.1.0", - "7.1.1", - "7.1.2", - "8.0.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.1.0", - "8.1.1", - "8.1.2", - "9.0.0", - "9.0.1", - "9.0.2", - "9.0.3" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/pip/PYSEC-2021-437.yaml" - } - } - ], - "references": [ - { - "type": "REPORT", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-5xp3-jfq3-5q8x" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-5xp3-jfq3-5q8x", - "PYSEC-2021-437" - ] - } - ] - }, - { - "package": { - "name": "setuptools", - "version": "44.1.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-05-01T14:02:28Z", - "published": "2022-12-23T00:30:23Z", - "schema_version": "1.4.0", - "id": "GHSA-r9hx-vwmv-q579", - "aliases": [ - "CVE-2022-40897" - ], - "summary": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", - "details": "Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`. This has been patched in version 65.5.1.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "setuptools", - "purl": "pkg:pypi/setuptools" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "65.5.1" - } - ] - } - ], - "versions": [ - "0.6b1", - "0.6b2", - "0.6b3", - "0.6b4", - "0.6c1", - "0.6c10", - "0.6c11", - "0.6c2", - "0.6c3", - "0.6c4", - "0.6c5", - "0.6c6", - "0.6c7", - "0.6c8", - "0.6c9", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.7.7", - "0.7.8", - "0.8", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "1.0", - "1.1", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.1.7", - "1.2", - "1.3", - "1.3.1", - "1.3.2", - "1.4", - "1.4.1", - "1.4.2", - "10.0", - "10.0.1", - "10.1", - "10.2", - "10.2.1", - "11.0", - "11.1", - "11.2", - "11.3", - "11.3.1", - "12.0", - "12.0.1", - "12.0.2", - "12.0.3", - "12.0.4", - "12.0.5", - "12.1", - "12.2", - "12.3", - "12.4", - "13.0", - "13.0.1", - "13.0.2", - "14.0", - "14.1", - "14.1.1", - "14.2", - "14.3", - "14.3.1", - "15.0", - "15.1", - "15.2", - "16.0", - "17.0", - "17.1", - "17.1.1", - "18.0", - "18.0.1", - "18.1", - "18.2", - "18.3", - "18.3.1", - "18.3.2", - "18.4", - "18.5", - "18.6", - "18.6.1", - "18.7", - "18.7.1", - "18.8", - "18.8.1", - "19.0", - "19.1", - "19.1.1", - "19.2", - "19.3", - "19.4", - "19.4.1", - "19.5", - "19.6", - "19.6.1", - "19.6.2", - "19.7", - "2.0", - "2.0.1", - "2.0.2", - "2.1", - "2.1.1", - "2.1.2", - "2.2", - "20.0", - "20.1", - "20.1.1", - "20.10.1", - "20.2.2", - "20.3", - "20.3.1", - "20.4", - "20.6.6", - "20.6.7", - "20.6.8", - "20.7.0", - "20.8.0", - "20.8.1", - "20.9.0", - "21.0.0", - "21.1.0", - "21.2.0", - "21.2.1", - "21.2.2", - "22.0.0", - "22.0.1", - "22.0.2", - "22.0.4", - "22.0.5", - "23.0.0", - "23.1.0", - "23.2.0", - "23.2.1", - "24.0.0", - "24.0.1", - "24.0.2", - "24.0.3", - "24.1.0", - "24.1.1", - "24.2.0", - "24.2.1", - "24.3.0", - "24.3.1", - "25.0.0", - "25.0.1", - "25.0.2", - "25.1.0", - "25.1.1", - "25.1.2", - "25.1.3", - "25.1.4", - "25.1.5", - "25.1.6", - "25.2.0", - "25.3.0", - "25.4.0", - "26.0.0", - "26.1.0", - "26.1.1", - "27.0.0", - "27.1.0", - "27.1.2", - "27.2.0", - "27.3.0", - "27.3.1", - "28.0.0", - "28.1.0", - "28.2.0", - "28.3.0", - "28.4.0", - "28.5.0", - "28.6.0", - "28.6.1", - "28.7.0", - "28.7.1", - "28.8.0", - "28.8.1", - "29.0.0", - "29.0.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.2", - "3.3", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5", - "3.5.1", - "3.5.2", - "3.6", - "3.7", - "3.7.1", - "3.8", - "3.8.1", - "30.0.0", - "30.1.0", - "30.2.0", - "30.2.1", - "30.3.0", - "30.4.0", - "31.0.0", - "31.0.1", - "32.0.0", - "32.1.0", - "32.1.1", - "32.1.2", - "32.1.3", - "32.2.0", - "32.3.0", - "32.3.1", - "33.1.0", - "33.1.1", - "34.0.0", - "34.0.1", - "34.0.2", - "34.0.3", - "34.1.0", - "34.1.1", - "34.2.0", - "34.3.0", - "34.3.1", - "34.3.2", - "34.3.3", - "34.4.0", - "34.4.1", - "35.0.0", - "35.0.1", - "35.0.2", - "36.0.1", - "36.1.0", - "36.1.1", - "36.2.0", - "36.2.1", - "36.2.2", - "36.2.3", - "36.2.4", - "36.2.5", - "36.2.6", - "36.2.7", - "36.3.0", - "36.4.0", - "36.5.0", - "36.6.0", - "36.6.1", - "36.7.0", - "36.7.1", - "36.7.2", - "36.8.0", - "37.0.0", - "38.0.0", - "38.1.0", - "38.2.0", - "38.2.1", - "38.2.3", - "38.2.4", - "38.2.5", - "38.3.0", - "38.4.0", - "38.4.1", - "38.5.0", - "38.5.1", - "38.5.2", - "38.6.0", - "38.6.1", - "38.7.0", - "39.0.0", - "39.0.1", - "39.1.0", - "39.2.0", - "4.0", - "4.0.1", - "40.0.0", - "40.1.0", - "40.1.1", - "40.2.0", - "40.3.0", - "40.4.0", - "40.4.1", - "40.4.2", - "40.4.3", - "40.5.0", - "40.6.0", - "40.6.1", - "40.6.2", - "40.6.3", - "40.7.0", - "40.7.1", - "40.7.2", - "40.7.3", - "40.8.0", - "40.9.0", - "41.0.0", - "41.0.1", - "41.1.0", - "41.2.0", - "41.3.0", - "41.4.0", - "41.5.0", - "41.5.1", - "41.6.0", - "42.0.0", - "42.0.1", - "42.0.2", - "43.0.0", - "44.0.0", - "44.1.0", - "44.1.1", - "45.0.0", - "45.1.0", - "45.2.0", - "45.3.0", - "46.0.0", - "46.1.0", - "46.1.1", - "46.1.2", - "46.1.3", - "46.2.0", - "46.3.0", - "46.3.1", - "46.4.0", - "47.0.0", - "47.1.0", - "47.1.1", - "47.2.0", - "47.3.0", - "47.3.1", - "47.3.2", - "48.0.0", - "49.0.0", - "49.0.1", - "49.1.0", - "49.1.1", - "49.1.2", - "49.1.3", - "49.2.0", - "49.2.1", - "49.3.0", - "49.3.1", - "49.3.2", - "49.4.0", - "49.5.0", - "49.6.0", - "5.0", - "5.0.1", - "5.0.2", - "5.1", - "5.2", - "5.3", - "5.4", - "5.4.1", - "5.4.2", - "5.5", - "5.5.1", - "5.6", - "5.7", - "5.8", - "50.0.0", - "50.0.1", - "50.0.2", - "50.0.3", - "50.1.0", - "50.2.0", - "50.3.0", - "50.3.1", - "50.3.2", - "51.0.0", - "51.1.0", - "51.1.0.post20201221", - "51.1.1", - "51.1.2", - "51.2.0", - "51.3.0", - "51.3.1", - "51.3.2", - "51.3.3", - "52.0.0", - "53.0.0", - "53.1.0", - "54.0.0", - "54.1.0", - "54.1.1", - "54.1.2", - "54.1.3", - "54.2.0", - "56.0.0", - "56.1.0", - "56.2.0", - "57.0.0", - "57.1.0", - "57.2.0", - "57.3.0", - "57.4.0", - "57.5.0", - "58.0.0", - "58.0.1", - "58.0.2", - "58.0.3", - "58.0.4", - "58.1.0", - "58.2.0", - "58.3.0", - "58.4.0", - "58.5.0", - "58.5.1", - "58.5.2", - "58.5.3", - "59.0.1", - "59.1.0", - "59.1.1", - "59.2.0", - "59.3.0", - "59.4.0", - "59.5.0", - "59.6.0", - "59.7.0", - "59.8.0", - "6.0.1", - "6.0.2", - "6.1", - "60.0.0", - "60.0.1", - "60.0.2", - "60.0.3", - "60.0.4", - "60.0.5", - "60.1.0", - "60.1.1", - "60.10.0", - "60.2.0", - "60.3.0", - "60.3.1", - "60.4.0", - "60.5.0", - "60.6.0", - "60.7.0", - "60.7.1", - "60.8.0", - "60.8.1", - "60.8.2", - "60.9.0", - "60.9.1", - "60.9.2", - "60.9.3", - "61.0.0", - "61.1.0", - "61.1.1", - "61.2.0", - "61.3.0", - "61.3.1", - "62.0.0", - "62.1.0", - "62.2.0", - "62.3.0", - "62.3.1", - "62.3.2", - "62.3.3", - "62.3.4", - "62.4.0", - "62.5.0", - "62.6.0", - "63.0.0", - "63.0.0b1", - "63.1.0", - "63.2.0", - "63.3.0", - "63.4.0", - "63.4.1", - "63.4.2", - "63.4.3", - "64.0.0", - "64.0.1", - "64.0.2", - "64.0.3", - "65.0.0", - "65.0.1", - "65.0.2", - "65.1.0", - "65.1.1", - "65.2.0", - "65.3.0", - "65.4.0", - "65.4.1", - "65.5.0", - "7.0", - "8.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.0.4", - "8.1", - "8.2", - "8.2.1", - "8.3", - "9.0", - "9.0.1", - "9.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-r9hx-vwmv-q579/GHSA-r9hx-vwmv-q579.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/issues/3659" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pypa/setuptools/" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/" - }, - { - "type": "WEB", - "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" - }, - { - "type": "WEB", - "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" - }, - { - "type": "WEB", - "url": "https://security.netapp.com/advisory/ntap-20230214-0001/" - }, - { - "type": "WEB", - "url": "https://setuptools.pypa.io/en/latest/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-27T14:51:05Z", - "nvd_published_at": "2022-12-23T00:15:00Z", - "severity": "HIGH" - } - }, - { - "modified": "2023-05-04T04:29:29Z", - "published": "2022-12-23T00:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-43012", - "aliases": [ - "CVE-2022-40897" - ], - "details": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "setuptools", - "purl": "pkg:pypi/setuptools" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - } - ], - "repo": "https://github.com/pypa/setuptools" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "65.5.1" - } - ] - } - ], - "versions": [ - "0.6b1", - "0.6b2", - "0.6b3", - "0.6b4", - "0.6c1", - "0.6c10", - "0.6c11", - "0.6c2", - "0.6c3", - "0.6c4", - "0.6c5", - "0.6c6", - "0.6c7", - "0.6c8", - "0.6c9", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.7.7", - "0.7.8", - "0.8", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "1.0", - "1.1", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.1.7", - "1.2", - "1.3", - "1.3.1", - "1.3.2", - "1.4", - "1.4.1", - "1.4.2", - "10.0", - "10.0.1", - "10.1", - "10.2", - "10.2.1", - "11.0", - "11.1", - "11.2", - "11.3", - "11.3.1", - "12.0", - "12.0.1", - "12.0.2", - "12.0.3", - "12.0.4", - "12.0.5", - "12.1", - "12.2", - "12.3", - "12.4", - "13.0", - "13.0.1", - "13.0.2", - "14.0", - "14.1", - "14.1.1", - "14.2", - "14.3", - "14.3.1", - "15.0", - "15.1", - "15.2", - "16.0", - "17.0", - "17.1", - "17.1.1", - "18.0", - "18.0.1", - "18.1", - "18.2", - "18.3", - "18.3.1", - "18.3.2", - "18.4", - "18.5", - "18.6", - "18.6.1", - "18.7", - "18.7.1", - "18.8", - "18.8.1", - "19.0", - "19.1", - "19.1.1", - "19.2", - "19.3", - "19.4", - "19.4.1", - "19.5", - "19.6", - "19.6.1", - "19.6.2", - "19.7", - "2.0", - "2.0.1", - "2.0.2", - "2.1", - "2.1.1", - "2.1.2", - "2.2", - "20.0", - "20.1", - "20.1.1", - "20.10.1", - "20.2.2", - "20.3", - "20.3.1", - "20.4", - "20.6.6", - "20.6.7", - "20.6.8", - "20.7.0", - "20.8.0", - "20.8.1", - "20.9.0", - "21.0.0", - "21.1.0", - "21.2.0", - "21.2.1", - "21.2.2", - "22.0.0", - "22.0.1", - "22.0.2", - "22.0.4", - "22.0.5", - "23.0.0", - "23.1.0", - "23.2.0", - "23.2.1", - "24.0.0", - "24.0.1", - "24.0.2", - "24.0.3", - "24.1.0", - "24.1.1", - "24.2.0", - "24.2.1", - "24.3.0", - "24.3.1", - "25.0.0", - "25.0.1", - "25.0.2", - "25.1.0", - "25.1.1", - "25.1.2", - "25.1.3", - "25.1.4", - "25.1.5", - "25.1.6", - "25.2.0", - "25.3.0", - "25.4.0", - "26.0.0", - "26.1.0", - "26.1.1", - "27.0.0", - "27.1.0", - "27.1.2", - "27.2.0", - "27.3.0", - "27.3.1", - "28.0.0", - "28.1.0", - "28.2.0", - "28.3.0", - "28.4.0", - "28.5.0", - "28.6.0", - "28.6.1", - "28.7.0", - "28.7.1", - "28.8.0", - "28.8.1", - "29.0.0", - "29.0.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.2", - "3.3", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5", - "3.5.1", - "3.5.2", - "3.6", - "3.7", - "3.7.1", - "3.8", - "3.8.1", - "30.0.0", - "30.1.0", - "30.2.0", - "30.2.1", - "30.3.0", - "30.4.0", - "31.0.0", - "31.0.1", - "32.0.0", - "32.1.0", - "32.1.1", - "32.1.2", - "32.1.3", - "32.2.0", - "32.3.0", - "32.3.1", - "33.1.0", - "33.1.1", - "34.0.0", - "34.0.1", - "34.0.2", - "34.0.3", - "34.1.0", - "34.1.1", - "34.2.0", - "34.3.0", - "34.3.1", - "34.3.2", - "34.3.3", - "34.4.0", - "34.4.1", - "35.0.0", - "35.0.1", - "35.0.2", - "36.0.1", - "36.1.0", - "36.1.1", - "36.2.0", - "36.2.1", - "36.2.2", - "36.2.3", - "36.2.4", - "36.2.5", - "36.2.6", - "36.2.7", - "36.3.0", - "36.4.0", - "36.5.0", - "36.6.0", - "36.6.1", - "36.7.0", - "36.7.1", - "36.7.2", - "36.8.0", - "37.0.0", - "38.0.0", - "38.1.0", - "38.2.0", - "38.2.1", - "38.2.3", - "38.2.4", - "38.2.5", - "38.3.0", - "38.4.0", - "38.4.1", - "38.5.0", - "38.5.1", - "38.5.2", - "38.6.0", - "38.6.1", - "38.7.0", - "39.0.0", - "39.0.1", - "39.1.0", - "39.2.0", - "4.0", - "4.0.1", - "40.0.0", - "40.1.0", - "40.1.1", - "40.2.0", - "40.3.0", - "40.4.0", - "40.4.1", - "40.4.2", - "40.4.3", - "40.5.0", - "40.6.0", - "40.6.1", - "40.6.2", - "40.6.3", - "40.7.0", - "40.7.1", - "40.7.2", - "40.7.3", - "40.8.0", - "40.9.0", - "41.0.0", - "41.0.1", - "41.1.0", - "41.2.0", - "41.3.0", - "41.4.0", - "41.5.0", - "41.5.1", - "41.6.0", - "42.0.0", - "42.0.1", - "42.0.2", - "43.0.0", - "44.0.0", - "44.1.0", - "44.1.1", - "45.0.0", - "45.1.0", - "45.2.0", - "45.3.0", - "46.0.0", - "46.1.0", - "46.1.1", - "46.1.2", - "46.1.3", - "46.2.0", - "46.3.0", - "46.3.1", - "46.4.0", - "47.0.0", - "47.1.0", - "47.1.1", - "47.2.0", - "47.3.0", - "47.3.1", - "47.3.2", - "48.0.0", - "49.0.0", - "49.0.1", - "49.1.0", - "49.1.1", - "49.1.2", - "49.1.3", - "49.2.0", - "49.2.1", - "49.3.0", - "49.3.1", - "49.3.2", - "49.4.0", - "49.5.0", - "49.6.0", - "5.0", - "5.0.1", - "5.0.2", - "5.1", - "5.2", - "5.3", - "5.4", - "5.4.1", - "5.4.2", - "5.5", - "5.5.1", - "5.6", - "5.7", - "5.8", - "50.0.0", - "50.0.1", - "50.0.2", - "50.0.3", - "50.1.0", - "50.2.0", - "50.3.0", - "50.3.1", - "50.3.2", - "51.0.0", - "51.1.0", - "51.1.0.post20201221", - "51.1.1", - "51.1.2", - "51.2.0", - "51.3.0", - "51.3.1", - "51.3.2", - "51.3.3", - "52.0.0", - "53.0.0", - "53.1.0", - "54.0.0", - "54.1.0", - "54.1.1", - "54.1.2", - "54.1.3", - "54.2.0", - "56.0.0", - "56.1.0", - "56.2.0", - "57.0.0", - "57.1.0", - "57.2.0", - "57.3.0", - "57.4.0", - "57.5.0", - "58.0.0", - "58.0.1", - "58.0.2", - "58.0.3", - "58.0.4", - "58.1.0", - "58.2.0", - "58.3.0", - "58.4.0", - "58.5.0", - "58.5.1", - "58.5.2", - "58.5.3", - "59.0.1", - "59.1.0", - "59.1.1", - "59.2.0", - "59.3.0", - "59.4.0", - "59.5.0", - "59.6.0", - "59.7.0", - "59.8.0", - "6.0.1", - "6.0.2", - "6.1", - "60.0.0", - "60.0.1", - "60.0.2", - "60.0.3", - "60.0.4", - "60.0.5", - "60.1.0", - "60.1.1", - "60.10.0", - "60.2.0", - "60.3.0", - "60.3.1", - "60.4.0", - "60.5.0", - "60.6.0", - "60.7.0", - "60.7.1", - "60.8.0", - "60.8.1", - "60.8.2", - "60.9.0", - "60.9.1", - "60.9.2", - "60.9.3", - "61.0.0", - "61.1.0", - "61.1.1", - "61.2.0", - "61.3.0", - "61.3.1", - "62.0.0", - "62.1.0", - "62.2.0", - "62.3.0", - "62.3.1", - "62.3.2", - "62.3.3", - "62.3.4", - "62.4.0", - "62.5.0", - "62.6.0", - "63.0.0", - "63.0.0b1", - "63.1.0", - "63.2.0", - "63.3.0", - "63.4.0", - "63.4.1", - "63.4.2", - "63.4.3", - "64.0.0", - "64.0.1", - "64.0.2", - "64.0.3", - "65.0.0", - "65.0.1", - "65.0.2", - "65.1.0", - "65.1.1", - "65.2.0", - "65.3.0", - "65.4.0", - "65.4.1", - "65.5.0", - "7.0", - "8.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.0.4", - "8.1", - "8.2", - "8.2.1", - "8.3", - "9.0", - "9.0.1", - "9.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/setuptools/PYSEC-2022-43012.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200" - }, - { - "type": "WEB", - "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" - }, - { - "type": "FIX", - "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - }, - { - "type": "WEB", - "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-r9hx-vwmv-q579", - "PYSEC-2022-43012" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/pypy3.10-requirements.audit.json b/audits/pypy3.10-requirements.audit.json deleted file mode 100644 index 2e75ff9f..00000000 --- a/audits/pypy3.10-requirements.audit.json +++ /dev/null @@ -1,1221 +0,0 @@ -[ - { - "package": { - "name": "setuptools", - "version": "59.8.0", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-05-01T14:02:28Z", - "published": "2022-12-23T00:30:23Z", - "schema_version": "1.4.0", - "id": "GHSA-r9hx-vwmv-q579", - "aliases": [ - "CVE-2022-40897" - ], - "summary": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", - "details": "Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`. This has been patched in version 65.5.1.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "setuptools", - "purl": "pkg:pypi/setuptools" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "65.5.1" - } - ] - } - ], - "versions": [ - "0.6b1", - "0.6b2", - "0.6b3", - "0.6b4", - "0.6c1", - "0.6c10", - "0.6c11", - "0.6c2", - "0.6c3", - "0.6c4", - "0.6c5", - "0.6c6", - "0.6c7", - "0.6c8", - "0.6c9", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.7.7", - "0.7.8", - "0.8", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "1.0", - "1.1", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.1.7", - "1.2", - "1.3", - "1.3.1", - "1.3.2", - "1.4", - "1.4.1", - "1.4.2", - "10.0", - "10.0.1", - "10.1", - "10.2", - "10.2.1", - "11.0", - "11.1", - "11.2", - "11.3", - "11.3.1", - "12.0", - "12.0.1", - "12.0.2", - "12.0.3", - "12.0.4", - "12.0.5", - "12.1", - "12.2", - "12.3", - "12.4", - "13.0", - "13.0.1", - "13.0.2", - "14.0", - "14.1", - "14.1.1", - "14.2", - "14.3", - "14.3.1", - "15.0", - "15.1", - "15.2", - "16.0", - "17.0", - "17.1", - "17.1.1", - "18.0", - "18.0.1", - "18.1", - "18.2", - "18.3", - "18.3.1", - "18.3.2", - "18.4", - "18.5", - "18.6", - "18.6.1", - "18.7", - "18.7.1", - "18.8", - "18.8.1", - "19.0", - "19.1", - "19.1.1", - "19.2", - "19.3", - "19.4", - "19.4.1", - "19.5", - "19.6", - "19.6.1", - "19.6.2", - "19.7", - "2.0", - "2.0.1", - "2.0.2", - "2.1", - "2.1.1", - "2.1.2", - "2.2", - "20.0", - "20.1", - "20.1.1", - "20.10.1", - "20.2.2", - "20.3", - "20.3.1", - "20.4", - "20.6.6", - "20.6.7", - "20.6.8", - "20.7.0", - "20.8.0", - "20.8.1", - "20.9.0", - "21.0.0", - "21.1.0", - "21.2.0", - "21.2.1", - "21.2.2", - "22.0.0", - "22.0.1", - "22.0.2", - "22.0.4", - "22.0.5", - "23.0.0", - "23.1.0", - "23.2.0", - "23.2.1", - "24.0.0", - "24.0.1", - "24.0.2", - "24.0.3", - "24.1.0", - "24.1.1", - "24.2.0", - "24.2.1", - "24.3.0", - "24.3.1", - "25.0.0", - "25.0.1", - "25.0.2", - "25.1.0", - "25.1.1", - "25.1.2", - "25.1.3", - "25.1.4", - "25.1.5", - "25.1.6", - "25.2.0", - "25.3.0", - "25.4.0", - "26.0.0", - "26.1.0", - "26.1.1", - "27.0.0", - "27.1.0", - "27.1.2", - "27.2.0", - "27.3.0", - "27.3.1", - "28.0.0", - "28.1.0", - "28.2.0", - "28.3.0", - "28.4.0", - "28.5.0", - "28.6.0", - "28.6.1", - "28.7.0", - "28.7.1", - "28.8.0", - "28.8.1", - "29.0.0", - "29.0.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.2", - "3.3", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5", - "3.5.1", - "3.5.2", - "3.6", - "3.7", - "3.7.1", - "3.8", - "3.8.1", - "30.0.0", - "30.1.0", - "30.2.0", - "30.2.1", - "30.3.0", - "30.4.0", - "31.0.0", - "31.0.1", - "32.0.0", - "32.1.0", - "32.1.1", - "32.1.2", - "32.1.3", - "32.2.0", - "32.3.0", - "32.3.1", - "33.1.0", - "33.1.1", - "34.0.0", - "34.0.1", - "34.0.2", - "34.0.3", - "34.1.0", - "34.1.1", - "34.2.0", - "34.3.0", - "34.3.1", - "34.3.2", - "34.3.3", - "34.4.0", - "34.4.1", - "35.0.0", - "35.0.1", - "35.0.2", - "36.0.1", - "36.1.0", - "36.1.1", - "36.2.0", - "36.2.1", - "36.2.2", - "36.2.3", - "36.2.4", - "36.2.5", - "36.2.6", - "36.2.7", - "36.3.0", - "36.4.0", - "36.5.0", - "36.6.0", - "36.6.1", - "36.7.0", - "36.7.1", - "36.7.2", - "36.8.0", - "37.0.0", - "38.0.0", - "38.1.0", - "38.2.0", - "38.2.1", - "38.2.3", - "38.2.4", - "38.2.5", - "38.3.0", - "38.4.0", - "38.4.1", - "38.5.0", - "38.5.1", - "38.5.2", - "38.6.0", - "38.6.1", - "38.7.0", - "39.0.0", - "39.0.1", - "39.1.0", - "39.2.0", - "4.0", - "4.0.1", - "40.0.0", - "40.1.0", - "40.1.1", - "40.2.0", - "40.3.0", - "40.4.0", - "40.4.1", - "40.4.2", - "40.4.3", - "40.5.0", - "40.6.0", - "40.6.1", - "40.6.2", - "40.6.3", - "40.7.0", - "40.7.1", - "40.7.2", - "40.7.3", - "40.8.0", - "40.9.0", - "41.0.0", - "41.0.1", - "41.1.0", - "41.2.0", - "41.3.0", - "41.4.0", - "41.5.0", - "41.5.1", - "41.6.0", - "42.0.0", - "42.0.1", - "42.0.2", - "43.0.0", - "44.0.0", - "44.1.0", - "44.1.1", - "45.0.0", - "45.1.0", - "45.2.0", - "45.3.0", - "46.0.0", - "46.1.0", - "46.1.1", - "46.1.2", - "46.1.3", - "46.2.0", - "46.3.0", - "46.3.1", - "46.4.0", - "47.0.0", - "47.1.0", - "47.1.1", - "47.2.0", - "47.3.0", - "47.3.1", - "47.3.2", - "48.0.0", - "49.0.0", - "49.0.1", - "49.1.0", - "49.1.1", - "49.1.2", - "49.1.3", - "49.2.0", - "49.2.1", - "49.3.0", - "49.3.1", - "49.3.2", - "49.4.0", - "49.5.0", - "49.6.0", - "5.0", - "5.0.1", - "5.0.2", - "5.1", - "5.2", - "5.3", - "5.4", - "5.4.1", - "5.4.2", - "5.5", - "5.5.1", - "5.6", - "5.7", - "5.8", - "50.0.0", - "50.0.1", - "50.0.2", - "50.0.3", - "50.1.0", - "50.2.0", - "50.3.0", - "50.3.1", - "50.3.2", - "51.0.0", - "51.1.0", - "51.1.0.post20201221", - "51.1.1", - "51.1.2", - "51.2.0", - "51.3.0", - "51.3.1", - "51.3.2", - "51.3.3", - "52.0.0", - "53.0.0", - "53.1.0", - "54.0.0", - "54.1.0", - "54.1.1", - "54.1.2", - "54.1.3", - "54.2.0", - "56.0.0", - "56.1.0", - "56.2.0", - "57.0.0", - "57.1.0", - "57.2.0", - "57.3.0", - "57.4.0", - "57.5.0", - "58.0.0", - "58.0.1", - "58.0.2", - "58.0.3", - "58.0.4", - "58.1.0", - "58.2.0", - "58.3.0", - "58.4.0", - "58.5.0", - "58.5.1", - "58.5.2", - "58.5.3", - "59.0.1", - "59.1.0", - "59.1.1", - "59.2.0", - "59.3.0", - "59.4.0", - "59.5.0", - "59.6.0", - "59.7.0", - "59.8.0", - "6.0.1", - "6.0.2", - "6.1", - "60.0.0", - "60.0.1", - "60.0.2", - "60.0.3", - "60.0.4", - "60.0.5", - "60.1.0", - "60.1.1", - "60.10.0", - "60.2.0", - "60.3.0", - "60.3.1", - "60.4.0", - "60.5.0", - "60.6.0", - "60.7.0", - "60.7.1", - "60.8.0", - "60.8.1", - "60.8.2", - "60.9.0", - "60.9.1", - "60.9.2", - "60.9.3", - "61.0.0", - "61.1.0", - "61.1.1", - "61.2.0", - "61.3.0", - "61.3.1", - "62.0.0", - "62.1.0", - "62.2.0", - "62.3.0", - "62.3.1", - "62.3.2", - "62.3.3", - "62.3.4", - "62.4.0", - "62.5.0", - "62.6.0", - "63.0.0", - "63.0.0b1", - "63.1.0", - "63.2.0", - "63.3.0", - "63.4.0", - "63.4.1", - "63.4.2", - "63.4.3", - "64.0.0", - "64.0.1", - "64.0.2", - "64.0.3", - "65.0.0", - "65.0.1", - "65.0.2", - "65.1.0", - "65.1.1", - "65.2.0", - "65.3.0", - "65.4.0", - "65.4.1", - "65.5.0", - "7.0", - "8.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.0.4", - "8.1", - "8.2", - "8.2.1", - "8.3", - "9.0", - "9.0.1", - "9.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-r9hx-vwmv-q579/GHSA-r9hx-vwmv-q579.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/issues/3659" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pypa/setuptools/" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/" - }, - { - "type": "WEB", - "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" - }, - { - "type": "WEB", - "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" - }, - { - "type": "WEB", - "url": "https://security.netapp.com/advisory/ntap-20230214-0001/" - }, - { - "type": "WEB", - "url": "https://setuptools.pypa.io/en/latest/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-27T14:51:05Z", - "nvd_published_at": "2022-12-23T00:15:00Z", - "severity": "HIGH" - } - }, - { - "modified": "2023-05-04T04:29:29Z", - "published": "2022-12-23T00:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-43012", - "aliases": [ - "CVE-2022-40897" - ], - "details": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "setuptools", - "purl": "pkg:pypi/setuptools" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - } - ], - "repo": "https://github.com/pypa/setuptools" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "65.5.1" - } - ] - } - ], - "versions": [ - "0.6b1", - "0.6b2", - "0.6b3", - "0.6b4", - "0.6c1", - "0.6c10", - "0.6c11", - "0.6c2", - "0.6c3", - "0.6c4", - "0.6c5", - "0.6c6", - "0.6c7", - "0.6c8", - "0.6c9", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.7.7", - "0.7.8", - "0.8", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "1.0", - "1.1", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.1.7", - "1.2", - "1.3", - "1.3.1", - "1.3.2", - "1.4", - "1.4.1", - "1.4.2", - "10.0", - "10.0.1", - "10.1", - "10.2", - "10.2.1", - "11.0", - "11.1", - "11.2", - "11.3", - "11.3.1", - "12.0", - "12.0.1", - "12.0.2", - "12.0.3", - "12.0.4", - "12.0.5", - "12.1", - "12.2", - "12.3", - "12.4", - "13.0", - "13.0.1", - "13.0.2", - "14.0", - "14.1", - "14.1.1", - "14.2", - "14.3", - "14.3.1", - "15.0", - "15.1", - "15.2", - "16.0", - "17.0", - "17.1", - "17.1.1", - "18.0", - "18.0.1", - "18.1", - "18.2", - "18.3", - "18.3.1", - "18.3.2", - "18.4", - "18.5", - "18.6", - "18.6.1", - "18.7", - "18.7.1", - "18.8", - "18.8.1", - "19.0", - "19.1", - "19.1.1", - "19.2", - "19.3", - "19.4", - "19.4.1", - "19.5", - "19.6", - "19.6.1", - "19.6.2", - "19.7", - "2.0", - "2.0.1", - "2.0.2", - "2.1", - "2.1.1", - "2.1.2", - "2.2", - "20.0", - "20.1", - "20.1.1", - "20.10.1", - "20.2.2", - "20.3", - "20.3.1", - "20.4", - "20.6.6", - "20.6.7", - "20.6.8", - "20.7.0", - "20.8.0", - "20.8.1", - "20.9.0", - "21.0.0", - "21.1.0", - "21.2.0", - "21.2.1", - "21.2.2", - "22.0.0", - "22.0.1", - "22.0.2", - "22.0.4", - "22.0.5", - "23.0.0", - "23.1.0", - "23.2.0", - "23.2.1", - "24.0.0", - "24.0.1", - "24.0.2", - "24.0.3", - "24.1.0", - "24.1.1", - "24.2.0", - "24.2.1", - "24.3.0", - "24.3.1", - "25.0.0", - "25.0.1", - "25.0.2", - "25.1.0", - "25.1.1", - "25.1.2", - "25.1.3", - "25.1.4", - "25.1.5", - "25.1.6", - "25.2.0", - "25.3.0", - "25.4.0", - "26.0.0", - "26.1.0", - "26.1.1", - "27.0.0", - "27.1.0", - "27.1.2", - "27.2.0", - "27.3.0", - "27.3.1", - "28.0.0", - "28.1.0", - "28.2.0", - "28.3.0", - "28.4.0", - "28.5.0", - "28.6.0", - "28.6.1", - "28.7.0", - "28.7.1", - "28.8.0", - "28.8.1", - "29.0.0", - "29.0.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.2", - "3.3", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5", - "3.5.1", - "3.5.2", - "3.6", - "3.7", - "3.7.1", - "3.8", - "3.8.1", - "30.0.0", - "30.1.0", - "30.2.0", - "30.2.1", - "30.3.0", - "30.4.0", - "31.0.0", - "31.0.1", - "32.0.0", - "32.1.0", - "32.1.1", - "32.1.2", - "32.1.3", - "32.2.0", - "32.3.0", - "32.3.1", - "33.1.0", - "33.1.1", - "34.0.0", - "34.0.1", - "34.0.2", - "34.0.3", - "34.1.0", - "34.1.1", - "34.2.0", - "34.3.0", - "34.3.1", - "34.3.2", - "34.3.3", - "34.4.0", - "34.4.1", - "35.0.0", - "35.0.1", - "35.0.2", - "36.0.1", - "36.1.0", - "36.1.1", - "36.2.0", - "36.2.1", - "36.2.2", - "36.2.3", - "36.2.4", - "36.2.5", - "36.2.6", - "36.2.7", - "36.3.0", - "36.4.0", - "36.5.0", - "36.6.0", - "36.6.1", - "36.7.0", - "36.7.1", - "36.7.2", - "36.8.0", - "37.0.0", - "38.0.0", - "38.1.0", - "38.2.0", - "38.2.1", - "38.2.3", - "38.2.4", - "38.2.5", - "38.3.0", - "38.4.0", - "38.4.1", - "38.5.0", - "38.5.1", - "38.5.2", - "38.6.0", - "38.6.1", - "38.7.0", - "39.0.0", - "39.0.1", - "39.1.0", - "39.2.0", - "4.0", - "4.0.1", - "40.0.0", - "40.1.0", - "40.1.1", - "40.2.0", - "40.3.0", - "40.4.0", - "40.4.1", - "40.4.2", - "40.4.3", - "40.5.0", - "40.6.0", - "40.6.1", - "40.6.2", - "40.6.3", - "40.7.0", - "40.7.1", - "40.7.2", - "40.7.3", - "40.8.0", - "40.9.0", - "41.0.0", - "41.0.1", - "41.1.0", - "41.2.0", - "41.3.0", - "41.4.0", - "41.5.0", - "41.5.1", - "41.6.0", - "42.0.0", - "42.0.1", - "42.0.2", - "43.0.0", - "44.0.0", - "44.1.0", - "44.1.1", - "45.0.0", - "45.1.0", - "45.2.0", - "45.3.0", - "46.0.0", - "46.1.0", - "46.1.1", - "46.1.2", - "46.1.3", - "46.2.0", - "46.3.0", - "46.3.1", - "46.4.0", - "47.0.0", - "47.1.0", - "47.1.1", - "47.2.0", - "47.3.0", - "47.3.1", - "47.3.2", - "48.0.0", - "49.0.0", - "49.0.1", - "49.1.0", - "49.1.1", - "49.1.2", - "49.1.3", - "49.2.0", - "49.2.1", - "49.3.0", - "49.3.1", - "49.3.2", - "49.4.0", - "49.5.0", - "49.6.0", - "5.0", - "5.0.1", - "5.0.2", - "5.1", - "5.2", - "5.3", - "5.4", - "5.4.1", - "5.4.2", - "5.5", - "5.5.1", - "5.6", - "5.7", - "5.8", - "50.0.0", - "50.0.1", - "50.0.2", - "50.0.3", - "50.1.0", - "50.2.0", - "50.3.0", - "50.3.1", - "50.3.2", - "51.0.0", - "51.1.0", - "51.1.0.post20201221", - "51.1.1", - "51.1.2", - "51.2.0", - "51.3.0", - "51.3.1", - "51.3.2", - "51.3.3", - "52.0.0", - "53.0.0", - "53.1.0", - "54.0.0", - "54.1.0", - "54.1.1", - "54.1.2", - "54.1.3", - "54.2.0", - "56.0.0", - "56.1.0", - "56.2.0", - "57.0.0", - "57.1.0", - "57.2.0", - "57.3.0", - "57.4.0", - "57.5.0", - "58.0.0", - "58.0.1", - "58.0.2", - "58.0.3", - "58.0.4", - "58.1.0", - "58.2.0", - "58.3.0", - "58.4.0", - "58.5.0", - "58.5.1", - "58.5.2", - "58.5.3", - "59.0.1", - "59.1.0", - "59.1.1", - "59.2.0", - "59.3.0", - "59.4.0", - "59.5.0", - "59.6.0", - "59.7.0", - "59.8.0", - "6.0.1", - "6.0.2", - "6.1", - "60.0.0", - "60.0.1", - "60.0.2", - "60.0.3", - "60.0.4", - "60.0.5", - "60.1.0", - "60.1.1", - "60.10.0", - "60.2.0", - "60.3.0", - "60.3.1", - "60.4.0", - "60.5.0", - "60.6.0", - "60.7.0", - "60.7.1", - "60.8.0", - "60.8.1", - "60.8.2", - "60.9.0", - "60.9.1", - "60.9.2", - "60.9.3", - "61.0.0", - "61.1.0", - "61.1.1", - "61.2.0", - "61.3.0", - "61.3.1", - "62.0.0", - "62.1.0", - "62.2.0", - "62.3.0", - "62.3.1", - "62.3.2", - "62.3.3", - "62.3.4", - "62.4.0", - "62.5.0", - "62.6.0", - "63.0.0", - "63.0.0b1", - "63.1.0", - "63.2.0", - "63.3.0", - "63.4.0", - "63.4.1", - "63.4.2", - "63.4.3", - "64.0.0", - "64.0.1", - "64.0.2", - "64.0.3", - "65.0.0", - "65.0.1", - "65.0.2", - "65.1.0", - "65.1.1", - "65.2.0", - "65.3.0", - "65.4.0", - "65.4.1", - "65.5.0", - "7.0", - "8.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.0.4", - "8.1", - "8.2", - "8.2.1", - "8.3", - "9.0", - "9.0.1", - "9.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/setuptools/PYSEC-2022-43012.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200" - }, - { - "type": "WEB", - "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" - }, - { - "type": "FIX", - "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - }, - { - "type": "WEB", - "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-r9hx-vwmv-q579", - "PYSEC-2022-43012" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/pypy3.9-requirements.audit.json b/audits/pypy3.9-requirements.audit.json deleted file mode 100644 index 2e75ff9f..00000000 --- a/audits/pypy3.9-requirements.audit.json +++ /dev/null @@ -1,1221 +0,0 @@ -[ - { - "package": { - "name": "setuptools", - "version": "59.8.0", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-05-01T14:02:28Z", - "published": "2022-12-23T00:30:23Z", - "schema_version": "1.4.0", - "id": "GHSA-r9hx-vwmv-q579", - "aliases": [ - "CVE-2022-40897" - ], - "summary": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", - "details": "Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`. This has been patched in version 65.5.1.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "setuptools", - "purl": "pkg:pypi/setuptools" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "65.5.1" - } - ] - } - ], - "versions": [ - "0.6b1", - "0.6b2", - "0.6b3", - "0.6b4", - "0.6c1", - "0.6c10", - "0.6c11", - "0.6c2", - "0.6c3", - "0.6c4", - "0.6c5", - "0.6c6", - "0.6c7", - "0.6c8", - "0.6c9", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.7.7", - "0.7.8", - "0.8", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "1.0", - "1.1", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.1.7", - "1.2", - "1.3", - "1.3.1", - "1.3.2", - "1.4", - "1.4.1", - "1.4.2", - "10.0", - "10.0.1", - "10.1", - "10.2", - "10.2.1", - "11.0", - "11.1", - "11.2", - "11.3", - "11.3.1", - "12.0", - "12.0.1", - "12.0.2", - "12.0.3", - "12.0.4", - "12.0.5", - "12.1", - "12.2", - "12.3", - "12.4", - "13.0", - "13.0.1", - "13.0.2", - "14.0", - "14.1", - "14.1.1", - "14.2", - "14.3", - "14.3.1", - "15.0", - "15.1", - "15.2", - "16.0", - "17.0", - "17.1", - "17.1.1", - "18.0", - "18.0.1", - "18.1", - "18.2", - "18.3", - "18.3.1", - "18.3.2", - "18.4", - "18.5", - "18.6", - "18.6.1", - "18.7", - "18.7.1", - "18.8", - "18.8.1", - "19.0", - "19.1", - "19.1.1", - "19.2", - "19.3", - "19.4", - "19.4.1", - "19.5", - "19.6", - "19.6.1", - "19.6.2", - "19.7", - "2.0", - "2.0.1", - "2.0.2", - "2.1", - "2.1.1", - "2.1.2", - "2.2", - "20.0", - "20.1", - "20.1.1", - "20.10.1", - "20.2.2", - "20.3", - "20.3.1", - "20.4", - "20.6.6", - "20.6.7", - "20.6.8", - "20.7.0", - "20.8.0", - "20.8.1", - "20.9.0", - "21.0.0", - "21.1.0", - "21.2.0", - "21.2.1", - "21.2.2", - "22.0.0", - "22.0.1", - "22.0.2", - "22.0.4", - "22.0.5", - "23.0.0", - "23.1.0", - "23.2.0", - "23.2.1", - "24.0.0", - "24.0.1", - "24.0.2", - "24.0.3", - "24.1.0", - "24.1.1", - "24.2.0", - "24.2.1", - "24.3.0", - "24.3.1", - "25.0.0", - "25.0.1", - "25.0.2", - "25.1.0", - "25.1.1", - "25.1.2", - "25.1.3", - "25.1.4", - "25.1.5", - "25.1.6", - "25.2.0", - "25.3.0", - "25.4.0", - "26.0.0", - "26.1.0", - "26.1.1", - "27.0.0", - "27.1.0", - "27.1.2", - "27.2.0", - "27.3.0", - "27.3.1", - "28.0.0", - "28.1.0", - "28.2.0", - "28.3.0", - "28.4.0", - "28.5.0", - "28.6.0", - "28.6.1", - "28.7.0", - "28.7.1", - "28.8.0", - "28.8.1", - "29.0.0", - "29.0.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.2", - "3.3", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5", - "3.5.1", - "3.5.2", - "3.6", - "3.7", - "3.7.1", - "3.8", - "3.8.1", - "30.0.0", - "30.1.0", - "30.2.0", - "30.2.1", - "30.3.0", - "30.4.0", - "31.0.0", - "31.0.1", - "32.0.0", - "32.1.0", - "32.1.1", - "32.1.2", - "32.1.3", - "32.2.0", - "32.3.0", - "32.3.1", - "33.1.0", - "33.1.1", - "34.0.0", - "34.0.1", - "34.0.2", - "34.0.3", - "34.1.0", - "34.1.1", - "34.2.0", - "34.3.0", - "34.3.1", - "34.3.2", - "34.3.3", - "34.4.0", - "34.4.1", - "35.0.0", - "35.0.1", - "35.0.2", - "36.0.1", - "36.1.0", - "36.1.1", - "36.2.0", - "36.2.1", - "36.2.2", - "36.2.3", - "36.2.4", - "36.2.5", - "36.2.6", - "36.2.7", - "36.3.0", - "36.4.0", - "36.5.0", - "36.6.0", - "36.6.1", - "36.7.0", - "36.7.1", - "36.7.2", - "36.8.0", - "37.0.0", - "38.0.0", - "38.1.0", - "38.2.0", - "38.2.1", - "38.2.3", - "38.2.4", - "38.2.5", - "38.3.0", - "38.4.0", - "38.4.1", - "38.5.0", - "38.5.1", - "38.5.2", - "38.6.0", - "38.6.1", - "38.7.0", - "39.0.0", - "39.0.1", - "39.1.0", - "39.2.0", - "4.0", - "4.0.1", - "40.0.0", - "40.1.0", - "40.1.1", - "40.2.0", - "40.3.0", - "40.4.0", - "40.4.1", - "40.4.2", - "40.4.3", - "40.5.0", - "40.6.0", - "40.6.1", - "40.6.2", - "40.6.3", - "40.7.0", - "40.7.1", - "40.7.2", - "40.7.3", - "40.8.0", - "40.9.0", - "41.0.0", - "41.0.1", - "41.1.0", - "41.2.0", - "41.3.0", - "41.4.0", - "41.5.0", - "41.5.1", - "41.6.0", - "42.0.0", - "42.0.1", - "42.0.2", - "43.0.0", - "44.0.0", - "44.1.0", - "44.1.1", - "45.0.0", - "45.1.0", - "45.2.0", - "45.3.0", - "46.0.0", - "46.1.0", - "46.1.1", - "46.1.2", - "46.1.3", - "46.2.0", - "46.3.0", - "46.3.1", - "46.4.0", - "47.0.0", - "47.1.0", - "47.1.1", - "47.2.0", - "47.3.0", - "47.3.1", - "47.3.2", - "48.0.0", - "49.0.0", - "49.0.1", - "49.1.0", - "49.1.1", - "49.1.2", - "49.1.3", - "49.2.0", - "49.2.1", - "49.3.0", - "49.3.1", - "49.3.2", - "49.4.0", - "49.5.0", - "49.6.0", - "5.0", - "5.0.1", - "5.0.2", - "5.1", - "5.2", - "5.3", - "5.4", - "5.4.1", - "5.4.2", - "5.5", - "5.5.1", - "5.6", - "5.7", - "5.8", - "50.0.0", - "50.0.1", - "50.0.2", - "50.0.3", - "50.1.0", - "50.2.0", - "50.3.0", - "50.3.1", - "50.3.2", - "51.0.0", - "51.1.0", - "51.1.0.post20201221", - "51.1.1", - "51.1.2", - "51.2.0", - "51.3.0", - "51.3.1", - "51.3.2", - "51.3.3", - "52.0.0", - "53.0.0", - "53.1.0", - "54.0.0", - "54.1.0", - "54.1.1", - "54.1.2", - "54.1.3", - "54.2.0", - "56.0.0", - "56.1.0", - "56.2.0", - "57.0.0", - "57.1.0", - "57.2.0", - "57.3.0", - "57.4.0", - "57.5.0", - "58.0.0", - "58.0.1", - "58.0.2", - "58.0.3", - "58.0.4", - "58.1.0", - "58.2.0", - "58.3.0", - "58.4.0", - "58.5.0", - "58.5.1", - "58.5.2", - "58.5.3", - "59.0.1", - "59.1.0", - "59.1.1", - "59.2.0", - "59.3.0", - "59.4.0", - "59.5.0", - "59.6.0", - "59.7.0", - "59.8.0", - "6.0.1", - "6.0.2", - "6.1", - "60.0.0", - "60.0.1", - "60.0.2", - "60.0.3", - "60.0.4", - "60.0.5", - "60.1.0", - "60.1.1", - "60.10.0", - "60.2.0", - "60.3.0", - "60.3.1", - "60.4.0", - "60.5.0", - "60.6.0", - "60.7.0", - "60.7.1", - "60.8.0", - "60.8.1", - "60.8.2", - "60.9.0", - "60.9.1", - "60.9.2", - "60.9.3", - "61.0.0", - "61.1.0", - "61.1.1", - "61.2.0", - "61.3.0", - "61.3.1", - "62.0.0", - "62.1.0", - "62.2.0", - "62.3.0", - "62.3.1", - "62.3.2", - "62.3.3", - "62.3.4", - "62.4.0", - "62.5.0", - "62.6.0", - "63.0.0", - "63.0.0b1", - "63.1.0", - "63.2.0", - "63.3.0", - "63.4.0", - "63.4.1", - "63.4.2", - "63.4.3", - "64.0.0", - "64.0.1", - "64.0.2", - "64.0.3", - "65.0.0", - "65.0.1", - "65.0.2", - "65.1.0", - "65.1.1", - "65.2.0", - "65.3.0", - "65.4.0", - "65.4.1", - "65.5.0", - "7.0", - "8.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.0.4", - "8.1", - "8.2", - "8.2.1", - "8.3", - "9.0", - "9.0.1", - "9.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-r9hx-vwmv-q579/GHSA-r9hx-vwmv-q579.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/issues/3659" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pypa/setuptools/" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/" - }, - { - "type": "WEB", - "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" - }, - { - "type": "WEB", - "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" - }, - { - "type": "WEB", - "url": "https://security.netapp.com/advisory/ntap-20230214-0001/" - }, - { - "type": "WEB", - "url": "https://setuptools.pypa.io/en/latest/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-27T14:51:05Z", - "nvd_published_at": "2022-12-23T00:15:00Z", - "severity": "HIGH" - } - }, - { - "modified": "2023-05-04T04:29:29Z", - "published": "2022-12-23T00:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-43012", - "aliases": [ - "CVE-2022-40897" - ], - "details": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "setuptools", - "purl": "pkg:pypi/setuptools" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - } - ], - "repo": "https://github.com/pypa/setuptools" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "65.5.1" - } - ] - } - ], - "versions": [ - "0.6b1", - "0.6b2", - "0.6b3", - "0.6b4", - "0.6c1", - "0.6c10", - "0.6c11", - "0.6c2", - "0.6c3", - "0.6c4", - "0.6c5", - "0.6c6", - "0.6c7", - "0.6c8", - "0.6c9", - "0.7.2", - "0.7.3", - "0.7.4", - "0.7.5", - "0.7.6", - "0.7.7", - "0.7.8", - "0.8", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "1.0", - "1.1", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "1.1.5", - "1.1.6", - "1.1.7", - "1.2", - "1.3", - "1.3.1", - "1.3.2", - "1.4", - "1.4.1", - "1.4.2", - "10.0", - "10.0.1", - "10.1", - "10.2", - "10.2.1", - "11.0", - "11.1", - "11.2", - "11.3", - "11.3.1", - "12.0", - "12.0.1", - "12.0.2", - "12.0.3", - "12.0.4", - "12.0.5", - "12.1", - "12.2", - "12.3", - "12.4", - "13.0", - "13.0.1", - "13.0.2", - "14.0", - "14.1", - "14.1.1", - "14.2", - "14.3", - "14.3.1", - "15.0", - "15.1", - "15.2", - "16.0", - "17.0", - "17.1", - "17.1.1", - "18.0", - "18.0.1", - "18.1", - "18.2", - "18.3", - "18.3.1", - "18.3.2", - "18.4", - "18.5", - "18.6", - "18.6.1", - "18.7", - "18.7.1", - "18.8", - "18.8.1", - "19.0", - "19.1", - "19.1.1", - "19.2", - "19.3", - "19.4", - "19.4.1", - "19.5", - "19.6", - "19.6.1", - "19.6.2", - "19.7", - "2.0", - "2.0.1", - "2.0.2", - "2.1", - "2.1.1", - "2.1.2", - "2.2", - "20.0", - "20.1", - "20.1.1", - "20.10.1", - "20.2.2", - "20.3", - "20.3.1", - "20.4", - "20.6.6", - "20.6.7", - "20.6.8", - "20.7.0", - "20.8.0", - "20.8.1", - "20.9.0", - "21.0.0", - "21.1.0", - "21.2.0", - "21.2.1", - "21.2.2", - "22.0.0", - "22.0.1", - "22.0.2", - "22.0.4", - "22.0.5", - "23.0.0", - "23.1.0", - "23.2.0", - "23.2.1", - "24.0.0", - "24.0.1", - "24.0.2", - "24.0.3", - "24.1.0", - "24.1.1", - "24.2.0", - "24.2.1", - "24.3.0", - "24.3.1", - "25.0.0", - "25.0.1", - "25.0.2", - "25.1.0", - "25.1.1", - "25.1.2", - "25.1.3", - "25.1.4", - "25.1.5", - "25.1.6", - "25.2.0", - "25.3.0", - "25.4.0", - "26.0.0", - "26.1.0", - "26.1.1", - "27.0.0", - "27.1.0", - "27.1.2", - "27.2.0", - "27.3.0", - "27.3.1", - "28.0.0", - "28.1.0", - "28.2.0", - "28.3.0", - "28.4.0", - "28.5.0", - "28.6.0", - "28.6.1", - "28.7.0", - "28.7.1", - "28.8.0", - "28.8.1", - "29.0.0", - "29.0.1", - "3.0", - "3.0.1", - "3.0.2", - "3.1", - "3.2", - "3.3", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.5", - "3.5.1", - "3.5.2", - "3.6", - "3.7", - "3.7.1", - "3.8", - "3.8.1", - "30.0.0", - "30.1.0", - "30.2.0", - "30.2.1", - "30.3.0", - "30.4.0", - "31.0.0", - "31.0.1", - "32.0.0", - "32.1.0", - "32.1.1", - "32.1.2", - "32.1.3", - "32.2.0", - "32.3.0", - "32.3.1", - "33.1.0", - "33.1.1", - "34.0.0", - "34.0.1", - "34.0.2", - "34.0.3", - "34.1.0", - "34.1.1", - "34.2.0", - "34.3.0", - "34.3.1", - "34.3.2", - "34.3.3", - "34.4.0", - "34.4.1", - "35.0.0", - "35.0.1", - "35.0.2", - "36.0.1", - "36.1.0", - "36.1.1", - "36.2.0", - "36.2.1", - "36.2.2", - "36.2.3", - "36.2.4", - "36.2.5", - "36.2.6", - "36.2.7", - "36.3.0", - "36.4.0", - "36.5.0", - "36.6.0", - "36.6.1", - "36.7.0", - "36.7.1", - "36.7.2", - "36.8.0", - "37.0.0", - "38.0.0", - "38.1.0", - "38.2.0", - "38.2.1", - "38.2.3", - "38.2.4", - "38.2.5", - "38.3.0", - "38.4.0", - "38.4.1", - "38.5.0", - "38.5.1", - "38.5.2", - "38.6.0", - "38.6.1", - "38.7.0", - "39.0.0", - "39.0.1", - "39.1.0", - "39.2.0", - "4.0", - "4.0.1", - "40.0.0", - "40.1.0", - "40.1.1", - "40.2.0", - "40.3.0", - "40.4.0", - "40.4.1", - "40.4.2", - "40.4.3", - "40.5.0", - "40.6.0", - "40.6.1", - "40.6.2", - "40.6.3", - "40.7.0", - "40.7.1", - "40.7.2", - "40.7.3", - "40.8.0", - "40.9.0", - "41.0.0", - "41.0.1", - "41.1.0", - "41.2.0", - "41.3.0", - "41.4.0", - "41.5.0", - "41.5.1", - "41.6.0", - "42.0.0", - "42.0.1", - "42.0.2", - "43.0.0", - "44.0.0", - "44.1.0", - "44.1.1", - "45.0.0", - "45.1.0", - "45.2.0", - "45.3.0", - "46.0.0", - "46.1.0", - "46.1.1", - "46.1.2", - "46.1.3", - "46.2.0", - "46.3.0", - "46.3.1", - "46.4.0", - "47.0.0", - "47.1.0", - "47.1.1", - "47.2.0", - "47.3.0", - "47.3.1", - "47.3.2", - "48.0.0", - "49.0.0", - "49.0.1", - "49.1.0", - "49.1.1", - "49.1.2", - "49.1.3", - "49.2.0", - "49.2.1", - "49.3.0", - "49.3.1", - "49.3.2", - "49.4.0", - "49.5.0", - "49.6.0", - "5.0", - "5.0.1", - "5.0.2", - "5.1", - "5.2", - "5.3", - "5.4", - "5.4.1", - "5.4.2", - "5.5", - "5.5.1", - "5.6", - "5.7", - "5.8", - "50.0.0", - "50.0.1", - "50.0.2", - "50.0.3", - "50.1.0", - "50.2.0", - "50.3.0", - "50.3.1", - "50.3.2", - "51.0.0", - "51.1.0", - "51.1.0.post20201221", - "51.1.1", - "51.1.2", - "51.2.0", - "51.3.0", - "51.3.1", - "51.3.2", - "51.3.3", - "52.0.0", - "53.0.0", - "53.1.0", - "54.0.0", - "54.1.0", - "54.1.1", - "54.1.2", - "54.1.3", - "54.2.0", - "56.0.0", - "56.1.0", - "56.2.0", - "57.0.0", - "57.1.0", - "57.2.0", - "57.3.0", - "57.4.0", - "57.5.0", - "58.0.0", - "58.0.1", - "58.0.2", - "58.0.3", - "58.0.4", - "58.1.0", - "58.2.0", - "58.3.0", - "58.4.0", - "58.5.0", - "58.5.1", - "58.5.2", - "58.5.3", - "59.0.1", - "59.1.0", - "59.1.1", - "59.2.0", - "59.3.0", - "59.4.0", - "59.5.0", - "59.6.0", - "59.7.0", - "59.8.0", - "6.0.1", - "6.0.2", - "6.1", - "60.0.0", - "60.0.1", - "60.0.2", - "60.0.3", - "60.0.4", - "60.0.5", - "60.1.0", - "60.1.1", - "60.10.0", - "60.2.0", - "60.3.0", - "60.3.1", - "60.4.0", - "60.5.0", - "60.6.0", - "60.7.0", - "60.7.1", - "60.8.0", - "60.8.1", - "60.8.2", - "60.9.0", - "60.9.1", - "60.9.2", - "60.9.3", - "61.0.0", - "61.1.0", - "61.1.1", - "61.2.0", - "61.3.0", - "61.3.1", - "62.0.0", - "62.1.0", - "62.2.0", - "62.3.0", - "62.3.1", - "62.3.2", - "62.3.3", - "62.3.4", - "62.4.0", - "62.5.0", - "62.6.0", - "63.0.0", - "63.0.0b1", - "63.1.0", - "63.2.0", - "63.3.0", - "63.4.0", - "63.4.1", - "63.4.2", - "63.4.3", - "64.0.0", - "64.0.1", - "64.0.2", - "64.0.3", - "65.0.0", - "65.0.1", - "65.0.2", - "65.1.0", - "65.1.1", - "65.2.0", - "65.3.0", - "65.4.0", - "65.4.1", - "65.5.0", - "7.0", - "8.0", - "8.0.1", - "8.0.2", - "8.0.3", - "8.0.4", - "8.1", - "8.2", - "8.2.1", - "8.3", - "9.0", - "9.0.1", - "9.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/setuptools/PYSEC-2022-43012.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200" - }, - { - "type": "WEB", - "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" - }, - { - "type": "FIX", - "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" - }, - { - "type": "WEB", - "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-r9hx-vwmv-q579", - "PYSEC-2022-43012" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/recon-ng-requirements.audit.json b/audits/recon-ng-requirements.audit.json deleted file mode 100644 index bd2dbcf1..00000000 --- a/audits/recon-ng-requirements.audit.json +++ /dev/null @@ -1,1763 +0,0 @@ -[ - { - "package": { - "name": "flask", - "version": "2.2.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-30T20:34:44Z", - "published": "2023-05-01T19:22:20Z", - "schema_version": "1.4.0", - "id": "GHSA-m2qf-hxjv-5gpq", - "aliases": [ - "CVE-2023-30861" - ], - "summary": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", - "details": "When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session, and the proxy's behavior regarding cookies. The risk depends on _all_ these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets [`session.permanent = True`](https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent).\n2. The application does not access or modify the session at any point during a request.\n4. [`SESSION_REFRESH_EACH_REQUEST`](https://flask.palletsprojects.com/en/2.3.x/config/#SESSION_REFRESH_EACH_REQUEST) is enabled (the default).\n5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "flask", - "purl": "pkg:pypi/flask" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.3.2" - } - ] - } - ], - "versions": [ - "2.3.0", - "2.3.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-m2qf-hxjv-5gpq/GHSA-m2qf-hxjv-5gpq.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "flask.sessions.SecureCookieSessionInterface.save_session" - ] - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "flask", - "purl": "pkg:pypi/flask" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.2.5" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.11", - "0.11.1", - "0.12", - "0.12.1", - "0.12.2", - "0.12.3", - "0.12.4", - "0.12.5", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.5", - "0.5.1", - "0.5.2", - "0.6", - "0.6.1", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.9", - "1.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.2.1", - "2.2.2", - "2.2.3", - "2.2.4" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-m2qf-hxjv-5gpq/GHSA-m2qf-hxjv-5gpq.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "flask.sessions.SecureCookieSessionInterface.save_session" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30861" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pallets/flask" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/flask/releases/tag/2.2.5" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/flask/releases/tag/2.3.2" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2023/dsa-5442" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-539" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-01T19:22:20Z", - "nvd_published_at": null, - "severity": "HIGH" - } - }, - { - "modified": "2023-06-05T01:12:52Z", - "published": "2023-05-02T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-62", - "aliases": [ - "CVE-2023-30861", - "GHSA-m2qf-hxjv-5gpq" - ], - "details": "Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets `session.permanent = True`\n3. The application does not access or modify the session at any point during a request.\n4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).\n5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "flask", - "purl": "pkg:pypi/flask" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "70f906c51ce49c485f1d355703e9cc3386b1cc2b" - }, - { - "fixed": "afd63b16170b7c047f5758eb910c416511e9c965" - } - ], - "repo": "https://github.com/pallets/flask" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.2.5" - }, - { - "introduced": "2.3.0" - }, - { - "fixed": "2.3.2" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.11", - "0.11.1", - "0.12", - "0.12.1", - "0.12.2", - "0.12.3", - "0.12.4", - "0.12.5", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.5", - "0.5.1", - "0.5.2", - "0.6", - "0.6.1", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.9", - "1.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.1.4", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.2.1", - "2.2.2", - "2.2.3", - "2.2.4", - "2.3.0", - "2.3.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/flask/PYSEC-2023-62.yaml" - } - } - ], - "references": [ - { - "type": "FIX", - "url": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/flask/releases/tag/2.3.2" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/flask/releases/tag/2.2.5" - }, - { - "type": "ADVISORY", - "url": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq" - }, - { - "type": "FIX", - "url": "https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-m2qf-hxjv-5gpq", - "PYSEC-2023-62" - ] - } - ] - }, - { - "package": { - "name": "redis", - "version": "4.4.0", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-06T18:18:13Z", - "published": "2023-03-26T21:30:23Z", - "schema_version": "1.4.0", - "id": "GHSA-24wv-mv5m-xv4h", - "aliases": [ - "CVE-2023-28858" - ], - "summary": "redis-py Race Condition vulnerability", - "details": "redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3, but [are believed to be incomplete](https://github.com/redis/redis-py/issues/2665). CVE-2023-28859 has been assigned the issues caused by the incomplete fixes.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.4.0" - }, - { - "fixed": "4.4.3" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.4.1", - "4.4.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-24wv-mv5m-xv4h/GHSA-24wv-mv5m-xv4h.json" - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.5.0" - }, - { - "fixed": "4.5.3" - } - ] - } - ], - "versions": [ - "4.5.0", - "4.5.1", - "4.5.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-24wv-mv5m-xv4h/GHSA-24wv-mv5m-xv4h.json" - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.2.0" - }, - { - "fixed": "4.3.6" - } - ] - } - ], - "versions": [ - "4.2.0", - "4.2.1", - "4.2.2", - "4.3.0", - "4.3.1", - "4.3.2", - "4.3.3", - "4.3.4", - "4.3.5" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-24wv-mv5m-xv4h/GHSA-24wv-mv5m-xv4h.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28858" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/issues/2624" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/2641" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/commit/d56baeb683fc1935cfa343fa2eeb0fa9bd955283" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/redis/PYSEC-2023-45.yaml" - }, - { - "type": "PACKAGE", - "url": "https://github.com/redis/redis-py" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/compare/v4.3.5...v4.3.6" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/compare/v4.4.2...v4.4.3" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/compare/v4.5.2...v4.5.3" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/releases/tag/v4.4.4" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/releases/tag/v4.5.4" - }, - { - "type": "WEB", - "url": "https://openai.com/blog/march-20-chatgpt-outage" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-193" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-03-27T21:31:45Z", - "nvd_published_at": "2023-03-26T19:15:00Z", - "severity": "LOW" - } - }, - { - "modified": "2023-05-31T18:33:13Z", - "published": "2023-03-26T21:30:23Z", - "schema_version": "1.4.0", - "id": "GHSA-8fww-64cx-x8p5", - "aliases": [ - "CVE-2023-28859" - ], - "summary": "redis-py Race Condition due to incomplete fix", - "details": "redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete fix for CVE-2023-28858.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.5.0" - }, - { - "fixed": "4.5.4" - } - ] - } - ], - "versions": [ - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-8fww-64cx-x8p5/GHSA-8fww-64cx-x8p5.json" - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.2.0" - }, - { - "fixed": "4.4.4" - } - ] - } - ], - "versions": [ - "4.2.0", - "4.2.1", - "4.2.2", - "4.3.0", - "4.3.1", - "4.3.2", - "4.3.3", - "4.3.4", - "4.3.5", - "4.3.6", - "4.4.0", - "4.4.0rc1", - "4.4.0rc2", - "4.4.0rc3", - "4.4.0rc4", - "4.4.1", - "4.4.2", - "4.4.3" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-8fww-64cx-x8p5/GHSA-8fww-64cx-x8p5.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28859" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/issues/2665" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/1899" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/2641" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/2666" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/2671" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/redis/PYSEC-2023-46.yaml" - }, - { - "type": "PACKAGE", - "url": "https://github.com/redis/redis-py" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/releases/tag/v4.4.4" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/releases/tag/v4.5.4" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-459" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-03-27T21:31:52Z", - "nvd_published_at": "2023-03-26T19:15:00Z", - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-03-26T19:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-45", - "aliases": [ - "CVE-2023-28858" - ], - "details": "redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3; however, CVE-2023-28859 is a separate vulnerability.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.2.0" - }, - { - "fixed": "4.3.6" - }, - { - "introduced": "4.4.0" - }, - { - "fixed": "4.4.3" - }, - { - "introduced": "4.5.0" - }, - { - "fixed": "4.5.3" - } - ] - } - ], - "versions": [ - "4.2.0", - "4.2.1", - "4.2.2", - "4.3.0", - "4.3.1", - "4.3.2", - "4.3.3", - "4.3.4", - "4.3.5", - "4.4.0", - "4.4.1", - "4.4.2", - "4.5.0", - "4.5.1", - "4.5.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/redis/PYSEC-2023-45.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/compare/v4.3.5...v4.3.6" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/2641" - }, - { - "type": "ARTICLE", - "url": "https://openai.com/blog/march-20-chatgpt-outage" - }, - { - "type": "REPORT", - "url": "https://github.com/redis/redis-py/issues/2624" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/compare/v4.4.2...v4.4.3" - }, - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/compare/v4.5.2...v4.5.3" - } - ] - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-03-26T19:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-46", - "aliases": [ - "CVE-2023-28859" - ], - "details": "redis-py through 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete fix for CVE-2023-28858.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "redis", - "purl": "pkg:pypi/redis" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "4.2.0" - }, - { - "fixed": "4.4.4" - }, - { - "introduced": "4.5.0" - }, - { - "fixed": "4.5.4" - } - ] - } - ], - "versions": [ - "4.2.0", - "4.2.1", - "4.2.2", - "4.3.0", - "4.3.1", - "4.3.2", - "4.3.3", - "4.3.4", - "4.3.5", - "4.3.6", - "4.4.0", - "4.4.0rc1", - "4.4.0rc2", - "4.4.0rc3", - "4.4.0rc4", - "4.4.1", - "4.4.2", - "4.4.3", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/redis/PYSEC-2023-46.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/redis/redis-py/pull/2641" - }, - { - "type": "REPORT", - "url": "https://github.com/redis/redis-py/issues/2665" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-24wv-mv5m-xv4h", - "PYSEC-2023-45" - ] - }, - { - "ids": [ - "GHSA-8fww-64cx-x8p5", - "PYSEC-2023-46" - ] - } - ] - }, - { - "package": { - "name": "requests", - "version": "2.28.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - }, - { - "package": { - "name": "werkzeug", - "version": "2.2.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:25Z", - "published": "2023-02-15T15:37:03Z", - "schema_version": "1.4.0", - "id": "GHSA-px8h-6qxv-m22q", - "aliases": [ - "CVE-2023-23934" - ], - "summary": "Incorrect parsing of nameless cookies leads to __Host- cookies bypass", - "details": "Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain.\n\nWerkzeug <= 2.2.2 will parse the cookie `=__Host-test=bad` as `__Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug", - "purl": "pkg:pypi/werkzeug" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.2.3" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.10.2", - "0.10.3", - "0.10.4", - "0.11", - "0.11.1", - "0.11.10", - "0.11.11", - "0.11.12", - "0.11.13", - "0.11.14", - "0.11.15", - "0.11.2", - "0.11.3", - "0.11.4", - "0.11.5", - "0.11.6", - "0.11.7", - "0.11.8", - "0.11.9", - "0.12", - "0.12.1", - "0.12.2", - "0.13", - "0.14", - "0.14.1", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.15.4", - "0.15.5", - "0.15.6", - "0.16.0", - "0.16.1", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.4.1", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "1.0.0", - "1.0.0rc1", - "1.0.1", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.0rc3", - "2.0.0rc4", - "2.0.0rc5", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.2.0", - "2.2.0a1", - "2.2.1", - "2.2.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-px8h-6qxv-m22q/GHSA-px8h-6qxv-m22q.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23934" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pallets/werkzeug" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/releases/tag/2.2.3" - } - ], - "database_specific": { - "cwe_ids": [], - "github_reviewed": true, - "github_reviewed_at": "2023-02-15T15:37:03Z", - "nvd_published_at": "2023-02-14T20:15:00Z", - "severity": "LOW" - } - }, - { - "modified": "2023-04-11T01:18:51Z", - "published": "2023-02-15T15:36:26Z", - "schema_version": "1.4.0", - "id": "GHSA-xg9f-g7g7-2323", - "aliases": [ - "CVE-2023-25577" - ], - "summary": "High resource usage when parsing multipart form data with many fields", - "details": "Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage.\n\nThis allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug", - "purl": "pkg:pypi/werkzeug" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.2.3" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.10.2", - "0.10.3", - "0.10.4", - "0.11", - "0.11.1", - "0.11.10", - "0.11.11", - "0.11.12", - "0.11.13", - "0.11.14", - "0.11.15", - "0.11.2", - "0.11.3", - "0.11.4", - "0.11.5", - "0.11.6", - "0.11.7", - "0.11.8", - "0.11.9", - "0.12", - "0.12.1", - "0.12.2", - "0.13", - "0.14", - "0.14.1", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.15.4", - "0.15.5", - "0.15.6", - "0.16.0", - "0.16.1", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.4.1", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "1.0.0", - "1.0.0rc1", - "1.0.1", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.0rc3", - "2.0.0rc4", - "2.0.0rc5", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.2.0", - "2.2.0a1", - "2.2.1", - "2.2.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-xg9f-g7g7-2323/GHSA-xg9f-g7g7-2323.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25577" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pallets/werkzeug" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/releases/tag/2.2.3" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-400", - "CWE-770" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-02-15T15:36:26Z", - "nvd_published_at": "2023-02-14T20:15:00Z", - "severity": "HIGH" - } - }, - { - "modified": "2023-05-04T03:49:48Z", - "published": "2023-02-14T20:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-57", - "aliases": [ - "CVE-2023-23934", - "GHSA-px8h-6qxv-m22q" - ], - "details": "Werkzeug is a comprehensive WSGI web application library. Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug", - "purl": "pkg:pypi/werkzeug" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "cf275f42acad1b5950c50ffe8ef58fe62cdce028" - } - ], - "repo": "https://github.com/pallets/werkzeug" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.2.3" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.10.2", - "0.10.3", - "0.10.4", - "0.11", - "0.11.1", - "0.11.10", - "0.11.11", - "0.11.12", - "0.11.13", - "0.11.14", - "0.11.15", - "0.11.2", - "0.11.3", - "0.11.4", - "0.11.5", - "0.11.6", - "0.11.7", - "0.11.8", - "0.11.9", - "0.12", - "0.12.1", - "0.12.2", - "0.13", - "0.14", - "0.14.1", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.15.4", - "0.15.5", - "0.15.6", - "0.16.0", - "0.16.1", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.4.1", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "1.0.0", - "1.0.0rc1", - "1.0.1", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.0rc3", - "2.0.0rc4", - "2.0.0rc5", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.2.0", - "2.2.0a1", - "2.2.1", - "2.2.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/werkzeug/PYSEC-2023-57.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q" - }, - { - "type": "FIX", - "url": "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/releases/tag/2.2.3" - } - ] - }, - { - "modified": "2023-05-04T03:49:48Z", - "published": "2023-02-14T20:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-58", - "aliases": [ - "CVE-2023-25577", - "GHSA-xg9f-g7g7-2323" - ], - "details": "Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug", - "purl": "pkg:pypi/werkzeug" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "517cac5a804e8c4dc4ed038bb20dacd038e7a9f1" - } - ], - "repo": "https://github.com/pallets/werkzeug" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "2.2.3" - } - ] - } - ], - "versions": [ - "0.1", - "0.10", - "0.10.1", - "0.10.2", - "0.10.3", - "0.10.4", - "0.11", - "0.11.1", - "0.11.10", - "0.11.11", - "0.11.12", - "0.11.13", - "0.11.14", - "0.11.15", - "0.11.2", - "0.11.3", - "0.11.4", - "0.11.5", - "0.11.6", - "0.11.7", - "0.11.8", - "0.11.9", - "0.12", - "0.12.1", - "0.12.2", - "0.13", - "0.14", - "0.14.1", - "0.15.0", - "0.15.1", - "0.15.2", - "0.15.3", - "0.15.4", - "0.15.5", - "0.15.6", - "0.16.0", - "0.16.1", - "0.2", - "0.3", - "0.3.1", - "0.4", - "0.4.1", - "0.5", - "0.5.1", - "0.6", - "0.6.1", - "0.6.2", - "0.7", - "0.7.1", - "0.7.2", - "0.8", - "0.8.1", - "0.8.2", - "0.8.3", - "0.9", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - "1.0.0", - "1.0.0rc1", - "1.0.1", - "2.0.0", - "2.0.0rc1", - "2.0.0rc2", - "2.0.0rc3", - "2.0.0rc4", - "2.0.0rc5", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1.0", - "2.1.1", - "2.1.2", - "2.2.0", - "2.2.0a1", - "2.2.1", - "2.2.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/werkzeug/PYSEC-2023-58.yaml" - } - } - ], - "references": [ - { - "type": "FIX", - "url": "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1" - }, - { - "type": "WEB", - "url": "https://github.com/pallets/werkzeug/releases/tag/2.2.3" - }, - { - "type": "ADVISORY", - "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-px8h-6qxv-m22q", - "PYSEC-2023-57" - ] - }, - { - "ids": [ - "GHSA-xg9f-g7g7-2323", - "PYSEC-2023-58" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/sail-requirements.audit.json b/audits/sail-requirements.audit.json deleted file mode 100644 index 1eaef073..00000000 --- a/audits/sail-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/sgr-requirements.audit.json b/audits/sgr-requirements.audit.json deleted file mode 100644 index 336c6a18..00000000 --- a/audits/sgr-requirements.audit.json +++ /dev/null @@ -1,1029 +0,0 @@ -[ - { - "package": { - "name": "certifi", - "version": "2022.6.15", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:23:07Z", - "published": "2022-12-07T23:05:18Z", - "schema_version": "1.4.0", - "id": "GHSA-43fp-rhv2-5gv8", - "aliases": [ - "CVE-2022-23491" - ], - "summary": "Certifi removing TrustCor root certificate", - "details": "Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store.\n\nTrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ).", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.05" - }, - { - "fixed": "2022.12.07" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-43fp-rhv2-5gv8/GHSA-43fp-rhv2-5gv8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23491" - }, - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8" - }, - { - "type": "PACKAGE", - "url": "https://github.com/certifi/python-certifi" - }, - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-345" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-07T23:05:18Z", - "nvd_published_at": "2022-12-07T22:15:00Z", - "severity": "MODERATE" - } - }, - { - "modified": "2023-05-04T03:49:45Z", - "published": "2022-12-07T22:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-42986", - "aliases": [ - "CVE-2022-23491", - "GHSA-43fp-rhv2-5gv8" - ], - "details": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.5" - }, - { - "fixed": "2022.12.7" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/certifi/PYSEC-2022-42986.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - }, - { - "type": "ADVISORY", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-43fp-rhv2-5gv8", - "PYSEC-2022-42986" - ] - } - ] - }, - { - "package": { - "name": "cryptography", - "version": "37.0.4", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:24:54Z", - "published": "2023-02-07T20:54:10Z", - "schema_version": "1.4.0", - "id": "GHSA-w7pp-m8wf-vj6r", - "aliases": [ - "CVE-2023-23931" - ], - "summary": "Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf", - "details": "Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n>>> outbuf = b\"\\x00\" * 32\n>>> c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n>>> c.update_into(b\"\\x00\" * 16, outbuf)\n16\n>>> outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "cryptography", - "purl": "pkg:pypi/cryptography" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.8" - }, - { - "fixed": "39.0.1" - } - ] - } - ], - "versions": [ - "1.8", - "1.8.1", - "1.8.2", - "1.9", - "2.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.1.4", - "2.2", - "2.2.1", - "2.2.2", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.4.2", - "2.5", - "2.6", - "2.6.1", - "2.7", - "2.8", - "2.9", - "2.9.1", - "2.9.2", - "3.0", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.3", - "3.3.1", - "3.3.2", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.4.5", - "3.4.6", - "3.4.7", - "3.4.8", - "35.0.0", - "36.0.0", - "36.0.1", - "36.0.2", - "37.0.0", - "37.0.1", - "37.0.2", - "37.0.3", - "37.0.4", - "38.0.0", - "38.0.1", - "38.0.2", - "38.0.3", - "38.0.4", - "39.0.0" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-w7pp-m8wf-vj6r/GHSA-w7pp-m8wf-vj6r.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "cryptography.hazmat.primitives.ciphers.Cipher" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931" - }, - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pyca/cryptography" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-754" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-02-07T20:54:10Z", - "nvd_published_at": "2023-02-07T21:15:00Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-w7pp-m8wf-vj6r" - ] - } - ] - }, - { - "package": { - "name": "joblib", - "version": "1.1.0", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-03-08T05:12:57Z", - "published": "2022-09-27T00:00:22Z", - "schema_version": "1.4.0", - "id": "GHSA-6hrg-qmvc-2xh8", - "aliases": [ - "CVE-2022-21797" - ], - "summary": "joblib vulnerable to arbitrary code execution", - "details": "The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the `pre_dispatch` flag in `Parallel()` class due to the `eval()` statement.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "joblib", - "purl": "pkg:pypi/joblib" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.2.0" - } - ] - } - ], - "versions": [ - "0.10.0", - "0.10.2", - "0.10.3", - "0.11", - "0.11a3", - "0.12.0", - "0.12.1", - "0.12.2", - "0.12.3", - "0.12.4", - "0.12.5", - "0.13.0", - "0.13.1", - "0.13.2", - "0.14.0", - "0.14.1", - "0.15.0", - "0.15.1", - "0.16.0", - "0.17.0", - "0.1a", - "0.1a.dev", - "0.2a.dev", - "0.3.1a.dev", - "0.3.2.dev", - "0.3.2a.dev", - "0.3.2b.dev", - "0.3.2c.dev", - "0.3.2d", - "0.3.2d.dev", - "0.3.2e.dev", - "0.3.2f", - "0.3.2f.dev", - "0.3.2g.dev", - "0.3.3a.dev", - "0.3.3b.dev", - "0.3.3c.dev", - "0.3.4.dev", - "0.3.5.dev", - "0.3.6.dev", - "0.3.7.dev", - "0.3a.dev", - "0.4.0.dev", - "0.4.1.dev", - "0.4.2.dev", - "0.4.3.dev", - "0.4.4.dev", - "0.4.5.dev", - "0.4.6.dev", - "0.5.0.dev", - "0.5.0a.dev", - "0.5.1.dev", - "0.5.2.dev", - "0.5.3.dev", - "0.5.4.dev", - "0.5.5.dev", - "0.5.6.dev", - "0.5.7", - "0.5.7.dev", - "0.5.7a", - "0.5.7a.dev", - "0.5.7b.dev", - "0.6.0", - "0.6.0a", - "0.6.0b", - "0.6.0b2", - "0.6.0b3", - "0.6.1", - "0.6.2", - "0.6.3", - "0.6.4", - "0.6.5", - "0.7.0a", - "0.7.0b", - "0.7.0c", - "0.7.0d", - "0.7.1", - "0.8.0", - "0.8.0a", - "0.8.0a2", - "0.8.0a3", - "0.8.1", - "0.8.2", - "0.8.3", - "0.8.3-r1", - "0.8.4", - "0.9.0b2", - "0.9.0b3", - "0.9.0b4", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "1.0.0", - "1.0.1", - "1.1.0", - "1.1.0a0", - "1.1.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-6hrg-qmvc-2xh8/GHSA-6hrg-qmvc-2xh8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21797" - }, - { - "type": "WEB", - "url": "https://github.com/joblib/joblib/issues/1128" - }, - { - "type": "WEB", - "url": "https://github.com/joblib/joblib/pull/1321" - }, - { - "type": "WEB", - "url": "https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059" - }, - { - "type": "PACKAGE", - "url": "https://github.com/joblib/joblib" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00020.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MJ5XTJS6OKJRRVXWFN5J67K3BYPEOBDF/" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033" - } - ], - "database_specific": { - "cwe_ids": [], - "github_reviewed": true, - "github_reviewed_at": "2022-09-30T04:44:04Z", - "nvd_published_at": "2022-09-26T05:15:00Z", - "severity": "CRITICAL" - } - }, - { - "modified": "2022-10-10T13:42:48Z", - "published": "2022-09-26T05:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-288", - "aliases": [ - "CVE-2022-21797" - ], - "details": "The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "joblib", - "purl": "pkg:pypi/joblib" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "b90f10efeb670a2cc877fb88ebb3f2019189e059" - } - ], - "repo": "https://github.com/joblib/joblib" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1.2.0" - } - ] - } - ], - "versions": [ - "0.10.0", - "0.10.2", - "0.10.3", - "0.11", - "0.11a3", - "0.12.0", - "0.12.1", - "0.12.2", - "0.12.3", - "0.12.4", - "0.12.5", - "0.13.0", - "0.13.1", - "0.13.2", - "0.14.0", - "0.14.1", - "0.15.0", - "0.15.1", - "0.16.0", - "0.17.0", - "0.1a", - "0.1a.dev", - "0.2a.dev", - "0.3.1a.dev", - "0.3.2.dev", - "0.3.2a.dev", - "0.3.2b.dev", - "0.3.2c.dev", - "0.3.2d", - "0.3.2d.dev", - "0.3.2e.dev", - "0.3.2f", - "0.3.2f.dev", - "0.3.2g.dev", - "0.3.3a.dev", - "0.3.3b.dev", - "0.3.3c.dev", - "0.3.4.dev", - "0.3.5.dev", - "0.3.6.dev", - "0.3.7.dev", - "0.3a.dev", - "0.4.0.dev", - "0.4.1.dev", - "0.4.2.dev", - "0.4.3.dev", - "0.4.4.dev", - "0.4.5.dev", - "0.4.6.dev", - "0.5.0.dev", - "0.5.0a.dev", - "0.5.1.dev", - "0.5.2.dev", - "0.5.3.dev", - "0.5.4.dev", - "0.5.5.dev", - "0.5.6.dev", - "0.5.7", - "0.5.7.dev", - "0.5.7a", - "0.5.7a.dev", - "0.5.7b.dev", - "0.6.0", - "0.6.0a", - "0.6.0b", - "0.6.0b2", - "0.6.0b3", - "0.6.1", - "0.6.2", - "0.6.3", - "0.6.4", - "0.6.5", - "0.7.0a", - "0.7.0b", - "0.7.0c", - "0.7.0d", - "0.7.1", - "0.8.0", - "0.8.0a", - "0.8.0a2", - "0.8.0a3", - "0.8.1", - "0.8.2", - "0.8.3", - "0.8.3-r1", - "0.8.4", - "0.9.0b2", - "0.9.0b3", - "0.9.0b4", - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "1.0.0", - "1.0.1", - "1.1.0", - "1.1.0a0", - "1.1.1" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/joblib/PYSEC-2022-288.yaml" - } - } - ], - "references": [ - { - "type": "FIX", - "url": "https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059" - }, - { - "type": "REPORT", - "url": "https://github.com/joblib/joblib/issues/1128" - }, - { - "type": "WEB", - "url": "https://github.com/joblib/joblib/pull/1321" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-6hrg-qmvc-2xh8", - "PYSEC-2022-288" - ] - } - ] - }, - { - "package": { - "name": "requests", - "version": "2.28.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/sickchill-requirements.audit.json b/audits/sickchill-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/sickchill-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/snapcraft-requirements.audit.json b/audits/snapcraft-requirements.audit.json deleted file mode 100644 index fcd538e5..00000000 --- a/audits/snapcraft-requirements.audit.json +++ /dev/null @@ -1,660 +0,0 @@ -[ - { - "package": { - "name": "certifi", - "version": "2022.9.24", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:23:07Z", - "published": "2022-12-07T23:05:18Z", - "schema_version": "1.4.0", - "id": "GHSA-43fp-rhv2-5gv8", - "aliases": [ - "CVE-2022-23491" - ], - "summary": "Certifi removing TrustCor root certificate", - "details": "Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store.\n\nTrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ).", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.05" - }, - { - "fixed": "2022.12.07" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-43fp-rhv2-5gv8/GHSA-43fp-rhv2-5gv8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23491" - }, - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8" - }, - { - "type": "PACKAGE", - "url": "https://github.com/certifi/python-certifi" - }, - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-345" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-07T23:05:18Z", - "nvd_published_at": "2022-12-07T22:15:00Z", - "severity": "MODERATE" - } - }, - { - "modified": "2023-05-04T03:49:45Z", - "published": "2022-12-07T22:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-42986", - "aliases": [ - "CVE-2022-23491", - "GHSA-43fp-rhv2-5gv8" - ], - "details": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.5" - }, - { - "fixed": "2022.12.7" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/certifi/PYSEC-2022-42986.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - }, - { - "type": "ADVISORY", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-43fp-rhv2-5gv8", - "PYSEC-2022-42986" - ] - } - ] - }, - { - "package": { - "name": "cryptography", - "version": "3.4", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:24:54Z", - "published": "2023-02-07T20:54:10Z", - "schema_version": "1.4.0", - "id": "GHSA-w7pp-m8wf-vj6r", - "aliases": [ - "CVE-2023-23931" - ], - "summary": "Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf", - "details": "Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n>>> outbuf = b\"\\x00\" * 32\n>>> c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n>>> c.update_into(b\"\\x00\" * 16, outbuf)\n16\n>>> outbuf\nb'\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "cryptography", - "purl": "pkg:pypi/cryptography" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.8" - }, - { - "fixed": "39.0.1" - } - ] - } - ], - "versions": [ - "1.8", - "1.8.1", - "1.8.2", - "1.9", - "2.0", - "2.0.1", - "2.0.2", - "2.0.3", - "2.1", - "2.1.1", - "2.1.2", - "2.1.3", - "2.1.4", - "2.2", - "2.2.1", - "2.2.2", - "2.3", - "2.3.1", - "2.4", - "2.4.1", - "2.4.2", - "2.5", - "2.6", - "2.6.1", - "2.7", - "2.8", - "2.9", - "2.9.1", - "2.9.2", - "3.0", - "3.1", - "3.1.1", - "3.2", - "3.2.1", - "3.3", - "3.3.1", - "3.3.2", - "3.4", - "3.4.1", - "3.4.2", - "3.4.3", - "3.4.4", - "3.4.5", - "3.4.6", - "3.4.7", - "3.4.8", - "35.0.0", - "36.0.0", - "36.0.1", - "36.0.2", - "37.0.0", - "37.0.1", - "37.0.2", - "37.0.3", - "37.0.4", - "38.0.0", - "38.0.1", - "38.0.2", - "38.0.3", - "38.0.4", - "39.0.0" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-w7pp-m8wf-vj6r/GHSA-w7pp-m8wf-vj6r.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "cryptography.hazmat.primitives.ciphers.Cipher" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931" - }, - { - "type": "WEB", - "url": "https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3" - }, - { - "type": "PACKAGE", - "url": "https://github.com/pyca/cryptography" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-754" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-02-07T20:54:10Z", - "nvd_published_at": "2023-02-07T21:15:00Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-w7pp-m8wf-vj6r" - ] - } - ] - }, - { - "package": { - "name": "requests", - "version": "2.28.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/terminator-requirements.audit.json b/audits/terminator-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/terminator-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/tern-requirements.audit.json b/audits/tern-requirements.audit.json deleted file mode 100644 index 1eaef073..00000000 --- a/audits/tern-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.28.2", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/theharvester-requirements.audit.json b/audits/theharvester-requirements.audit.json deleted file mode 100644 index cebe897f..00000000 --- a/audits/theharvester-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.30.0", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/torchvision-requirements.audit.json b/audits/torchvision-requirements.audit.json deleted file mode 100644 index cebe897f..00000000 --- a/audits/torchvision-requirements.audit.json +++ /dev/null @@ -1,315 +0,0 @@ -[ - { - "package": { - "name": "requests", - "version": "2.30.0", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/twarc-requirements.audit.json b/audits/twarc-requirements.audit.json deleted file mode 100644 index 59736f6f..00000000 --- a/audits/twarc-requirements.audit.json +++ /dev/null @@ -1,107 +0,0 @@ -[ - { - "package": { - "name": "configobj", - "version": "5.0.8", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:48:23Z", - "published": "2023-04-03T06:30:19Z", - "schema_version": "1.4.0", - "id": "GHSA-c33w-24p9-8m24", - "aliases": [ - "CVE-2023-26112" - ], - "summary": "configobj ReDoS exploitable by developer using values in a server-side configuration file", - "details": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "configobj", - "purl": "pkg:pypi/configobj" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "5.0.8" - } - ] - } - ], - "versions": [ - "4.4.0", - "4.5.0", - "4.5.1", - "4.5.2", - "4.5.3", - "4.6.0", - "4.7.0", - "4.7.1", - "4.7.2", - "5.0.0", - "5.0.1", - "5.0.2", - "5.0.3", - "5.0.4", - "5.0.5", - "5.0.6", - "5.0.7", - "5.0.8" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-c33w-24p9-8m24/GHSA-c33w-24p9-8m24.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" - }, - { - "type": "WEB", - "url": "https://github.com/DiffSK/configobj/issues/232" - }, - { - "type": "PACKAGE", - "url": "https://github.com/DiffSK/configobj" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-1333" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-04-04T21:40:45Z", - "nvd_published_at": "2023-04-03T05:15:00Z", - "severity": "LOW" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-c33w-24p9-8m24" - ] - } - ] - } -] \ No newline at end of file diff --git a/audits/zabbix-cli-requirements.audit.json b/audits/zabbix-cli-requirements.audit.json deleted file mode 100644 index 84cde7a7..00000000 --- a/audits/zabbix-cli-requirements.audit.json +++ /dev/null @@ -1,507 +0,0 @@ -[ - { - "package": { - "name": "certifi", - "version": "2022.9.24", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-04-11T01:23:07Z", - "published": "2022-12-07T23:05:18Z", - "schema_version": "1.4.0", - "id": "GHSA-43fp-rhv2-5gv8", - "aliases": [ - "CVE-2022-23491" - ], - "summary": "Certifi removing TrustCor root certificate", - "details": "Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store.\n\nTrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ).", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.05" - }, - { - "fixed": "2022.12.07" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-43fp-rhv2-5gv8/GHSA-43fp-rhv2-5gv8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23491" - }, - { - "type": "WEB", - "url": "https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8" - }, - { - "type": "PACKAGE", - "url": "https://github.com/certifi/python-certifi" - }, - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-345" - ], - "github_reviewed": true, - "github_reviewed_at": "2022-12-07T23:05:18Z", - "nvd_published_at": "2022-12-07T22:15:00Z", - "severity": "MODERATE" - } - }, - { - "modified": "2023-05-04T03:49:45Z", - "published": "2022-12-07T22:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2022-42986", - "aliases": [ - "CVE-2022-23491", - "GHSA-43fp-rhv2-5gv8" - ], - "details": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi", - "purl": "pkg:pypi/certifi" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2017.11.5" - }, - { - "fixed": "2022.12.7" - } - ] - } - ], - "versions": [ - "2017.11.5", - "2018.1.18", - "2018.10.15", - "2018.11.29", - "2018.4.16", - "2018.8.13", - "2018.8.24", - "2019.11.28", - "2019.3.9", - "2019.6.16", - "2019.9.11", - "2020.11.8", - "2020.12.5", - "2020.4.5", - "2020.4.5.1", - "2020.4.5.2", - "2020.6.20", - "2021.10.8", - "2021.5.30", - "2022.5.18", - "2022.5.18.1", - "2022.6.15", - "2022.6.15.1", - "2022.6.15.2", - "2022.9.14", - "2022.9.24" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/certifi/PYSEC-2022-42986.yaml" - } - } - ], - "references": [ - { - "type": "WEB", - "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ" - }, - { - "type": "ADVISORY", - "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-43fp-rhv2-5gv8", - "PYSEC-2022-42986" - ] - } - ] - }, - { - "package": { - "name": "requests", - "version": "2.28.1", - "ecosystem": "PyPI" - }, - "vulnerabilities": [ - { - "modified": "2023-06-20T14:40:07Z", - "published": "2023-05-22T20:36:32Z", - "schema_version": "1.4.0", - "id": "GHSA-j8r2-6x86-q33q", - "aliases": [ - "CVE-2023-32681" - ], - "summary": "Unintended leak of Proxy-Authorization header in requests", - "details": "### Impact\n\nSince Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how `rebuild_proxies` is used to recompute and [reattach the `Proxy-Authorization` header](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/sessions.py#L319-L328) to requests when redirected. Note this behavior has _only_ been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. `https://username:password@proxy:8080`).\n\n**Current vulnerable behavior(s):**\n\n1. HTTP \u2192 HTTPS: **leak**\n2. HTTPS \u2192 HTTP: **no leak**\n3. HTTPS \u2192 HTTPS: **leak**\n4. HTTP \u2192 HTTP: **no leak**\n\nFor HTTP connections sent through the proxy, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into further tunneled requests. This results in Requests forwarding the header to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate those credentials.\n\nThe reason this currently works for HTTPS connections in Requests is the `Proxy-Authorization` header is also handled by urllib3 with our usage of the ProxyManager in adapters.py with [`proxy_manager_for`](https://github.com/psf/requests/blob/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773/requests/adapters.py#L199-L235). This will compute the required proxy headers in `proxy_headers` and pass them to the Proxy Manager, avoiding attaching them directly to the Request object. This will be our preferred option going forward for default usage.\n\n### Patches\nStarting in Requests v2.31.0, Requests will no longer attach this header to redirects with an HTTPS destination. This should have no negative impacts on the default behavior of the library as the proxy credentials are already properly being handled by urllib3's ProxyManager.\n\nFor users with custom adapters, this _may_ be potentially breaking if you were already working around this behavior. The previous functionality of `rebuild_proxies` doesn't make sense in any case, so we would encourage any users impacted to migrate any handling of Proxy-Authorization directly into their custom adapter.\n\n### Workarounds\nFor users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting `allow_redirects` to `False` on all calls through Requests top-level APIs. Note that if you're currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n```\nimport requests\nr = requests.get('http://github.com/', allow_redirects=False)\n```\n\n### Credits\n\nThis vulnerability was discovered and disclosed by the following individuals.\n\nDennis Brinkrolf, Haxolot (https://haxolot.com/)\nTobias Funke, (tobiasfunke93@gmail.com)", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-j8r2-6x86-q33q/GHSA-j8r2-6x86-q33q.json" - }, - "ecosystem_specific": { - "affected_functions": [ - "requests.sessions.SessionRedirectMixin.rebuild_proxies" - ] - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "PACKAGE", - "url": "https://github.com/psf/requests" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "WEB", - "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-05-22T20:36:32Z", - "nvd_published_at": null, - "severity": "MODERATE" - } - }, - { - "modified": "2023-06-05T01:13:00Z", - "published": "2023-05-26T18:15:00Z", - "schema_version": "1.4.0", - "id": "PYSEC-2023-74", - "aliases": [ - "CVE-2023-32681", - "GHSA-j8r2-6x86-q33q" - ], - "details": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", - "affected": [ - { - "package": { - "ecosystem": "PyPI", - "name": "requests", - "purl": "pkg:pypi/requests" - }, - "ranges": [ - { - "type": "GIT", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - } - ], - "repo": "https://github.com/psf/requests" - }, - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.3.0" - }, - { - "fixed": "2.31.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.11.0", - "2.11.1", - "2.12.0", - "2.12.1", - "2.12.2", - "2.12.3", - "2.12.4", - "2.12.5", - "2.13.0", - "2.14.0", - "2.14.1", - "2.14.2", - "2.15.0", - "2.15.1", - "2.16.0", - "2.16.1", - "2.16.2", - "2.16.3", - "2.16.4", - "2.16.5", - "2.17.0", - "2.17.1", - "2.17.2", - "2.17.3", - "2.18.0", - "2.18.1", - "2.18.2", - "2.18.3", - "2.18.4", - "2.19.0", - "2.19.1", - "2.20.0", - "2.20.1", - "2.21.0", - "2.22.0", - "2.23.0", - "2.24.0", - "2.25.0", - "2.25.1", - "2.26.0", - "2.27.0", - "2.27.1", - "2.28.0", - "2.28.1", - "2.28.2", - "2.29.0", - "2.3.0", - "2.30.0", - "2.4.0", - "2.4.1", - "2.4.2", - "2.4.3", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.7.0", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2" - ], - "database_specific": { - "source": "https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2023-74.yaml" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" - }, - { - "type": "WEB", - "url": "https://github.com/psf/requests/releases/tag/v2.31.0" - }, - { - "type": "FIX", - "url": "https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/" - } - ] - } - ], - "groups": [ - { - "ids": [ - "GHSA-j8r2-6x86-q33q", - "PYSEC-2023-74" - ] - } - ] - } -] \ No newline at end of file diff --git a/requirements/adb-enhanced-requirements.txt b/requirements/adb-enhanced-requirements.txt deleted file mode 100644 index 0a9f3373..00000000 --- a/requirements/adb-enhanced-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -docopt==0.6.2 -psutil==5.9.5 diff --git a/requirements/adr-viewer-requirements.txt b/requirements/adr-viewer-requirements.txt deleted file mode 100644 index 335fca08..00000000 --- a/requirements/adr-viewer-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -beautifulsoup4==4.11.2 -bottle==0.12.25 -bs4==0.0.1 -click==8.1.3 -Jinja2==3.1.2 -MarkupSafe==2.1.2 -mistune==2.0.5 -soupsieve==2.4 diff --git a/requirements/airshare-requirements.txt b/requirements/airshare-requirements.txt deleted file mode 100644 index 27f47c66..00000000 --- a/requirements/airshare-requirements.txt +++ /dev/null @@ -1,22 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -asyncio==3.4.3 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.6 -frozenlist==1.3.3 -humanize==4.6.0 -idna==3.4 -ifaddr==0.2.0 -multidict==6.0.4 -pyperclip==1.8.2 -requests==2.31.0 -requests-toolbelt==1.0.0 -termcolor==2.3.0 -tqdm==4.65.0 -urllib3==2.0.2 -yarl==1.9.2 -zeroconf==0.62.0 diff --git a/requirements/aiven-client-requirements.txt b/requirements/aiven-client-requirements.txt deleted file mode 100644 index 8095b7e9..00000000 --- a/requirements/aiven-client-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/all-repos-requirements.txt b/requirements/all-repos-requirements.txt deleted file mode 100644 index 34b0fae2..00000000 --- a/requirements/all-repos-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -identify==2.5.24 -packaging==23.1 diff --git a/requirements/alot-requirements.txt b/requirements/alot-requirements.txt deleted file mode 100644 index ba3c8b82..00000000 --- a/requirements/alot-requirements.txt +++ /dev/null @@ -1,13 +0,0 @@ -attrs==22.1.0 -Automat==22.10.0 -configobj==5.0.6 -constantly==15.1.0 -hyperlink==21.0.0 -idna==3.4 -incremental==22.10.0 -mock==4.0.3 -python-magic==0.4.27 -Twisted==22.10.0 -urwid==2.1.2 -urwidtrees==1.0.3 -zope.interface==5.5.2 diff --git a/requirements/animdl-requirements.txt b/requirements/animdl-requirements.txt deleted file mode 100644 index f9d4246b..00000000 --- a/requirements/animdl-requirements.txt +++ /dev/null @@ -1,24 +0,0 @@ -anchor-kr==0.1.3 -anitopy==2.1.1 -anyio==3.7.0 -certifi==2023.5.7 -click==8.1.3 -comtypes==1.1.14 -cssselect==1.2.0 -h11==0.14.0 -httpcore==0.16.3 -httpx==0.23.3 -idna==3.4 -lxml==4.9.1 -markdown-it-py==2.2.0 -mdurl==0.1.2 -multidict==6.0.4 -packaging==23.1 -pkginfo==1.9.6 -pycryptodomex==3.14.1 -regex==2022.10.31 -rfc3986==1.5.0 -rich==13.3.3 -sniffio==1.3.0 -tqdm==4.65.0 -yarl==1.8.2 diff --git a/requirements/anime-downloader-requirements.txt b/requirements/anime-downloader-requirements.txt deleted file mode 100644 index 79636317..00000000 --- a/requirements/anime-downloader-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -appdirs==1.4.4 -attrs==22.1.0 -beautifulsoup4==4.11.1 -cattrs==22.2.0 -certifi==2022.12.7 -cfscrape==2.1.1 -charset-normalizer==2.1.1 -click==8.1.3 -coloredlogs==15.0.1 -fuzzywuzzy==0.18.0 -humanfriendly==10.0 -idna==3.4 -pycryptodome==3.16.0 -pySmartDL==1.3.4 -requests==2.28.1 -requests-cache==0.9.7 -soupsieve==2.3.2.post1 -url-normalize==1.4.3 -urllib3==1.26.13 diff --git a/requirements/ansible-lint-requirements.txt b/requirements/ansible-lint-requirements.txt deleted file mode 100644 index 7c8849b7..00000000 --- a/requirements/ansible-lint-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -ansible-compat==4.1.2 -attrs==23.1.0 -bracex==2.3.post1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -filelock==3.12.2 -idna==3.4 -jsonschema==4.17.3 -markdown-it-py==3.0.0 -mdurl==0.1.2 -packaging==23.1 -pyrsistent==0.19.3 -requests==2.31.0 -rich==13.4.2 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -subprocess-tee==0.4.1 -urllib3==2.0.3 -wcmatch==8.4.1 diff --git a/requirements/ansible-requirements.txt b/requirements/ansible-requirements.txt deleted file mode 100644 index c4c69713..00000000 --- a/requirements/ansible-requirements.txt +++ /dev/null @@ -1,98 +0,0 @@ -ansible-core==2.15.1 -apache-libcloud==3.7.0 -appdirs==1.4.4 -attrs==23.1.0 -autopage==0.5.1 -bcrypt==4.0.1 -boto3==1.26.159 -botocore==1.29.159 -cachetools==5.3.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cliff==4.3.0 -cmd2==2.4.3 -cryptography==41.0.1 -debtcollector==2.5.0 -decorator==5.1.1 -dnspython==2.3.0 -docker==6.1.3 -dogpile-cache==1.2.1 -future==0.18.3 -google-auth==2.20.0 -idna==3.4 -importlib-metadata==6.7.0 -iso8601==2.0.0 -jinja2==3.1.2 -jmespath==1.0.1 -jsonpatch==1.32 -jsonpointer==2.3 -junos-eznc==2.6.7 -jxmlease==1.0.3 -kerberos==1.3.1 -keystoneauth1==5.2.1 -kubernetes==26.1.0 -lxml==4.9.2 -markupsafe==2.1.3 -msgpack==1.0.5 -ncclient==0.6.13 -netaddr==0.8.0 -netifaces==0.11.0 -ntc-templates==3.4.0 -oauthlib==3.2.2 -openshift==0.13.1 -openstacksdk==1.3.0 -os-client-config==2.1.0 -os-service-types==1.7.0 -osc-lib==2.8.0 -oslo-config==9.1.1 -oslo-context==5.1.1 -oslo-i18n==6.0.0 -oslo-log==5.2.0 -oslo-serialization==5.1.1 -oslo-utils==6.1.0 -packaging==23.1 -paramiko==3.2.0 -passlib==1.7.4 -pbr==5.11.1 -pexpect==4.8.0 -prettytable==3.8.0 -proxmoxer==2.0.1 -ptyprocess==0.7.0 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pynacl==1.5.0 -pyparsing==3.1.0 -pyperclip==1.8.2 -pyserial==3.5 -pysphere3==0.1.8 -pyspnego==0.9.1 -python-consul==1.1.0 -python-dateutil==2.8.2 -python-keystoneclient==5.1.0 -python-neutronclient==10.0.0 -python-string-utils==1.0.0 -pytz==2023.3 -pywinrm==0.4.3 -requests==2.31.0 -requests-credssp==2.0.0 -requests-ntlm==1.2.0 -requests-oauthlib==1.3.1 -requestsexceptions==1.4.0 -resolvelib==1.0.1 -rfc3986==2.0.0 -rsa==4.9 -s3transfer==0.6.1 -scp==0.14.5 -shade==1.33.0 -simplejson==3.19.1 -stevedore==5.1.0 -textfsm==1.1.3 -transitions==0.9.0 -urllib3==1.26.16 -wcwidth==0.2.6 -websocket-client==1.6.0 -wrapt==1.15.0 -xmltodict==0.13.0 -yamlordereddictloader==0.4.0 -zabbix-api==0.5.6 -zipp==3.15.0 diff --git a/requirements/arcade-learning-environment-requirements.txt b/requirements/arcade-learning-environment-requirements.txt deleted file mode 100644 index 60f1a47f..00000000 --- a/requirements/arcade-learning-environment-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -importlib-resources==5.12.0 diff --git a/requirements/archey4-requirements.txt b/requirements/archey4-requirements.txt deleted file mode 100644 index c0f8229d..00000000 --- a/requirements/archey4-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -distro==1.8.0 -netifaces==0.11.0 diff --git a/requirements/arjun-requirements.txt b/requirements/arjun-requirements.txt deleted file mode 100644 index bdb90aaa..00000000 --- a/requirements/arjun-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -dicttoxml==1.7.16 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/arxiv_latex_cleaner-requirements.txt b/requirements/arxiv_latex_cleaner-requirements.txt deleted file mode 100644 index 03a73bae..00000000 --- a/requirements/arxiv_latex_cleaner-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -absl-py==1.4.0 -regex==2023.6.3 diff --git a/requirements/astrometry-net-requirements.txt b/requirements/astrometry-net-requirements.txt deleted file mode 100644 index d602846b..00000000 --- a/requirements/astrometry-net-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -fitsio==1.1.8 diff --git a/requirements/athenacli-requirements.txt b/requirements/athenacli-requirements.txt deleted file mode 100644 index dea7e0fd..00000000 --- a/requirements/athenacli-requirements.txt +++ /dev/null @@ -1,16 +0,0 @@ -boto3==1.26.121 -botocore==1.29.121 -cli-helpers==2.3.0 -click==8.1.3 -configobj==5.0.8 -fsspec==2023.4.0 -jmespath==1.0.1 -prompt-toolkit==3.0.38 -pyathena==2.25.2 -pygments==2.11.1 -python-dateutil==2.8.2 -s3transfer==0.6.0 -sqlparse==0.4.4 -tenacity==8.2.2 -urllib3==1.26.15 -wcwidth==0.2.6 diff --git a/requirements/autopep8-requirements.txt b/requirements/autopep8-requirements.txt deleted file mode 100644 index 9f62a69a..00000000 --- a/requirements/autopep8-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pycodestyle==2.10.0 diff --git a/requirements/aws-elasticbeanstalk-requirements.txt b/requirements/aws-elasticbeanstalk-requirements.txt deleted file mode 100644 index 9e962298..00000000 --- a/requirements/aws-elasticbeanstalk-requirements.txt +++ /dev/null @@ -1,32 +0,0 @@ -attrs==23.1.0 -bcrypt==4.0.1 -blessed==1.20.0 -botocore==1.29.158 -cached-property==1.5.2 -cement==2.8.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorama==0.4.3 -cryptography==41.0.1 -docker==4.4.4 -docker-compose==1.25.5 -dockerpty==0.4.1 -docopt==0.6.2 -idna==3.4 -jmespath==1.0.1 -jsonschema==3.2.0 -paramiko==3.2.0 -pathspec==0.10.1 -pycparser==2.21 -pynacl==1.5.0 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -pyyaml==5.4.1 -requests==2.31.0 -semantic-version==2.8.5 -six==1.14.0 -termcolor==1.1.0 -texttable==1.6.7 -urllib3==1.26.16 -wcwidth==0.1.9 -websocket-client==0.59.0 diff --git a/requirements/aws-google-auth-requirements.txt b/requirements/aws-google-auth-requirements.txt deleted file mode 100644 index 267dcd39..00000000 --- a/requirements/aws-google-auth-requirements.txt +++ /dev/null @@ -1,22 +0,0 @@ -beautifulsoup4==4.12.2 -boto3==1.26.138 -botocore==1.29.138 -certifi==2023.5.7 -charset-normalizer==3.1.0 -configparser==5.3.0 -filelock==3.12.0 -idna==3.4 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -jmespath==1.0.1 -keyring==23.13.1 -keyrings-alt==4.2.0 -lxml==4.9.2 -more-itertools==9.1.0 -python-dateutil==2.8.2 -requests==2.31.0 -s3transfer==0.6.1 -soupsieve==2.4.1 -tzlocal==5.0.1 -urllib3==1.26.15 -zipp==3.15.0 diff --git a/requirements/aws-sam-cli-requirements.txt b/requirements/aws-sam-cli-requirements.txt deleted file mode 100644 index b0f2f86f..00000000 --- a/requirements/aws-sam-cli-requirements.txt +++ /dev/null @@ -1,60 +0,0 @@ -arrow==1.2.3 -attrs==23.1.0 -aws-lambda-builders==1.34.0 -aws-sam-translator==1.70.0 -binaryornot==0.4.4 -boto3==1.26.161 -botocore==1.29.161 -certifi==2023.5.7 -cfn-lint==0.77.10 -chardet==5.1.0 -charset-normalizer==3.1.0 -chevron==0.14.0 -click==8.1.3 -cookiecutter==2.1.1 -cryptography==41.0.1 -dateparser==1.1.8 -docker==6.1.3 -flask==2.2.5 -idna==3.4 -itsdangerous==2.1.2 -jinja2==3.1.2 -jinja2-time==0.2.0 -jmespath==1.0.1 -jschema-to-python==1.2.3 -jsonpatch==1.33 -jsonpickle==3.0.1 -jsonpointer==2.4 -jsonschema==4.17.3 -junit-xml==1.9 -markdown-it-py==2.2.0 -markupsafe==2.1.3 -mdurl==0.1.2 -mpmath==1.3.0 -networkx==3.1 -packaging==23.1 -pbr==5.11.1 -pydantic==1.10.9 -pyopenssl==23.2.0 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -python-slugify==8.0.1 -pytz==2023.3 -pyyaml==5.4.1 -regex==2023.6.3 -requests==2.31.0 -rich==13.3.5 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -s3transfer==0.6.1 -sarif-om==1.0.4 -serverlessrepo==0.1.10 -sympy==1.12 -text-unidecode==1.3 -tomlkit==0.11.8 -tzlocal==3.0 -urllib3==1.26.16 -watchdog==2.1.2 -websocket-client==1.6.1 -werkzeug==2.3.6 -wheel==0.40.0 diff --git a/requirements/aws-shell-requirements.txt b/requirements/aws-shell-requirements.txt deleted file mode 100644 index eb7bd58a..00000000 --- a/requirements/aws-shell-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -awscli==1.27.121 -boto3==1.26.121 -botocore==1.29.121 -colorama==0.4.4 -configobj==5.0.8 -jmespath==1.0.1 -prompt-toolkit==1.0.18 -pyasn1==0.5.0 -python-dateutil==2.8.2 -pyyaml==5.4.1 -rsa==4.7.2 -s3transfer==0.6.0 -urllib3==1.26.15 -wcwidth==0.2.6 diff --git a/requirements/aws-sso-util-requirements.txt b/requirements/aws-sso-util-requirements.txt deleted file mode 100644 index dfcef71a..00000000 --- a/requirements/aws-sso-util-requirements.txt +++ /dev/null @@ -1,17 +0,0 @@ -attrs==23.1.0 -aws-error-utils==2.7.0 -aws-sso-lib==1.14.0 -boto3==1.26.138 -botocore==1.29.138 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -idna==3.4 -jmespath==1.0.1 -jsonschema==3.2.0 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -pyyaml==5.4.1 -requests==2.31.0 -s3transfer==0.6.1 -urllib3==1.26.15 diff --git a/requirements/aws2-wrap-requirements.txt b/requirements/aws2-wrap-requirements.txt deleted file mode 100644 index 069e31c6..00000000 --- a/requirements/aws2-wrap-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -psutil==5.9.4 diff --git a/requirements/awscli-requirements.txt b/requirements/awscli-requirements.txt deleted file mode 100644 index e9faff54..00000000 --- a/requirements/awscli-requirements.txt +++ /dev/null @@ -1,11 +0,0 @@ -awscrt==0.16.16 -colorama==0.4.6 -cryptography==40.0.1 -distro==1.8.0 -jmespath==1.0.1 -prompt-toolkit==3.0.38 -python-dateutil==2.8.2 -ruamel-yaml==0.17.21 -ruamel-yaml-clib==0.2.7 -urllib3==1.26.16 -wcwidth==0.2.6 diff --git a/requirements/awscli@1-requirements.txt b/requirements/awscli@1-requirements.txt deleted file mode 100644 index 5685d51a..00000000 --- a/requirements/awscli@1-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -botocore==1.30.0 -colorama==0.4.4 -jmespath==1.0.1 -pyasn1==0.5.0 -python-dateutil==2.8.2 -rsa==4.7.2 -s3transfer==0.6.1 -urllib3==1.26.16 diff --git a/requirements/awscurl-requirements.txt b/requirements/awscurl-requirements.txt deleted file mode 100644 index e414cab0..00000000 --- a/requirements/awscurl-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -configargparse==1.5.3 -configparser==5.3.0 -cryptography==41.0.1 -idna==3.4 -pyopenssl==23.2.0 -requests==2.31.0 -urllib3==2.0.2 -urllib3-secure-extra==0.1.0 diff --git a/requirements/awslogs-requirements.txt b/requirements/awslogs-requirements.txt deleted file mode 100644 index ea49e994..00000000 --- a/requirements/awslogs-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -boto3==1.26.73 -botocore==1.29.73 -jmespath==0.10.0 -python-dateutil==2.8.2 -s3transfer==0.6.0 -termcolor==2.2.0 -urllib3==1.26.14 diff --git a/requirements/awsume-requirements.txt b/requirements/awsume-requirements.txt deleted file mode 100644 index 6fd4d1ca..00000000 --- a/requirements/awsume-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -boto3==1.26.4 -botocore==1.29.4 -colorama==0.4.6 -jmespath==1.0.1 -pluggy==1.0.0 -psutil==5.9.4 -python-dateutil==2.8.2 -s3transfer==0.6.0 -urllib3==1.26.12 diff --git a/requirements/azure-cli-requirements.txt b/requirements/azure-cli-requirements.txt deleted file mode 100644 index 4f7b7476..00000000 --- a/requirements/azure-cli-requirements.txt +++ /dev/null @@ -1,142 +0,0 @@ -Deprecated==1.2.14 -PyGithub==1.55 -PySocks==1.7.1 -adal==1.2.7 -antlr4-python3-runtime==4.9.3 -applicationinsights==0.11.9 -argcomplete==3.1.1 -azure-appconfiguration==1.1.1 -azure-batch==13.0.0 -azure-common==1.1.22 -azure-core==1.26.0 -azure-cosmos==3.2.0 -azure-data-tables==12.4.0 -azure-datalake-store==0.0.49 -azure-graphrbac==0.60.0 -azure-keyvault==1.1.0 -azure-keyvault-administration==4.3.0 -azure-keyvault-certificates==4.7.0 -azure-keyvault-keys==4.8.0b2 -azure-keyvault-secrets==4.7.0 -azure-loganalytics==0.1.0 -azure-mgmt-advisor==9.0.0 -azure-mgmt-apimanagement==4.0.0 -azure-mgmt-appconfiguration==3.0.0 -azure-mgmt-appcontainers==2.0.0 -azure-mgmt-applicationinsights==1.0.0 -azure-mgmt-authorization==3.0.0 -azure-mgmt-batch==17.0.0 -azure-mgmt-batchai==7.0.0b1 -azure-mgmt-billing==6.0.0 -azure-mgmt-botservice==2.0.0b3 -azure-mgmt-cdn==12.0.0 -azure-mgmt-cognitiveservices==13.3.0 -azure-mgmt-compute==29.1.0 -azure-mgmt-consumption==2.0.0 -azure-mgmt-containerinstance==10.1.0 -azure-mgmt-containerregistry==10.1.0 -azure-mgmt-containerservice==24.0.0 -azure-mgmt-core==1.3.2 -azure-mgmt-cosmosdb==9.2.0 -azure-mgmt-databoxedge==1.0.0 -azure-mgmt-datalake-analytics==0.2.1 -azure-mgmt-datalake-nspkg==3.0.1 -azure-mgmt-datalake-store==0.5.0 -azure-mgmt-datamigration==10.0.0 -azure-mgmt-devtestlabs==4.0.0 -azure-mgmt-dns==8.0.0 -azure-mgmt-eventgrid==10.2.0b2 -azure-mgmt-eventhub==10.1.0 -azure-mgmt-extendedlocation==1.0.0b2 -azure-mgmt-hdinsight==9.0.0 -azure-mgmt-imagebuilder==1.2.0 -azure-mgmt-iotcentral==10.0.0b1 -azure-mgmt-iothub==2.3.0 -azure-mgmt-iothubprovisioningservices==1.1.0 -azure-mgmt-keyvault==10.2.2 -azure-mgmt-kusto==0.3.0 -azure-mgmt-loganalytics==13.0.0b4 -azure-mgmt-managedservices==1.0.0 -azure-mgmt-managementgroups==1.0.0 -azure-mgmt-maps==2.0.0 -azure-mgmt-marketplaceordering==1.1.0 -azure-mgmt-media==9.0.0 -azure-mgmt-monitor==5.0.0 -azure-mgmt-msi==7.0.0 -azure-mgmt-netapp==10.0.0 -azure-mgmt-nspkg==3.0.2 -azure-mgmt-policyinsights==1.1.0b2 -azure-mgmt-privatedns==1.0.0 -azure-mgmt-rdbms==10.2.0b10 -azure-mgmt-recoveryservices==2.4.0 -azure-mgmt-recoveryservicesbackup==6.0.0 -azure-mgmt-redhatopenshift==1.2.0 -azure-mgmt-redis==14.1.0 -azure-mgmt-relay==0.1.0 -azure-mgmt-resource==23.1.0b2 -azure-mgmt-search==9.0.0 -azure-mgmt-security==3.0.0 -azure-mgmt-servicebus==8.2.0 -azure-mgmt-servicefabric==1.0.0 -azure-mgmt-servicefabricmanagedclusters==1.0.0 -azure-mgmt-servicelinker==1.2.0b1 -azure-mgmt-signalr==1.1.0 -azure-mgmt-sql==4.0.0b10 -azure-mgmt-sqlvirtualmachine==1.0.0b5 -azure-mgmt-storage==21.0.0 -azure-mgmt-synapse==2.1.0b5 -azure-mgmt-trafficmanager==1.0.0 -azure-mgmt-web==7.0.0 -azure-multiapi-storage==1.2.0 -azure-nspkg==3.0.2 -azure-storage-common==1.4.2 -azure-synapse-accesscontrol==0.5.0 -azure-synapse-artifacts==0.15.0 -azure-synapse-managedprivateendpoints==0.4.0 -azure-synapse-spark==0.2.0 -bcrypt==3.2.0 -certifi==2022.12.7 -cffi==1.15.0 -chardet==3.0.4 -charset-normalizer==3.1.0 -colorama==0.4.4 -cryptography==41.0.1 -distro==1.8.0 -fabric==2.4.0 -humanfriendly==10.0 -idna==2.8 -invoke==1.2.0 -isodate==0.6.1 -javaproperties==0.5.1 -jmespath==0.9.5 -jsondiff==2.0.0 -knack==0.10.1 -msal==1.22.0 -msal-extensions==1.0.0 -msrest==0.7.1 -msrestazure==0.6.4 -oauthlib==3.2.2 -packaging==23.0 -paramiko==3.0.0 -pkginfo==1.8.2 -portalocker==2.3.2 -psutil==5.9.0 -pycparser==2.19 -Pygments==2.15.1 -PyJWT==2.4.0 -PyNaCl==1.5.0 -pyOpenSSL==23.2.0 -python-dateutil==2.8.0 -PyYAML==6.0 -requests==2.31.0 -requests-oauthlib==1.2.0 -scp==0.13.2 -semver==2.13.0 -six==1.16.0 -sshtunnel==0.1.5 -tabulate==0.8.9 -typing-extensions==4.7.0 -urllib3==1.26.16 -websocket-client==1.3.1 -wrapt==1.15.0 -xmltodict==0.12.0 diff --git a/requirements/b2-tools-requirements.txt b/requirements/b2-tools-requirements.txt deleted file mode 100644 index 59aa2ea8..00000000 --- a/requirements/b2-tools-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -argcomplete==3.0.8 -arrow==1.2.3 -b2sdk==1.21.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -docutils==0.19 -idna==3.4 -logfury==1.0.1 -phx-class-registry==4.0.6 -python-dateutil==2.8.2 -requests==2.31.0 -rst2ansi==0.1.5 -tabulate==0.9.0 -tqdm==4.65.0 -urllib3==2.0.2 diff --git a/requirements/bandcamp-dl-requirements.txt b/requirements/bandcamp-dl-requirements.txt deleted file mode 100644 index e2471689..00000000 --- a/requirements/bandcamp-dl-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -beautifulsoup4==4.12.2 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -demjson3==3.0.6 -docopt==0.6.2 -idna==3.4 -lxml==4.9.2 -mock==5.0.2 -mutagen==1.46.0 -requests==2.31.0 -soupsieve==2.4.1 -unicode-slugify==0.1.5 -unidecode==1.3.6 -urllib3==2.0.2 diff --git a/requirements/bandit-requirements.txt b/requirements/bandit-requirements.txt deleted file mode 100644 index 14c18e7c..00000000 --- a/requirements/bandit-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -gitdb==4.0.10 -GitPython==3.1.31 -markdown-it-py==2.2.0 -mdurl==0.1.2 -pbr==5.11.1 -rich==13.3.2 -smmap==5.0.0 -stevedore==5.0.0 diff --git a/requirements/bashate-requirements.txt b/requirements/bashate-requirements.txt deleted file mode 100644 index a39828f6..00000000 --- a/requirements/bashate-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pbr==5.11.1 diff --git a/requirements/bazarr-requirements.txt b/requirements/bazarr-requirements.txt deleted file mode 100644 index d23f991f..00000000 --- a/requirements/bazarr-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -lxml==4.9.2 -webrtcvad-wheels==2.0.11.post1 diff --git a/requirements/bbot-requirements.txt b/requirements/bbot-requirements.txt deleted file mode 100644 index 888b7bf7..00000000 --- a/requirements/bbot-requirements.txt +++ /dev/null @@ -1,41 +0,0 @@ -pip==23.1.2 -ansible-core==2.14.7 -ansible-runner==2.3.3 -ansible==7.7.0 -antlr4-python3-runtime==4.9.3 -appdirs==1.4.4 -attrs==23.1.0 -cattrs==23.1.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cloudcheck==2.0.0.36 -cryptography==41.0.1 -deepdiff==6.3.0 -dnspython==2.3.0 -filelock==3.12.2 -idna==3.4 -jinja2==3.1.2 -lockfile==0.12.2 -markupsafe==2.1.3 -omegaconf==2.3.0 -ordered-set==4.1.0 -packaging==23.1 -pexpect==4.8.0 -psutil==5.9.5 -ptyprocess==0.7.0 -pycryptodome==3.18.0 -pydantic==1.10.10 -python-daemon==3.0.1 -requests-cache==0.9.8 -requests-file==1.5.1 -requests==2.31.0 -resolvelib==0.8.1 -setuptools==68.0.0 -tabulate==0.8.10 -tldextract==3.4.4 -url-normalize==1.4.3 -urllib3==2.0.3 -websocket-client==1.6.1 -wordninja==2.0.0 -xmltodict==0.12.0 -xmltojson==2.0.2 diff --git a/requirements/beancount-requirements.txt b/requirements/beancount-requirements.txt deleted file mode 100644 index 7280907e..00000000 --- a/requirements/beancount-requirements.txt +++ /dev/null @@ -1,30 +0,0 @@ -beautifulsoup4==4.12.2 -bottle==0.12.25 -cachetools==5.3.0 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -google-api-core==2.11.0 -google-api-python-client==2.86.0 -google-auth==2.18.1 -google-auth-httplib2==0.1.0 -googleapis-common-protos==1.59.0 -httplib2==0.22.0 -idna==3.4 -iniconfig==2.0.0 -lxml==4.9.2 -packaging==23.1 -pluggy==1.0.0 -ply==3.11 -protobuf==4.23.1 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pyparsing==3.0.9 -pytest==7.3.1 -python-dateutil==2.8.2 -python-magic==0.4.27 -requests==2.31.0 -rsa==4.9 -soupsieve==2.4.1 -uritemplate==4.1.1 -urllib3==1.26.15 diff --git a/requirements/binwalk-requirements.txt b/requirements/binwalk-requirements.txt deleted file mode 100644 index 1a76ca4d..00000000 --- a/requirements/binwalk-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -capstone==4.0.2 -gnupg==2.3.1 -matplotlib==3.6.3 -pycryptodome==3.17 diff --git a/requirements/black-requirements.txt b/requirements/black-requirements.txt deleted file mode 100644 index 6fc027d4..00000000 --- a/requirements/black-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==22.2.0 -charset-normalizer==3.1.0 -click==8.1.3 -frozenlist==1.3.3 -idna==3.4 -multidict==6.0.4 -mypy-extensions==1.0.0 -packaging==23.0 -pathspec==0.11.1 -platformdirs==3.2.0 -yarl==1.8.2 diff --git a/requirements/borgbackup-requirements.txt b/requirements/borgbackup-requirements.txt deleted file mode 100644 index 08a9e78c..00000000 --- a/requirements/borgbackup-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -msgpack==1.0.5 -packaging==23.0 -pyparsing==3.0.9 diff --git a/requirements/borgmatic-requirements.txt b/requirements/borgmatic-requirements.txt deleted file mode 100644 index 3b67f6f9..00000000 --- a/requirements/borgmatic-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorama==0.4.6 -idna==3.4 -jsonschema==4.17.3 -packaging==23.1 -pyrsistent==0.19.3 -requests==2.31.0 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -urllib3==2.0.3 diff --git a/requirements/bpython-requirements.txt b/requirements/bpython-requirements.txt deleted file mode 100644 index ed47b074..00000000 --- a/requirements/bpython-requirements.txt +++ /dev/null @@ -1,11 +0,0 @@ -blessed==1.20.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -curtsies==0.4.1 -cwcwidth==0.1.8 -greenlet==2.0.2 -idna==3.4 -pyxdg==0.28 -requests==2.31.0 -urllib3==2.0.2 -wcwidth==0.2.6 diff --git a/requirements/bpytop-requirements.txt b/requirements/bpytop-requirements.txt deleted file mode 100644 index 9e7657a3..00000000 --- a/requirements/bpytop-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -psutil==5.9.3 diff --git a/requirements/breezy-requirements.txt b/requirements/breezy-requirements.txt deleted file mode 100644 index de9c9759..00000000 --- a/requirements/breezy-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -configobj==5.0.8 -dulwich==0.21.5 -fastbencode==0.2 -merge3==0.0.13 -patiencediff==0.2.13 -urllib3==2.0.2 diff --git a/requirements/buku-requirements.txt b/requirements/buku-requirements.txt deleted file mode 100644 index 2fbcf007..00000000 --- a/requirements/buku-requirements.txt +++ /dev/null @@ -1,23 +0,0 @@ -arrow==1.2.3 -beautifulsoup4==4.12.2 -certifi==2023.5.7 -click==8.1.3 -cryptography==41.0.1 -dominate==2.8.0 -Flask==2.2.5 -Flask-Admin==1.6.1 -Flask-API==3.1 -Flask-Bootstrap==3.3.7.1 -flask-paginate==2022.1.8 -Flask-WTF==1.1.1 -html5lib==1.1 -itsdangerous==2.1.2 -Jinja2==3.1.2 -MarkupSafe==2.1.3 -python-dateutil==2.8.2 -soupsieve==2.4.1 -urllib3==2.0.3 -visitor==0.1.3 -webencodings==0.5.1 -Werkzeug==2.3.6 -WTForms==3.0.1 diff --git a/requirements/bzt-requirements.txt b/requirements/bzt-requirements.txt deleted file mode 100644 index 340a602c..00000000 --- a/requirements/bzt-requirements.txt +++ /dev/null @@ -1,40 +0,0 @@ -aiodogstatsd==0.16.0.post0 -aiohttp==3.8.4 -aiosignal==1.3.1 -astunparse==1.6.3 -async-timeout==4.0.2 -attrs==23.1.0 -bidict==0.22.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorlog==6.7.0 -cssselect==1.2.0 -dill==0.3.6 -frozenlist==1.3.3 -fuzzyset2==0.2.2 -hdrpy==0.3.3 -humanize==4.6.0 -idna==3.4 -influxdb==5.3.1 -lxml==4.9.2 -molotov==2.6 -msgpack==1.0.5 -multidict==6.0.4 -multiprocess==0.70.14 -progressbar33==2.4 -prompt-toolkit==3.0.38 -psutil==5.9.5 -python-dateutil==2.8.2 -python-engineio==4.4.1 -python-socketio==5.8.0 -pytz==2023.3 -pyvirtualdisplay==3.0 -rapidfuzz==3.0.0 -requests==2.31.0 -terminaltables==3.1.10 -urllib3==2.0.2 -urwid==2.1.2 -wcwidth==0.2.6 -websocket-client==1.5.2 -wheel==0.40.0 -yarl==1.9.2 diff --git a/requirements/c7n-requirements.txt b/requirements/c7n-requirements.txt deleted file mode 100644 index ff175b79..00000000 --- a/requirements/c7n-requirements.txt +++ /dev/null @@ -1,13 +0,0 @@ -argcomplete==3.1.1 -attrs==23.1.0 -boto3==1.26.163 -botocore==1.29.163 -docutils==0.18.1 -importlib-metadata==5.2.0 -jmespath==1.0.1 -jsonschema==4.17.3 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -s3transfer==0.6.1 -urllib3==1.26.16 -zipp==3.15.0 diff --git a/requirements/cassandra-requirements.txt b/requirements/cassandra-requirements.txt deleted file mode 100644 index 1c33fcf9..00000000 --- a/requirements/cassandra-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -thrift==0.16.0 -cql==1.4.0 -cassandra-driver==3.25.0 -click==8.1.3 -geomet==0.3.0 diff --git a/requirements/ccm-requirements.txt b/requirements/ccm-requirements.txt deleted file mode 100644 index d17c1577..00000000 --- a/requirements/ccm-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -cassandra-driver==3.25.0 -click==8.1.3 -geomet==0.2.1.post1 diff --git a/requirements/censys-requirements.txt b/requirements/censys-requirements.txt deleted file mode 100644 index e88910f9..00000000 --- a/requirements/censys-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -argcomplete==3.1.1 -backoff==2.2.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -markdown-it-py==3.0.0 -mdurl==0.1.2 -requests==2.31.0 -rich==13.4.2 -urllib3==2.0.3 diff --git a/requirements/certbot-requirements.txt b/requirements/certbot-requirements.txt deleted file mode 100644 index 82c83bd7..00000000 --- a/requirements/certbot-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -acme==2.6.0 -certbot-apache==2.6.0 -certbot-nginx==2.6.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -ConfigArgParse==1.5.3 -configobj==5.0.8 -cryptography==41.0.1 -distro==1.8.0 -idna==3.4 -josepy==1.13.0 -parsedatetime==2.6 -pyOpenSSL==23.2.0 -pyparsing==3.0.9 -pyRFC3339==1.1 -python-augeas==1.1.0 -pytz==2023.3 -requests==2.31.0 -urllib3==2.0.3 diff --git a/requirements/cfn-flip-requirements.txt b/requirements/cfn-flip-requirements.txt deleted file mode 100644 index adf24f59..00000000 --- a/requirements/cfn-flip-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -click==8.1.3 diff --git a/requirements/cfn-lint-requirements.txt b/requirements/cfn-lint-requirements.txt deleted file mode 100644 index 7e054c07..00000000 --- a/requirements/cfn-lint-requirements.txt +++ /dev/null @@ -1,22 +0,0 @@ -attrs==23.1.0 -aws-sam-translator==1.69.0 -boto3==1.26.156 -botocore==1.29.156 -jmespath==1.0.1 -jschema-to-python==1.2.3 -jsonpatch==1.32 -jsonpickle==3.0.1 -jsonpointer==2.3 -jsonschema==4.17.3 -junit-xml==1.9 -mpmath==1.3.0 -networkx==3.1 -pbr==5.11.1 -pydantic==1.10.9 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -regex==2023.6.3 -s3transfer==0.6.1 -sarif-om==1.0.4 -sympy==1.12 -urllib3==1.26.16 diff --git a/requirements/charm-tools-requirements.txt b/requirements/charm-tools-requirements.txt deleted file mode 100644 index a7b4db88..00000000 --- a/requirements/charm-tools-requirements.txt +++ /dev/null @@ -1,41 +0,0 @@ -pip==22.3.1 -attrs==23.1.0 -blessings==1.7 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cheetah3==3.2.6.post1 -colander==1.8.3 -cryptography==41.0.1 -dict2colander==0.2 -distlib==0.3.6 -filelock==3.12.2 -idna==3.4 -importlib-metadata==6.7.0 -iso8601==2.0.0 -jaraco-classes==3.2.3 -jeepney==0.8.0 -jsonschema==4.17.3 -jujubundlelib==0.5.7 -keyring==23.13.1 -more-itertools==9.1.0 -otherstuf==1.1.0 -parse==1.19.1 -path==16.6.0 -path-py==12.5.0 -pathspec==0.10.3 -platformdirs==3.8.0 -pyrsistent==0.19.3 -pyyaml==5.4.1 -requests==2.31.0 -requirements-parser==0.5.0 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -secretstorage==3.3.3 -stuf==0.9.16 -translationstring==1.4 -types-setuptools==68.0.0.0 -urllib3==2.0.3 -vergit==1.0.2 -virtualenv==20.23.1 -wheel==0.40.0 -zipp==3.15.0 diff --git a/requirements/charmcraft-requirements.txt b/requirements/charmcraft-requirements.txt deleted file mode 100644 index d29568c2..00000000 --- a/requirements/charmcraft-requirements.txt +++ /dev/null @@ -1,46 +0,0 @@ -appdirs==1.4.4 -attrs==23.1.0 -certifi==2023.5.7 -cffi==1.15.1 -charset-normalizer==3.1.0 -craft-cli==1.2.0 -craft-parts==1.20.0 -craft-providers==1.12.0 -craft-store==2.4.0 -cryptography==3.4 -deprecated==1.2.13 -humanize==4.6.0 -idna==3.4 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -jinja2==3.1.2 -jsonschema==4.17.3 -keyring==23.13.1 -macaroonbakery==1.3.1 -markupsafe==2.1.2 -more-itertools==9.1.0 -overrides==7.3.1 -packaging==23.1 -platformdirs==3.5.1 -protobuf==3.20.3 -pycparser==2.21 -pydantic==1.10.7 -pydantic-yaml==0.11.2 -pymacaroons==0.13.0 -pynacl==1.5.0 -pyrfc3339==1.1 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -pytz==2023.3 -pyxdg==0.28 -requests==2.31.0 -requests-toolbelt==1.0.0 -requests-unixsocket==0.3.0 -semantic-version==2.10.0 -setuptools-rust==1.6.0 -snap-helpers==0.3.2 -types-deprecated==1.2.9.2 -types-pyyaml==6.0.12.10 -urllib3==1.26.15 -wrapt==1.15.0 -zipp==3.15.0 diff --git a/requirements/chatblade-requirements.txt b/requirements/chatblade-requirements.txt deleted file mode 100644 index 91166139..00000000 --- a/requirements/chatblade-requirements.txt +++ /dev/null @@ -1,20 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -frozenlist==1.3.3 -idna==3.4 -markdown-it-py==3.0.0 -mdurl==0.1.2 -multidict==6.0.4 -openai==0.27.8 -platformdirs==3.5.3 -regex==2023.6.3 -requests==2.31.0 -rich==13.4.2 -tiktoken==0.4.0 -tqdm==4.65.0 -urllib3==2.0.3 -yarl==1.9.2 diff --git a/requirements/check-jsonschema-requirements.txt b/requirements/check-jsonschema-requirements.txt deleted file mode 100644 index e5140df0..00000000 --- a/requirements/check-jsonschema-requirements.txt +++ /dev/null @@ -1,20 +0,0 @@ -arrow==1.2.3 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -fqdn==1.5.1 -idna==3.4 -isoduration==20.11.0 -jsonpointer==2.3 -jsonschema==4.17.3 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -requests==2.31.0 -rfc3339-validator==0.1.4 -rfc3987==1.3.8 -ruamel-yaml==0.17.31 -ruamel-yaml-clib==0.2.7 -uri-template==1.2.0 -urllib3==2.0.3 -webcolors==1.13 diff --git a/requirements/checkov-requirements.txt b/requirements/checkov-requirements.txt deleted file mode 100644 index 04d2da09..00000000 --- a/requirements/checkov-requirements.txt +++ /dev/null @@ -1,82 +0,0 @@ -aiodns==3.0.0 -aiohttp==3.8.4 -aiomultiprocess==0.9.0 -aiosignal==1.3.1 -argcomplete==3.1.1 -async-timeout==4.0.2 -attrs==23.1.0 -bc-detect-secrets==1.4.29 -bc-jsonpath-ng==1.5.9 -bc-python-hcl2==0.3.51 -beautifulsoup4==4.12.2 -boolean-py==4.0 -boto3==1.26.158 -botocore==1.29.158 -cached-property==1.5.2 -cachetools==5.3.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-option-group==0.5.6 -cloudsplaining==0.5.1 -colorama==0.4.6 -configargparse==1.5.3 -contextlib2==21.6.0 -cyclonedx-python-lib==3.1.5 -decorator==5.1.1 -deep-merge==0.0.4 -docker==6.1.3 -dockerfile-parse==2.0.0 -dpath==2.1.3 -frozenlist==1.3.3 -gitdb==4.0.10 -gitpython==3.1.31 -idna==3.4 -igraph==0.10.4 -importlib-metadata==6.7.0 -isodate==0.6.1 -jinja2==3.1.2 -jmespath==1.0.1 -jsonschema==4.17.3 -junit-xml==1.9 -lark==1.1.5 -license-expression==30.1.0 -markdown==3.4.3 -markupsafe==2.1.3 -multidict==6.0.4 -networkx==2.6.3 -openai==0.27.8 -packageurl-python==0.11.1 -packaging==23.1 -ply==3.11 -policy-sentry==0.12.6 -policyuniverse==1.5.1.20230608 -prettytable==3.8.0 -pycares==4.3.0 -pycep-parser==0.4.1 -pyparsing==3.1.0 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -rdflib==6.3.2 -regex==2023.6.3 -requests==2.31.0 -s3transfer==0.6.1 -schema==0.7.5 -semantic-version==2.10.0 -smmap==5.0.0 -sortedcontainers==2.4.0 -soupsieve==2.4.1 -spdx-tools==0.7.1 -termcolor==2.3.0 -texttable==1.6.7 -toml==0.10.2 -tqdm==4.65.0 -unidiff==0.7.5 -update-checker==0.18.0 -uritools==4.0.1 -urllib3==1.26.16 -wcwidth==0.2.6 -websocket-client==1.6.0 -xmltodict==0.13.0 -yarl==1.9.2 -zipp==3.15.0 diff --git a/requirements/choose-requirements.txt b/requirements/choose-requirements.txt deleted file mode 100644 index 741279b5..00000000 --- a/requirements/choose-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -urwid==2.1.0 diff --git a/requirements/ciphey-requirements.txt b/requirements/ciphey-requirements.txt deleted file mode 100644 index 33a66393..00000000 --- a/requirements/ciphey-requirements.txt +++ /dev/null @@ -1,26 +0,0 @@ -appdirs==1.4.4 -astroid==2.6.2 -base58==2.1.0 -base91==1.0.1 -cipheydists==0.3.35 -click==7.1.2 -colorama==0.4.4 -commonmark==0.9.1 -flake8==3.9.2 -isort==5.9.1 -langdetect==1.0.9 -lazy-object-proxy==1.6.0 -loguru==0.5.3 -mccabe==0.6.1 -mock==4.0.3 -name-that-hash==1.10.0 -pybase62==0.4.3 -pycodestyle==2.7.0 -pyflakes==2.3.1 -Pygments==2.9.0 -pylint==2.9.3 -pywhat==1.1.0 -PyYAML==5.4.1 -rich==10.4.0 -toml==0.10.2 -wrapt==1.12.1 diff --git a/requirements/cloudformation-cli-requirements.txt b/requirements/cloudformation-cli-requirements.txt deleted file mode 100644 index 2847f80f..00000000 --- a/requirements/cloudformation-cli-requirements.txt +++ /dev/null @@ -1,48 +0,0 @@ -attrs==23.1.0 -aws-sam-translator==1.68.0 -boto3==1.26.147 -botocore==1.29.147 -certifi==2023.5.7 -cfn-flip==1.3.0 -cfn-lint==0.72.10 -charset-normalizer==3.1.0 -click==8.1.3 -cloudformation-cli-go-plugin==2.0.4 -cloudformation-cli-java-plugin==2.0.16 -cloudformation-cli-python-plugin==2.1.8 -colorama==0.4.6 -docker==6.1.3 -hypothesis==6.76.0 -idna==3.4 -iniconfig==2.0.0 -jinja2==3.1.2 -jmespath==1.0.1 -jschema-to-python==1.2.3 -jsonpatch==1.32 -jsonpickle==3.0.1 -jsonpointer==2.3 -jsonschema==3.2.0 -junit-xml==1.9 -markupsafe==2.1.3 -nested-lookup==0.2.25 -networkx==2.8.8 -ordered-set==4.1.0 -packaging==23.1 -pbr==5.11.1 -pluggy==1.0.0 -pydantic==1.10.8 -pyrsistent==0.19.3 -pytest==7.3.1 -pytest-localserver==0.7.1 -pytest-random-order==1.1.0 -python-dateutil==2.8.2 -pyyaml==5.4.1 -requests==2.31.0 -s3transfer==0.6.1 -sarif-om==1.0.4 -semver==3.0.0 -sortedcontainers==2.4.0 -types-dataclasses==0.6.6 -urllib3==1.26.16 -websocket-client==1.5.2 -werkzeug==2.3.4 diff --git a/requirements/cloudiscovery-requirements.txt b/requirements/cloudiscovery-requirements.txt deleted file mode 100644 index de0dc9f4..00000000 --- a/requirements/cloudiscovery-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -boto3==1.26.5 -botocore==1.29.5 -cachetools==5.2.0 -diagrams==0.23.1 -diskcache==5.4.0 -graphviz==0.19.2 -ipaddress==1.0.23 -Jinja2==2.11.3 -jmespath==1.0.1 -MarkupSafe==2.0.1 -python-dateutil==2.8.2 -pytz==2022.6 -s3transfer==0.6.0 -urllib3==1.26.12 diff --git a/requirements/coconut-requirements.txt b/requirements/coconut-requirements.txt deleted file mode 100644 index 17b9e704..00000000 --- a/requirements/coconut-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -cpyparsing==2.4.7.1.2.1 -prompt-toolkit==3.0.38 -psutil==5.9.5 -wcwidth==0.2.6 diff --git a/requirements/commitizen-requirements.txt b/requirements/commitizen-requirements.txt deleted file mode 100644 index 9e3d9402..00000000 --- a/requirements/commitizen-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -argcomplete==3.1.1 -charset-normalizer==3.1.0 -colorama==0.4.6 -decli==0.6.1 -importlib-metadata==6.7.0 -jinja2==3.1.2 -markupsafe==2.1.3 -packaging==23.1 -prompt-toolkit==3.0.38 -questionary==1.10.0 -termcolor==2.3.0 -tomlkit==0.11.8 -wcwidth==0.2.6 -zipp==3.15.0 diff --git a/requirements/compiledb-requirements.txt b/requirements/compiledb-requirements.txt deleted file mode 100644 index 1885f8f2..00000000 --- a/requirements/compiledb-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -bashlex==0.16 -click==8.1.3 -shutilwhich==1.1.0 diff --git a/requirements/conan-requirements.txt b/requirements/conan-requirements.txt deleted file mode 100644 index 04ec5e75..00000000 --- a/requirements/conan-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorama==0.4.6 -distro==1.8.0 -fasteners==0.18 -idna==3.4 -jinja2==3.1.2 -markupsafe==2.1.3 -patch-ng==1.17.4 -python-dateutil==2.8.2 -requests==2.31.0 -urllib3==1.26.16 diff --git a/requirements/conan@1-requirements.txt b/requirements/conan@1-requirements.txt deleted file mode 100644 index cc066dae..00000000 --- a/requirements/conan@1-requirements.txt +++ /dev/null @@ -1,17 +0,0 @@ -bottle==0.12.25 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorama==0.4.6 -distro==1.8.0 -fasteners==0.18 -idna==3.4 -jinja2==3.1.2 -markupsafe==2.1.2 -node-semver==0.6.1 -patch-ng==1.17.4 -pluginbase==1.0.1 -pyjwt==2.7.0 -python-dateutil==2.8.2 -requests==2.31.0 -tqdm==4.65.0 -urllib3==1.26.16 diff --git a/requirements/conda-lock-requirements.txt b/requirements/conda-lock-requirements.txt deleted file mode 100644 index bbcb6d76..00000000 --- a/requirements/conda-lock-requirements.txt +++ /dev/null @@ -1,37 +0,0 @@ -appdirs==1.4.4 -cachecontrol==0.13.1 -cachy==0.3.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-default-group==1.2.2 -clikit==0.6.2 -crashtest==0.3.1 -distlib==0.3.6 -ensureconda==1.4.3 -filelock==3.12.2 -gitdb==4.0.10 -gitpython==3.1.31 -html5lib==1.1 -idna==3.4 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -jinja2==3.1.2 -markupsafe==2.1.3 -more-itertools==9.1.0 -msgpack==1.0.5 -packaging==23.1 -pastel==0.2.1 -pkginfo==1.9.6 -platformdirs==3.5.3 -pydantic==1.10.9 -pylev==1.4.0 -requests==2.31.0 -ruamel-yaml==0.17.31 -ruamel-yaml-clib==0.2.7 -smmap==5.0.0 -tomlkit==0.11.8 -toolz==0.12.0 -urllib3==1.26.16 -webencodings==0.5.1 -zipp==3.15.0 diff --git a/requirements/condure-requirements.txt b/requirements/condure-requirements.txt deleted file mode 100644 index 7d8cf3de..00000000 --- a/requirements/condure-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -pyzmq==25.1.0 -tnetstring3==0.3.1 diff --git a/requirements/cookiecutter-requirements.txt b/requirements/cookiecutter-requirements.txt deleted file mode 100644 index c3bb4420..00000000 --- a/requirements/cookiecutter-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -arrow==1.2.3 -binaryornot==0.4.4 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -click==8.1.3 -idna==3.4 -jinja2==3.1.2 -jinja2-time==0.2.0 -markupsafe==2.1.2 -python-dateutil==2.8.2 -python-slugify==8.0.1 -requests==2.31.0 -text-unidecode==1.3 -urllib3==2.0.2 diff --git a/requirements/copier-requirements.txt b/requirements/copier-requirements.txt deleted file mode 100644 index 61320b2e..00000000 --- a/requirements/copier-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -colorama==0.4.6 -decorator==5.1.1 -dunamai==1.17.0 -funcy==2.0 -jinja2==3.1.2 -jinja2-ansible-filters==1.3.2 -markupsafe==2.1.3 -packaging==23.1 -pathspec==0.11.1 -plumbum==1.8.2 -prompt-toolkit==3.0.38 -pydantic==1.10.8 -pyyaml-include==1.3 -questionary==1.10.0 -wcwidth==0.2.6 diff --git a/requirements/cppman-requirements.txt b/requirements/cppman-requirements.txt deleted file mode 100644 index 19c9b608..00000000 --- a/requirements/cppman-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -beautifulsoup4==4.12.0 -html5lib==1.1 -soupsieve==2.4 -webencodings==0.5.1 diff --git a/requirements/credstash-requirements.txt b/requirements/credstash-requirements.txt deleted file mode 100644 index f7e972f6..00000000 --- a/requirements/credstash-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -boto3==1.26.146 -botocore==1.29.146 -cryptography==41.0.1 -jmespath==1.0.1 -python-dateutil==2.8.2 -s3transfer==0.6.1 -urllib3==1.26.16 diff --git a/requirements/cruft-requirements.txt b/requirements/cruft-requirements.txt deleted file mode 100644 index f404be82..00000000 --- a/requirements/cruft-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -gitdb==4.0.10 -gitpython==3.1.31 -smmap==5.0.0 -typer==0.9.0 diff --git a/requirements/cryfs-requirements.txt b/requirements/cryfs-requirements.txt deleted file mode 100644 index 3561bb98..00000000 --- a/requirements/cryfs-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -versioneer==0.28 diff --git a/requirements/crytic-compile-requirements.txt b/requirements/crytic-compile-requirements.txt deleted file mode 100644 index 3e847452..00000000 --- a/requirements/crytic-compile-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -cbor2==5.4.6 -pycryptodome==3.18.0 diff --git a/requirements/csvkit-requirements.txt b/requirements/csvkit-requirements.txt deleted file mode 100644 index fa00fa40..00000000 --- a/requirements/csvkit-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -agate==1.7.1 -agate-dbf==0.2.2 -agate-excel==0.2.5 -agate-sql==0.5.9 -Babel==2.11.0 -dbfread==2.0.7 -et-xmlfile==1.1.0 -greenlet==2.0.2 -isodate==0.6.1 -leather==0.3.4 -olefile==0.46 -openpyxl==3.1.1 -parsedatetime==2.6 -python-slugify==8.0.0 -pytimeparse==1.1.8 -pytz==2022.7.1 -SQLAlchemy==1.4.46 -text-unidecode==1.3 -xlrd==2.0.1 diff --git a/requirements/cycode-requirements.txt b/requirements/cycode-requirements.txt deleted file mode 100644 index 5d5252bf..00000000 --- a/requirements/cycode-requirements.txt +++ /dev/null @@ -1,21 +0,0 @@ -arrow==0.17.0 -binaryornot==0.4.4 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.6 -gitdb==4.0.10 -gitpython==3.1.31 -halo==0.0.31 -idna==3.4 -log-symbols==0.0.14 -marshmallow==3.8.0 -pathspec==0.8.1 -python-dateutil==2.8.2 -requests==2.31.0 -smmap==5.0.0 -spinners==0.0.24 -termcolor==2.3.0 -texttable==1.6.7 -urllib3==2.0.3 diff --git a/requirements/cyral-gimme-db-token-requirements.txt b/requirements/cyral-gimme-db-token-requirements.txt deleted file mode 100644 index 272290e4..00000000 --- a/requirements/cyral-gimme-db-token-requirements.txt +++ /dev/null @@ -1,17 +0,0 @@ -awscli==1.27.138 -botocore==1.29.138 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.4 -cryptography==39.0.2 -docutils==0.16 -idna==3.4 -jmespath==1.0.1 -pyasn1==0.5.0 -python-dateutil==2.8.2 -pyyaml==5.4.1 -requests==2.31.0 -rsa==4.7.2 -s3transfer==0.6.1 -urllib3==1.26.15 diff --git a/requirements/datalad-requirements.txt b/requirements/datalad-requirements.txt deleted file mode 100644 index bcd84e30..00000000 --- a/requirements/datalad-requirements.txt +++ /dev/null @@ -1,26 +0,0 @@ -annexremote==1.6.0 -boto==2.49.0 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -distro==1.8.0 -fasteners==0.18 -humanize==4.7.0 -idna==3.4 -importlib-metadata==6.7.0 -iso8601==2.0.0 -jaraco-classes==3.2.3 -keyring==24.2.0 -keyrings-alt==4.2.0 -looseversion==1.2.0 -more-itertools==9.1.0 -msgpack==1.0.5 -packaging==23.1 -patool==1.12 -platformdirs==3.8.0 -python-gitlab==3.15.0 -requests==2.31.0 -requests-toolbelt==1.0.0 -tqdm==4.65.0 -urllib3==2.0.3 -zipp==3.15.0 diff --git a/requirements/datasette-requirements.txt b/requirements/datasette-requirements.txt deleted file mode 100644 index cca99146..00000000 --- a/requirements/datasette-requirements.txt +++ /dev/null @@ -1,22 +0,0 @@ -aiofiles==23.1.0 -anyio==3.6.2 -asgi-csrf==0.9 -asgiref==3.6.0 -certifi==2022.12.7 -click==8.1.3 -click-default-group-wheel==1.2.2 -h11==0.14.0 -httpcore==0.17.0 -httpx==0.24.0 -hupper==1.12 -idna==3.4 -itsdangerous==2.1.2 -janus==1.0.0 -jinja2==3.1.2 -markupsafe==2.1.2 -mergedeep==1.3.4 -pint==0.20.1 -pluggy==1.0.0 -python-multipart==0.0.6 -sniffio==1.3.0 -uvicorn==0.21.1 diff --git a/requirements/detect-secrets-requirements.txt b/requirements/detect-secrets-requirements.txt deleted file mode 100644 index 8095b7e9..00000000 --- a/requirements/detect-secrets-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/diffoscope-requirements.txt b/requirements/diffoscope-requirements.txt deleted file mode 100644 index 7f6e0b6d..00000000 --- a/requirements/diffoscope-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -argcomplete==3.1.1 -libarchive-c==4.0 -progressbar==2.5 -python-magic==0.4.27 diff --git a/requirements/dnstwist-requirements.txt b/requirements/dnstwist-requirements.txt deleted file mode 100644 index bda64fb0..00000000 --- a/requirements/dnstwist-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -dnspython==2.3.0 -frozenlist==1.3.3 -geoip2==4.7.0 -idna==3.4 -maxminddb==2.3.0 -multidict==6.0.4 -ppdeep==20200505 -py-tlsh==4.7.2 -requests==2.31.0 -tld==0.13 -urllib3==2.0.2 -whois==0.9.27 -yarl==1.9.2 diff --git a/requirements/dnsviz-requirements.txt b/requirements/dnsviz-requirements.txt deleted file mode 100644 index 7dffbcd5..00000000 --- a/requirements/dnsviz-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -dnspython==2.2.1 -M2Crypto==0.38.0 -pygraphviz==1.10 diff --git a/requirements/doc8-requirements.txt b/requirements/doc8-requirements.txt deleted file mode 100644 index a55a0ab8..00000000 --- a/requirements/doc8-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -pbr==5.11.0 -restructuredtext-lint==1.4.0 -stevedore==4.1.1 diff --git a/requirements/docker-squash-requirements.txt b/requirements/docker-squash-requirements.txt deleted file mode 100644 index 40a40b70..00000000 --- a/requirements/docker-squash-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -docker==6.1.2 -idna==3.4 -packaging==23.1 -requests==2.31.0 -urllib3==2.0.2 -websocket-client==1.5.2 diff --git a/requirements/doitlive-requirements.txt b/requirements/doitlive-requirements.txt deleted file mode 100644 index 2e9d66ed..00000000 --- a/requirements/doitlive-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -click==7.1.2 -click-completion==0.5.2 -click-didyoumean==0.3.0 -Jinja2==3.1.2 -MarkupSafe==2.1.1 -packaging==21.3 -pyparsing==3.0.9 -shellingham==1.5.0 diff --git a/requirements/dooit-requirements.txt b/requirements/dooit-requirements.txt deleted file mode 100644 index 555dab1c..00000000 --- a/requirements/dooit-requirements.txt +++ /dev/null @@ -1,27 +0,0 @@ -appdirs==1.4.4 -click==8.1.3 -dateparser==1.1.8 -ghp-import==2.1.0 -importlib-metadata==4.13.0 -Jinja2==3.1.2 -linkify-it-py==2.0.0 -Markdown==3.3.7 -markdown-it-py==2.2.0 -MarkupSafe==2.1.2 -mdit-py-plugins==0.3.5 -mdurl==0.1.2 -mergedeep==1.3.4 -mkdocs==1.4.2 -mkdocs-exclude==1.0.2 -packaging==23.0 -pyperclip==1.8.2 -python-dateutil==2.8.2 -pytz==2023.2 -pyyaml_env_tag==0.1 -regex==2023.3.23 -rich==13.3.3 -textual==0.12.1 -tzlocal==2.1 -uc-micro-py==1.0.1 -watchdog==3.0.0 -zipp==3.15.0 diff --git a/requirements/dotbot-requirements.txt b/requirements/dotbot-requirements.txt deleted file mode 100644 index 932bd69e..00000000 --- a/requirements/dotbot-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -PyYAML==5.4.1 diff --git a/requirements/dotdrop-requirements.txt b/requirements/dotdrop-requirements.txt deleted file mode 100644 index 33e5b8c3..00000000 --- a/requirements/dotdrop-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -distro==1.8.0 -docopt==0.6.2 -idna==3.4 -jinja2==3.1.2 -markupsafe==2.1.2 -packaging==23.1 -python-magic==0.4.27 -requests==2.31.0 -ruamel-yaml==0.17.26 -ruamel-yaml-clib==0.2.7 -toml==0.10.2 -urllib3==2.0.2 diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt deleted file mode 100644 index 78c89bbd..00000000 --- a/requirements/dstack-requirements.txt +++ /dev/null @@ -1,107 +0,0 @@ -greenlet==2.0.2 -adal==1.2.7 -aiosqlite==0.19.0 -alembic==1.11.1 -anyio==3.7.0 -apscheduler==3.10.1 -attrs==23.1.0 -azure-common==1.1.28 -azure-core==1.27.1 -azure-graphrbac==0.61.1 -azure-identity==1.13.0 -azure-keyvault-secrets==4.7.0 -azure-mgmt-authorization==3.0.0 -azure-mgmt-compute==30.0.0 -azure-mgmt-core==1.4.0 -azure-mgmt-keyvault==10.2.2 -azure-mgmt-loganalytics==13.0.0b6 -azure-mgmt-monitor==6.0.1 -azure-mgmt-msi==7.0.0 -azure-mgmt-network==23.0.0b2 -azure-mgmt-resource==23.0.1 -azure-mgmt-storage==21.0.0 -azure-mgmt-subscription==3.1.1 -azure-monitor-query==1.2.0 -azure-storage-blob==12.16.0 -bcrypt==4.0.1 -boto3==1.27.0 -botocore==1.30.0 -cachetools==5.3.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -cryptography==41.0.1 -cursor==1.3.5 -fastapi==0.99.1 -file-read-backwards==3.0.0 -filelock==3.12.2 -git-url-parse==1.2.2 -gitdb==4.0.10 -gitpython==3.1.31 -google-api-core==2.11.1 -google-api-python-client==2.91.0 -google-auth==2.21.0 -google-auth-httplib2==0.1.0 -google-cloud-appengine-logging==1.3.0 -google-cloud-audit-log==0.2.5 -google-cloud-compute==1.11.0 -google-cloud-core==2.3.2 -google-cloud-logging==3.5.0 -google-cloud-secret-manager==2.16.1 -google-cloud-storage==2.10.0 -google-crc32c==1.5.0 -google-resumable-media==2.5.0 -googleapis-common-protos==1.59.1 -grpc-google-iam-v1==0.12.6 -grpcio==1.56.0 -grpcio-status==1.56.0 -h11==0.14.0 -httplib2==0.22.0 -idna==3.4 -isodate==0.6.1 -jmespath==1.0.1 -jsonschema==4.17.3 -mako==1.2.4 -markdown-it-py==3.0.0 -markupsafe==2.1.3 -mdurl==0.1.2 -msal==1.22.0 -msal-extensions==1.0.0 -msrest==0.7.1 -msrestazure==0.6.4 -oauthlib==3.2.2 -packaging==23.1 -paramiko==3.2.0 -pbr==5.11.1 -portalocker==2.7.0 -proto-plus==1.22.3 -psutil==5.9.5 -py-cpuinfo==9.0.0 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pydantic==1.10.11 -pygtail==0.14.0 -pyjwt==2.7.0 -pynacl==1.5.0 -pyparsing==3.1.0 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -pytz==2023.3 -requests==2.31.0 -requests-oauthlib==1.3.1 -rich==13.4.2 -rich-argparse==1.2.0 -rsa==4.9 -s3transfer==0.6.1 -simple-term-menu==1.6.1 -smmap==5.0.0 -sniffio==1.3.0 -sqlalchemy==2.0.17 -starlette==0.27.0 -tqdm==4.65.0 -tzlocal==5.0.1 -uritemplate==4.1.1 -urllib3==1.26.16 -uvicorn==0.22.0 -watchfiles==0.19.0 -websocket-client==1.6.1 diff --git a/requirements/dunamai-requirements.txt b/requirements/dunamai-requirements.txt deleted file mode 100644 index 4a8dba6c..00000000 --- a/requirements/dunamai-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -packaging==23.1 diff --git a/requirements/duplicity-requirements.txt b/requirements/duplicity-requirements.txt deleted file mode 100644 index fa7ac196..00000000 --- a/requirements/duplicity-requirements.txt +++ /dev/null @@ -1,84 +0,0 @@ -args==0.1.0 -attrs==23.1.0 -azure-core==1.27.1 -azure-storage-blob==12.16.0 -b2sdk==1.21.0 -bcrypt==4.0.1 -boto==2.49.0 -boto3==1.26.154 -botocore==1.29.154 -boxsdk==3.7.2 -cachetools==5.3.1 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -clint==0.5.1 -cryptography==41.0.1 -debtcollector==2.5.0 -dropbox==11.36.2 -ecdsa==0.18.0 -fasteners==0.18 -future==0.18.3 -gdata-python3==3.0.1 -google-api-core==2.11.1 -google-api-python-client==2.89.0 -google-auth==2.20.0 -google-auth-httplib2==0.1.0 -google-auth-oauthlib==1.0.0 -googleapis-common-protos==1.59.1 -httplib2==0.22.0 -humanize==4.6.0 -idna==3.4 -importlib-metadata==6.6.0 -iso8601==2.0.0 -isodate==0.6.1 -jaraco.classes==3.2.3 -jmespath==1.0.1 -jottalib==0.5.1 -keyring==23.13.1 -keystoneauth1==5.2.0 -logfury==1.0.1 -lxml==4.9.2 -megatools==0.0.4 -more-itertools==9.1.0 -msgpack==1.0.5 -netaddr==0.8.0 -netifaces==0.11.0 -oauth2client==4.1.3 -oauthlib==3.2.2 -os-service-types==1.7.0 -oslo.config==9.1.1 -oslo.i18n==6.0.0 -oslo.serialization==5.1.1 -oslo.utils==6.1.0 -packaging==23.1 -paramiko==3.2.0 -pbr==5.11.1 -pexpect==4.8.0 -ply==3.11 -psutil==5.9.5 -ptyprocess==0.7.0 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -PyDrive2==1.15.4 -PyJWT==2.7.0 -PyNaCl==1.5.0 -pyOpenSSL==23.2.0 -pyparsing==3.0.9 -python-dateutil==2.8.2 -python-keystoneclient==5.1.0 -python-swiftclient==4.3.0 -pytz==2023.3 -requests==2.31.0 -requests-oauthlib==1.3.1 -requests-toolbelt==1.0.0 -rfc3986==2.0.0 -rsa==4.9 -s3transfer==0.6.1 -stevedore==5.1.0 -tlslite-ng==0.7.6 -tqdm==4.65.0 -uritemplate==4.1.1 -urllib3==1.26.16 -wrapt==1.15.0 -zipp==3.15.0 diff --git a/requirements/dvc-requirements.txt b/requirements/dvc-requirements.txt deleted file mode 100644 index 8d89e143..00000000 --- a/requirements/dvc-requirements.txt +++ /dev/null @@ -1,145 +0,0 @@ -adlfs==2023.4.0 -aiobotocore==2.5.1 -aiohttp==3.8.4 -aiohttp-retry==2.8.3 -aioitertools==0.11.0 -aiosignal==1.3.1 -aliyun-python-sdk-core==2.13.36 -aliyun-python-sdk-kms==2.16.1 -amqp==5.1.1 -antlr4-python3-runtime==4.9.3 -anyio==3.7.0 -appdirs==1.4.4 -argcomplete==3.1.1 -async-timeout==4.0.2 -asyncssh==2.13.2 -atpublic==4.0 -attrs==23.1.0 -azure-core==1.27.1 -azure-datalake-store==0.0.53 -azure-identity==1.13.0 -azure-storage-blob==12.16.0 -bcrypt==4.0.1 -billiard==4.1.0 -boto3==1.26.161 -botocore==1.29.161 -cachetools==5.3.1 -celery==5.3.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-didyoumean==0.3.0 -click-plugins==1.1.1 -click-repl==0.3.0 -colorama==0.4.6 -configobj==5.0.8 -crcmod==1.7 -cryptography==41.0.1 -decorator==5.1.1 -dictdiffer==0.9.0 -diskcache==5.6.1 -distro==1.8.0 -dpath==2.1.6 -dulwich==0.21.5 -dvc-azure==2.22.0 -dvc-data==2.3.3 -dvc-gdrive==2.20.0 -dvc-gs==2.22.1 -dvc-hdfs==2.19.0 -dvc-http==2.30.2 -dvc-objects==0.23.0 -dvc-oss==2.19.0 -dvc-render==0.5.3 -dvc-s3==2.23.0 -dvc-ssh==2.22.1 -dvc-studio-client==0.11.0 -dvc-task==0.3.0 -dvc-webdav==2.19.1 -dvc-webhdfs==2.19.0 -filelock==3.12.2 -flatten-dict==0.4.2 -flufl-lock==7.1.1 -frozenlist==1.3.3 -fsspec==2023.6.0 -funcy==2.0 -gcsfs==2023.6.0 -gitdb==4.0.10 -gitpython==3.1.31 -google-api-core==2.11.1 -google-api-python-client==2.91.0 -google-auth==2.21.0 -google-auth-httplib2==0.1.0 -google-auth-oauthlib==1.0.0 -google-cloud-core==2.3.2 -google-cloud-storage==2.10.0 -google-crc32c==1.5.0 -google-resumable-media==2.5.0 -googleapis-common-protos==1.59.1 -grandalf==0.8 -h11==0.14.0 -httpcore==0.17.2 -httplib2==0.22.0 -httpx==0.24.1 -hydra-core==1.3.2 -idna==3.4 -isodate==0.6.1 -iterative-telemetry==0.0.8 -jmespath==0.10.0 -knack==0.10.1 -kombu==5.3.1 -markdown-it-py==3.0.0 -mdurl==0.1.2 -msal==1.22.0 -msal-extensions==1.0.0 -multidict==6.0.4 -nanotime==0.5.2 -networkx==3.1 -oauth2client==4.1.3 -oauthlib==3.2.2 -omegaconf==2.3.0 -orjson==3.9.1 -oss2==2.18.0 -ossfs==2021.8.0 -packaging==23.1 -pathspec==0.11.1 -platformdirs==3.8.0 -portalocker==2.7.0 -prompt-toolkit==3.0.38 -psutil==5.9.5 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pycryptodome==3.18.0 -pydot==1.4.2 -pydrive2==1.16.0 -pygtrie==2.5.0 -pyjwt==2.7.0 -pyopenssl==23.2.0 -pyparsing==3.1.0 -python-dateutil==2.8.2 -requests==2.31.0 -requests-oauthlib==1.3.1 -rich==13.4.2 -rsa==4.9 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -s3fs==2023.6.0 -s3transfer==0.6.1 -scmrepo==1.0.4 -shortuuid==1.0.11 -shtab==1.6.2 -smmap==5.0.0 -sniffio==1.3.0 -sqltrie==0.7.0 -sshfs==2023.4.1 -tomlkit==0.11.8 -tqdm==4.65.0 -tzdata==2023.3 -uritemplate==4.1.1 -urllib3==1.26.16 -vine==5.0.0 -voluptuous==0.13.1 -wcwidth==0.2.6 -webdav4==0.9.8 -wrapt==1.15.0 -yarl==1.9.2 -zc-lockfile==3.0.post1 diff --git a/requirements/dxpy-requirements.txt b/requirements/dxpy-requirements.txt deleted file mode 100644 index fc56e2fd..00000000 --- a/requirements/dxpy-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -argcomplete==3.1.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cryptography==40.0.2 -idna==3.4 -psutil==5.9.5 -python-dateutil==2.8.2 -requests==2.28.2 -urllib3==1.26.16 -websocket-client==0.54.0 diff --git a/requirements/enex2notion-requirements.txt b/requirements/enex2notion-requirements.txt deleted file mode 100644 index d9c2dcda..00000000 --- a/requirements/enex2notion-requirements.txt +++ /dev/null @@ -1,24 +0,0 @@ -beautifulsoup4==4.12.2 -bs4==0.0.1 -cached-property==1.5.2 -certifi==2022.12.7 -charset-normalizer==3.1.0 -commonmark==0.9.1 -dictdiffer==0.9.0 -idna==3.4 -notion-vzhd1701-fork==0.0.37 -pdfkit==1.0.0 -python-dateutil==2.8.2 -python-slugify==6.1.2 -pytz-deprecation-shim==0.1.0.post0 -ratelimit==2.2.1 -requests==2.28.2 -soupsieve==2.4.1 -text-unidecode==1.3 -tinycss2==1.2.1 -tqdm==4.65.0 -tzdata==2023.3 -tzlocal==4.3 -urllib3==1.26.15 -w3lib==1.22.0 -webencodings==0.5.1 diff --git a/requirements/eralchemy-requirements.txt b/requirements/eralchemy-requirements.txt deleted file mode 100644 index 181ed7b2..00000000 --- a/requirements/eralchemy-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -psycopg2==2.8.6 -pygraphviz==1.6 -SQLAlchemy==1.3.20 diff --git a/requirements/esphome-requirements.txt b/requirements/esphome-requirements.txt deleted file mode 100644 index 96bb9ee9..00000000 --- a/requirements/esphome-requirements.txt +++ /dev/null @@ -1,40 +0,0 @@ -aioesphomeapi==14.0.0 -aiofiles==23.1.0 -ajsonrpc==1.2.0 -anyio==3.7.0 -async-timeout==4.0.2 -bitstring==4.0.2 -bottle==0.12.25 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.6 -cryptography==41.0.1 -ecdsa==0.18.0 -esphome-dashboard==20230621.0 -esptool==4.6 -h11==0.14.0 -idna==3.4 -ifaddr==0.2.0 -kconfiglib==13.7.1 -marshmallow==3.19.0 -noiseprotocol==0.3.1 -packaging==23.1 -paho-mqtt==1.6.1 -platformio==6.1.7 -pyelftools==0.29 -pyparsing==3.1.0 -pyserial==3.5 -reedsolo==1.7.0 -requests==2.31.0 -semantic-version==2.10.0 -sniffio==1.3.0 -starlette==0.26.1 -tornado==6.3.2 -tzdata==2023.3 -tzlocal==5.0.1 -urllib3==1.26.16 -uvicorn==0.22.0 -voluptuous==0.13.1 -wsproto==1.2.0 -zeroconf==0.63.0 diff --git a/requirements/esptool-requirements.txt b/requirements/esptool-requirements.txt deleted file mode 100644 index de725016..00000000 --- a/requirements/esptool-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -bitstring==4.0.2 -cryptography==41.0.1 -ecdsa==0.18.0 -pyserial==3.5 -reedsolo==1.7.0 diff --git a/requirements/euler-py-requirements.txt b/requirements/euler-py-requirements.txt deleted file mode 100644 index 87d7a421..00000000 --- a/requirements/euler-py-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -click==4.0 diff --git a/requirements/evernote-backup-requirements.txt b/requirements/evernote-backup-requirements.txt deleted file mode 100644 index 2b530afd..00000000 --- a/requirements/evernote-backup-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-option-group==0.5.5 -evernote3==1.25.14 -httplib2==0.22.0 -idna==3.4 -oauth2==1.9.0.post1 -oauthlib==3.2.2 -pyparsing==3.0.9 -requests==2.31.0 -requests-oauthlib==1.3.1 -urllib3==2.0.2 -xmltodict==0.13.0 diff --git a/requirements/eye-d3-requirements.txt b/requirements/eye-d3-requirements.txt deleted file mode 100644 index db4f486e..00000000 --- a/requirements/eye-d3-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -coverage==5.3.1 -deprecation==2.1.0 -filetype==1.0.7 -packaging==20.8 -pyparsing==2.4.7 -toml==0.10.2 diff --git a/requirements/fabric-requirements.txt b/requirements/fabric-requirements.txt deleted file mode 100644 index 6da54a87..00000000 --- a/requirements/fabric-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -bcrypt==4.0.1 -cryptography==41.0.1 -decorator==5.1.1 -paramiko==3.2.0 -pynacl==1.5.0 diff --git a/requirements/fava-requirements.txt b/requirements/fava-requirements.txt deleted file mode 100644 index 1857e71e..00000000 --- a/requirements/fava-requirements.txt +++ /dev/null @@ -1,46 +0,0 @@ -babel==2.12.1 -beancount==2.3.5 -beautifulsoup4==4.12.2 -blinker==1.6.2 -bottle==0.12.25 -cachetools==5.3.0 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -cheroot==9.0.0 -click==8.1.3 -flask==2.3.2 -flask-babel==3.1.0 -google-api-core==2.11.0 -google-api-python-client==2.86.0 -google-auth==2.18.1 -google-auth-httplib2==0.1.0 -googleapis-common-protos==1.59.0 -httplib2==0.22.0 -idna==3.4 -iniconfig==2.0.0 -itsdangerous==2.1.2 -jaraco-functools==3.6.0 -jinja2==3.1.2 -lxml==4.9.2 -markdown2==2.4.8 -markupsafe==2.1.2 -more-itertools==9.1.0 -packaging==23.1 -pluggy==1.0.0 -ply==3.11 -protobuf==4.23.1 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pyparsing==3.0.9 -pytest==7.3.1 -python-dateutil==2.8.2 -python-magic==0.4.27 -pytz==2023.3 -requests==2.31.0 -rsa==4.9 -simplejson==3.19.1 -soupsieve==2.4.1 -uritemplate==4.1.1 -urllib3==1.26.16 -werkzeug==2.3.4 diff --git a/requirements/fb-client-requirements.txt b/requirements/fb-client-requirements.txt deleted file mode 100644 index 5b90a9c7..00000000 --- a/requirements/fb-client-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -pycurl==7.45.1 -pyxdg==0.28 diff --git a/requirements/fdroidserver-requirements.txt b/requirements/fdroidserver-requirements.txt deleted file mode 100644 index af89637c..00000000 --- a/requirements/fdroidserver-requirements.txt +++ /dev/null @@ -1,37 +0,0 @@ -androguard==3.3.5 -apache-libcloud==3.7.0 -args==0.1.0 -asn1crypto==1.5.1 -bcrypt==4.0.1 -certifi==2022.12.7 -charset-normalizer==3.1.0 -click==8.1.3 -clint==0.5.1 -colorama==0.4.6 -contourpy==1.0.7 -cryptography==39.0.2 -cycler==0.11.0 -defusedxml==0.7.1 -gitdb==4.0.10 -GitPython==3.1.31 -idna==3.4 -kiwisolver==1.4.4 -lxml==4.9.2 -matplotlib==3.7.1 -networkx==3.0 -packaging==23.0 -paramiko==3.0.0 -pyasn1==0.4.8 -pyasn1-modules==0.2.8 -pydot==1.4.2 -PyNaCl==1.5.0 -pyparsing==3.0.9 -pypng==0.20220715.0 -python-dateutil==2.8.2 -python-vagrant==1.0.0 -qrcode==7.4.2 -requests==2.28.2 -ruamel.yaml==0.17.21 -smmap==5.0.0 -urllib3==1.26.14 -wheel==0.38.4 diff --git a/requirements/flake8-requirements.txt b/requirements/flake8-requirements.txt deleted file mode 100644 index eef47824..00000000 --- a/requirements/flake8-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -mccabe==0.7.0 -pycodestyle==2.10.0 -pyflakes==3.0.0 diff --git a/requirements/flintrock-requirements.txt b/requirements/flintrock-requirements.txt deleted file mode 100644 index 287ca314..00000000 --- a/requirements/flintrock-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -bcrypt==4.0.1 -boto3==1.17.90 -botocore==1.20.90 -click==7.0 -cryptography==41.0.1 -jmespath==0.10.0 -paramiko==2.7.2 -pynacl==1.5.0 -python-dateutil==2.8.2 -pyyaml==5.4.1 -s3transfer==0.4.2 -urllib3==1.26.16 diff --git a/requirements/flit-requirements.txt b/requirements/flit-requirements.txt deleted file mode 100644 index 8603bbf6..00000000 --- a/requirements/flit-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -flit-core==3.9.0 -idna==3.4 -requests==2.31.0 -tomli-w==1.0.0 -urllib3==2.0.2 diff --git a/requirements/fobis-requirements.txt b/requirements/fobis-requirements.txt deleted file mode 100644 index 02c8fae7..00000000 --- a/requirements/fobis-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -configparser==5.3.0 -future==0.18.3 diff --git a/requirements/fonttools-requirements.txt b/requirements/fonttools-requirements.txt deleted file mode 100644 index 73f0cee0..00000000 --- a/requirements/fonttools-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -brotli==1.0.9 diff --git a/requirements/ford-requirements.txt b/requirements/ford-requirements.txt deleted file mode 100644 index b9f59b7b..00000000 --- a/requirements/ford-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -beautifulsoup4==4.12.2 -graphviz==0.20.1 -jinja2==3.1.2 -markdown==3.4.3 -markdown-include==0.7.2 -markupsafe==2.1.2 -python-markdown-math==0.8 -soupsieve==2.4.1 -toposort==1.7 -tqdm==4.64.1 diff --git a/requirements/fortls-requirements.txt b/requirements/fortls-requirements.txt deleted file mode 100644 index fd2e7be3..00000000 --- a/requirements/fortls-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -json5==0.9.10 -packaging==21.3 -pyparsing==3.0.9 diff --git a/requirements/fred-requirements.txt b/requirements/fred-requirements.txt deleted file mode 100644 index 9c3ce122..00000000 --- a/requirements/fred-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/gallery-dl-requirements.txt b/requirements/gallery-dl-requirements.txt deleted file mode 100644 index cf89e54d..00000000 --- a/requirements/gallery-dl-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -urllib3==2.0.3 diff --git a/requirements/gcalcli-requirements.txt b/requirements/gcalcli-requirements.txt deleted file mode 100644 index 5bd99988..00000000 --- a/requirements/gcalcli-requirements.txt +++ /dev/null @@ -1,21 +0,0 @@ -cachetools==5.3.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -google-api-core==2.11.0 -google-api-python-client==2.86.0 -google-auth==2.18.1 -google-auth-httplib2==0.1.0 -googleapis-common-protos==1.59.0 -httplib2==0.22.0 -idna==3.4 -oauth2client==4.1.3 -parsedatetime==2.6 -protobuf==4.23.1 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pyparsing==3.0.9 -python-dateutil==2.8.2 -requests==2.31.0 -rsa==4.9 -uritemplate==4.1.1 -urllib3==1.26.16 diff --git a/requirements/gcovr-requirements.txt b/requirements/gcovr-requirements.txt deleted file mode 100644 index a96db2e9..00000000 --- a/requirements/gcovr-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Jinja2==3.1.2 -lxml==4.9.2 -MarkupSafe==2.1.2 diff --git a/requirements/gi-docgen-requirements.txt b/requirements/gi-docgen-requirements.txt deleted file mode 100644 index 42a31694..00000000 --- a/requirements/gi-docgen-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -Jinja2==3.1.2 -Markdown==3.4.1 -MarkupSafe==2.1.1 -toml==0.10.2 -typogrify==2.0.7 diff --git a/requirements/gimme-aws-creds-requirements.txt b/requirements/gimme-aws-creds-requirements.txt deleted file mode 100644 index 361c77ab..00000000 --- a/requirements/gimme-aws-creds-requirements.txt +++ /dev/null @@ -1,28 +0,0 @@ -beautifulsoup4==4.12.2 -boto3==1.26.161 -botocore==1.29.161 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cryptography==41.0.1 -ctap-keyring-device==1.0.6 -fido2==0.9.3 -idna==3.4 -importlib-metadata==6.7.0 -jaraco-classes==3.2.3 -jeepney==0.8.0 -jmespath==1.0.1 -keyring==24.2.0 -more-itertools==9.1.0 -okta==0.0.4 -pyjwt==2.7.0 -pyobjc-core==9.2 -pyobjc-framework-cocoa==9.2 -pyobjc-framework-localauthentication==9.2 -pyobjc-framework-security==9.2 -python-dateutil==2.8.2 -requests==2.31.0 -s3transfer==0.6.1 -secretstorage==3.3.3 -soupsieve==2.4.1 -urllib3==1.26.16 -zipp==3.15.0 diff --git a/requirements/git-cola-requirements.txt b/requirements/git-cola-requirements.txt deleted file mode 100644 index 559f1fac..00000000 --- a/requirements/git-cola-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -packaging==23.0 -pyparsing==3.0.9 -QtPy==2.3.1 diff --git a/requirements/git-delete-merged-branches-requirements.txt b/requirements/git-delete-merged-branches-requirements.txt deleted file mode 100644 index 835cd21a..00000000 --- a/requirements/git-delete-merged-branches-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -colorama==0.4.6 -prompt-toolkit==3.0.36 -wcwidth==0.2.5 diff --git a/requirements/git-remote-codecommit-requirements.txt b/requirements/git-remote-codecommit-requirements.txt deleted file mode 100644 index abf3767c..00000000 --- a/requirements/git-remote-codecommit-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -botocore==1.29.36 -jmespath==1.0.1 -python-dateutil==2.8.2 -urllib3==1.26.13 diff --git a/requirements/git-review-requirements.txt b/requirements/git-review-requirements.txt deleted file mode 100644 index 8095b7e9..00000000 --- a/requirements/git-review-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/gitless-requirements.txt b/requirements/gitless-requirements.txt deleted file mode 100644 index 5bbf94df..00000000 --- a/requirements/gitless-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -args==0.1.0 -clint==0.5.1 -sh==1.12.14 diff --git a/requirements/gitlint-requirements.txt b/requirements/gitlint-requirements.txt deleted file mode 100644 index 1b633c78..00000000 --- a/requirements/gitlint-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -arrow==1.2.3 -click==8.1.3 -python-dateutil==2.8.2 -sh==2.0.2 diff --git a/requirements/gitup-requirements.txt b/requirements/gitup-requirements.txt deleted file mode 100644 index 07969c0c..00000000 --- a/requirements/gitup-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -colorama==0.4.6 -gitdb==4.0.10 -GitPython==3.1.30 -smmap==5.0.0 diff --git a/requirements/glances-requirements.txt b/requirements/glances-requirements.txt deleted file mode 100644 index c0b8815f..00000000 --- a/requirements/glances-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -defusedxml==0.7.1 -packaging==23.1 -psutil==5.9.5 -ujson==5.7.0 diff --git a/requirements/gnuradio-requirements.txt b/requirements/gnuradio-requirements.txt deleted file mode 100644 index f27e9284..00000000 --- a/requirements/gnuradio-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -Cheetah3==3.2.6 -click==8.1.3 -click-plugins==1.1.1 -Mako==1.2.4 -packaging==23.0 -markupsafe==2.1.2 diff --git a/requirements/goolabs-requirements.txt b/requirements/goolabs-requirements.txt deleted file mode 100644 index 9c3ce122..00000000 --- a/requirements/goolabs-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/graph-tool-requirements.txt b/requirements/graph-tool-requirements.txt deleted file mode 100644 index 6061c9b3..00000000 --- a/requirements/graph-tool-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -contourpy==1.0.7 -cycler==0.11.0 -kiwisolver==1.4.4 -matplotlib==3.7.1 -packaging==23.1 -pyparsing==3.1.0 -python-dateutil==2.8.2 -zstandard==0.21.0 diff --git a/requirements/grayskull-requirements.txt b/requirements/grayskull-requirements.txt deleted file mode 100644 index 6307873d..00000000 --- a/requirements/grayskull-requirements.txt +++ /dev/null @@ -1,21 +0,0 @@ -beautifulsoup4==4.12.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorama==0.4.6 -conda-souschef==2.2.3 -idna==3.4 -packaging==23.1 -pkginfo==1.9.6 -progressbar2==4.2.0 -python-utils==3.5.2 -rapidfuzz==3.0.0 -requests==2.31.0 -ruamel-yaml==0.17.28 -ruamel-yaml-clib==0.2.7 -ruamel-yaml-jinja2==0.2.7 -semver==3.0.0 -soupsieve==2.4.1 -stdlib-list==0.8.0 -tomli==2.0.1 -tomli-w==1.0.0 -urllib3==2.0.2 diff --git a/requirements/grip-requirements.txt b/requirements/grip-requirements.txt deleted file mode 100644 index 6afcecf2..00000000 --- a/requirements/grip-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -blinker==1.6.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -docopt==0.6.2 -flask==2.3.2 -idna==3.4 -itsdangerous==2.1.2 -jinja2==3.1.2 -markdown==3.4.3 -markupsafe==2.1.2 -path-and-address==2.0.1 -requests==2.31.0 -urllib3==2.0.2 -werkzeug==2.3.4 diff --git a/requirements/grokmirror-requirements.txt b/requirements/grokmirror-requirements.txt deleted file mode 100644 index 8095b7e9..00000000 --- a/requirements/grokmirror-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/gtk-doc-requirements.txt b/requirements/gtk-doc-requirements.txt deleted file mode 100644 index bb70ed8c..00000000 --- a/requirements/gtk-doc-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -anytree==2.8.0 -lxml==4.9.2 diff --git a/requirements/gyb-requirements.txt b/requirements/gyb-requirements.txt deleted file mode 100644 index 4c081ec4..00000000 --- a/requirements/gyb-requirements.txt +++ /dev/null @@ -1,25 +0,0 @@ -httplib2==0.21.0 -google-api-python-client==2.73.0 -google-auth==2.16.0 -google-auth-httplib2==0.1.0 -google-auth-oauthlib==0.8.0 -altgraph==0.17.3 -cachetools==5.2.0 -certifi==2022.12.7 -charset-normalizer==2.1.1 -google-api-core==2.11.0 -googleapis-common-protos==1.57.0 -idna==3.4 -macholib==1.16.2 -oauthlib==3.2.2 -protobuf==3.20.3 -pyasn1==0.4.2 -pyasn1-modules==0.2.1 -pyinstaller==5.7.0 -pyinstaller-hooks-contrib==2022.15 -pyparsing==3.0.9 -requests==2.28.1 -requests-oauthlib==1.2.0 -rsa==4.9 -uritemplate==4.1.1 -urllib3==1.26.13 diff --git a/requirements/hatch-requirements.txt b/requirements/hatch-requirements.txt deleted file mode 100644 index a07275a8..00000000 --- a/requirements/hatch-requirements.txt +++ /dev/null @@ -1,34 +0,0 @@ -anyio==3.6.2 -certifi==2022.12.7 -click==8.1.3 -distlib==0.3.6 -editables==0.3 -filelock==3.10.7 -h11==0.14.0 -hatchling==1.14.0 -httpcore==0.16.3 -httpx==0.23.3 -hyperlink==21.0.0 -idna==3.4 -importlib-metadata==6.1.0 -jaraco.classes==3.2.3 -keyring==23.13.1 -markdown-it-py==2.2.0 -mdurl==0.1.2 -more-itertools==9.1.0 -packaging==23.0 -pathspec==0.11.1 -pexpect==4.8.0 -platformdirs==3.2.0 -pluggy==1.0.0 -ptyprocess==0.7.0 -pyperclip==1.8.2 -rfc3986==1.5.0 -rich==13.3.3 -shellingham==1.5.0.post1 -sniffio==1.3.0 -tomli-w==1.0.0 -tomlkit==0.11.7 -trove-classifiers==2023.3.9 -userpath==1.8.0 -zipp==3.15.0 diff --git a/requirements/homeassistant-cli-requirements.txt b/requirements/homeassistant-cli-requirements.txt deleted file mode 100644 index b920df82..00000000 --- a/requirements/homeassistant-cli-requirements.txt +++ /dev/null @@ -1,29 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-log==0.4.0 -dateparser==0.7.6 -decorator==5.1.1 -frozenlist==1.3.3 -idna==3.4 -ifaddr==0.2.0 -jinja2==3.1.2 -jsonpath-ng==1.5.3 -markupsafe==2.1.3 -multidict==6.0.4 -netdisco==3.0.0 -ply==3.11 -python-dateutil==2.8.2 -pytz==2023.3 -regex==2023.6.3 -requests==2.31.0 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -tzlocal==5.0.1 -urllib3==2.0.3 -yarl==1.9.2 -zeroconf==0.70.0 diff --git a/requirements/howdoi-requirements.txt b/requirements/howdoi-requirements.txt deleted file mode 100644 index 1fee0bfe..00000000 --- a/requirements/howdoi-requirements.txt +++ /dev/null @@ -1,23 +0,0 @@ -appdirs==1.4.4 -cachelib==0.10.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.6 -cryptography==41.0.1 -cssselect==1.2.0 -deprecated==1.2.14 -idna==3.4 -keep==2.10.1 -lxml==4.9.2 -markdown-it-py==2.2.0 -mdurl==0.1.2 -pygithub==1.58.2 -pyjwt==2.7.0 -pynacl==1.5.0 -pyquery==2.0.0 -requests==2.31.0 -rich==13.4.1 -terminaltables==3.1.10 -urllib3==2.0.2 -wrapt==1.15.0 diff --git a/requirements/http-prompt-requirements.txt b/requirements/http-prompt-requirements.txt deleted file mode 100644 index 6d7552b0..00000000 --- a/requirements/http-prompt-requirements.txt +++ /dev/null @@ -1,18 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -defusedxml==0.7.1 -httpie==3.2.2 -idna==3.4 -markdown-it-py==2.2.0 -mdurl==0.1.2 -multidict==6.0.4 -parsimonious==0.10.0 -prompt-toolkit==1.0.18 -pysocks==1.7.1 -regex==2023.5.5 -requests==2.31.0 -requests-toolbelt==1.0.0 -rich==13.3.5 -urllib3==2.0.2 -wcwidth==0.2.6 diff --git a/requirements/httpie-requirements.txt b/requirements/httpie-requirements.txt deleted file mode 100644 index e281b47e..00000000 --- a/requirements/httpie-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -defusedxml==0.7.1 -idna==3.4 -markdown-it-py==2.2.0 -mdurl==0.1.2 -multidict==6.0.4 -pysocks==1.7.1 -requests==2.31.0 -requests-toolbelt==1.0.0 -rich==13.3.5 -urllib3==2.0.2 diff --git a/requirements/huggingface-cli-requirements.txt b/requirements/huggingface-cli-requirements.txt deleted file mode 100644 index f4ca6c40..00000000 --- a/requirements/huggingface-cli-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -filelock==3.12.2 -fsspec==2023.6.0 -idna==3.4 -packaging==23.1 -requests==2.31.0 -tqdm==4.65.0 -urllib3==2.0.3 diff --git a/requirements/hy-requirements.txt b/requirements/hy-requirements.txt deleted file mode 100644 index 8af787f1..00000000 --- a/requirements/hy-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -funcparserlib==1.0.1 diff --git a/requirements/instalooter-requirements.txt b/requirements/instalooter-requirements.txt deleted file mode 100644 index babad8be..00000000 --- a/requirements/instalooter-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -appdirs==1.4.4 -certifi==2023.5.7 -charset-normalizer==3.1.0 -coloredlogs==14.3 -docopt==0.6.2 -fs==2.4.16 -humanfriendly==10.0 -idna==3.4 -python-dateutil==2.8.2 -requests==2.31.0 -tenacity==6.3.1 -tqdm==4.65.0 -urllib3==2.0.2 -verboselogs==1.7 diff --git a/requirements/internetarchive-requirements.txt b/requirements/internetarchive-requirements.txt deleted file mode 100644 index 5122b95c..00000000 --- a/requirements/internetarchive-requirements.txt +++ /dev/null @@ -1,11 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -contextlib2==21.6.0 -docopt==0.6.2 -idna==3.4 -jsonpatch==1.32 -jsonpointer==2.3 -requests==2.31.0 -schema==0.7.5 -tqdm==4.65.0 -urllib3==2.0.2 diff --git a/requirements/ipython-requirements.txt b/requirements/ipython-requirements.txt deleted file mode 100644 index 1afb55e2..00000000 --- a/requirements/ipython-requirements.txt +++ /dev/null @@ -1,16 +0,0 @@ -appnope==0.1.3 -asttokens==2.2.1 -backcall==0.2.0 -decorator==5.1.1 -executing==1.2.0 -jedi==0.18.2 -matplotlib-inline==0.1.6 -parso==0.8.3 -pexpect==4.8.0 -pickleshare==0.7.5 -prompt-toolkit==3.0.38 -ptyprocess==0.7.0 -pure-eval==0.2.2 -stack-data==0.6.2 -traitlets==5.9.0 -wcwidth==0.2.6 diff --git a/requirements/iredis-requirements.txt b/requirements/iredis-requirements.txt deleted file mode 100644 index a3bd28bb..00000000 --- a/requirements/iredis-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -click==7.1.2 -configobj==5.0.8 -importlib-resources==5.12.0 -mistune==2.0.5 -packaging==21.3 -pendulum==2.1.2 -prompt-toolkit==3.0.39 -pyparsing==3.1.0 -python-dateutil==2.8.2 -pytzdata==2020.1 -redis==4.6.0 -wcwidth==0.1.9 diff --git a/requirements/jc-requirements.txt b/requirements/jc-requirements.txt deleted file mode 100644 index 8b243fa5..00000000 --- a/requirements/jc-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -xmltodict==0.13.0 diff --git a/requirements/jenkins-job-builder-requirements.txt b/requirements/jenkins-job-builder-requirements.txt deleted file mode 100644 index 96a54f9f..00000000 --- a/requirements/jenkins-job-builder-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -certifi==2022.12.7 -charset-normalizer==3.0.1 -fasteners==0.18 -idna==3.4 -Jinja2==3.1.2 -MarkupSafe==2.1.2 -multi_key_dict==2.0.3 -pbr==5.11.1 -python-jenkins==1.7.0 -requests==2.28.2 -stevedore==5.0.0 -urllib3==1.26.14 diff --git a/requirements/jinja2-cli-requirements.txt b/requirements/jinja2-cli-requirements.txt deleted file mode 100644 index 3dc4bef1..00000000 --- a/requirements/jinja2-cli-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -Jinja2==3.1.2 -MarkupSafe==2.1.1 -toml==0.10.2 -xmltodict==0.13.0 diff --git a/requirements/johnnydep-requirements.txt b/requirements/johnnydep-requirements.txt deleted file mode 100644 index 47a3204a..00000000 --- a/requirements/johnnydep-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -anytree==2.8.0 -cachetools==5.3.1 -oyaml==1.0 -packaging==23.1 -structlog==23.1.0 -toml==0.10.2 -wheel==0.40.0 -wimpy==0.6 diff --git a/requirements/jrnl-requirements.txt b/requirements/jrnl-requirements.txt deleted file mode 100644 index 91dfaec5..00000000 --- a/requirements/jrnl-requirements.txt +++ /dev/null @@ -1,18 +0,0 @@ -ansiwrap==0.8.4 -colorama==0.4.6 -cryptography==41.0.1 -importlib-metadata==6.7.0 -jaraco-classes==3.2.3 -keyring==24.0.0 -markdown-it-py==3.0.0 -mdurl==0.1.2 -more-itertools==9.1.0 -parsedatetime==2.6 -python-dateutil==2.8.2 -pyxdg==0.28 -rich==13.4.2 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -textwrap3==0.9.2 -tzlocal==5.0.1 -zipp==3.15.0 diff --git a/requirements/jupyterlab-requirements.txt b/requirements/jupyterlab-requirements.txt deleted file mode 100644 index 8540c09c..00000000 --- a/requirements/jupyterlab-requirements.txt +++ /dev/null @@ -1,66 +0,0 @@ -anyio==3.7.0 -argon2-cffi==21.3.0 -argon2-cffi-bindings==21.2.0 -arrow==1.2.3 -async-lru==2.0.2 -attrs==23.1.0 -babel==2.12.1 -beautifulsoup4==4.12.2 -bleach==6.0.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -comm==0.1.3 -debugpy==1.6.7 -defusedxml==0.7.1 -fastjsonschema==2.17.1 -fqdn==1.5.1 -idna==3.4 -ipykernel==6.23.1 -ipython-genutils==0.2.0 -isoduration==20.11.0 -jinja2==3.1.2 -json5==0.9.14 -jsonpointer==2.3 -jsonschema==4.17.3 -jupyter-client==8.2.0 -jupyter-console==6.6.3 -jupyter-core==5.3.0 -jupyter-events==0.6.3 -jupyter-lsp==2.2.0 -jupyter-server==2.6.0 -jupyter-server-terminals==0.4.4 -jupyterlab-pygments==0.2.2 -jupyterlab-server==2.22.1 -markupsafe==2.1.3 -mistune==2.0.5 -nbclassic==1.0.0 -nbclient==0.8.0 -nbconvert==7.4.0 -nbformat==5.9.0 -nest-asyncio==1.5.6 -notebook==6.5.4 -notebook-shim==0.2.3 -overrides==7.3.1 -packaging==23.1 -pandocfilters==1.5.0 -platformdirs==3.5.1 -prometheus-client==0.17.0 -psutil==5.9.5 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -python-json-logger==2.0.7 -pyzmq==25.1.0 -requests==2.31.0 -rfc3339-validator==0.1.4 -rfc3986-validator==0.1.1 -send2trash==1.8.2 -sniffio==1.3.0 -soupsieve==2.4.1 -terminado==0.17.1 -tinycss2==1.2.1 -tornado==6.3.2 -uri-template==1.2.0 -urllib3==2.0.3 -webcolors==1.13 -webencodings==0.5.1 -websocket-client==1.5.2 diff --git a/requirements/keepassc-requirements.txt b/requirements/keepassc-requirements.txt deleted file mode 100644 index 001003af..00000000 --- a/requirements/keepassc-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -kppy==1.5.2 -pycryptodomex==3.15.0 diff --git a/requirements/keepkey-agent-requirements.txt b/requirements/keepkey-agent-requirements.txt deleted file mode 100644 index 6a245a26..00000000 --- a/requirements/keepkey-agent-requirements.txt +++ /dev/null @@ -1,18 +0,0 @@ -backports.shutil_which==3.5.2 -bech32==1.2.0 -ConfigArgParse==1.5.3 -cryptography==39.0.1 -ecdsa==0.18.0 -hidapi==0.13.1 -keepkey==6.3.1 -libagent==0.14.7 -libusb1==3.0.0 -lockfile==0.12.2 -mnemonic==0.20 -protobuf==4.21.12 -PyMsgBox==1.0.9 -PyNaCl==1.5.0 -python-daemon==2.3.2 -semver==2.13.0 -Unidecode==1.3.6 -wheel==0.38.4 diff --git a/requirements/keyring-requirements.txt b/requirements/keyring-requirements.txt deleted file mode 100644 index c001ee1c..00000000 --- a/requirements/keyring-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -importlib-metadata==6.7.0 -jaraco-classes==3.2.3 -more-itertools==9.1.0 -zipp==3.15.0 diff --git a/requirements/khal-requirements.txt b/requirements/khal-requirements.txt deleted file mode 100644 index abd3b7e0..00000000 --- a/requirements/khal-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -atomicwrites==1.4.1 -click==8.1.3 -click-log==0.4.0 -configobj==5.0.8 -icalendar==5.0.7 -python-dateutil==2.8.2 -pytz==2023.3 -pyxdg==0.28 -tzlocal==5.0.1 -urwid==2.1.2 diff --git a/requirements/khard-requirements.txt b/requirements/khard-requirements.txt deleted file mode 100644 index 0b8e8175..00000000 --- a/requirements/khard-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -atomicwrites==1.4.1 -configobj==5.0.8 -python-dateutil==2.8.2 -ruamel-yaml==0.17.21 -unidecode==1.3.6 -vobject==0.9.6.1 diff --git a/requirements/legit-requirements.txt b/requirements/legit-requirements.txt deleted file mode 100644 index 02e786b1..00000000 --- a/requirements/legit-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -args==0.1.0 -click==8.1.3 -clint==0.5.1 -colorama==0.4.6 -crayons==0.4.0 -gitdb==4.0.10 -GitPython==3.1.30 -smmap==5.0.0 diff --git a/requirements/lexicon-requirements.txt b/requirements/lexicon-requirements.txt deleted file mode 100644 index 66da70aa..00000000 --- a/requirements/lexicon-requirements.txt +++ /dev/null @@ -1,38 +0,0 @@ -attrs==23.1.0 -beautifulsoup4==4.12.2 -boto3==1.26.151 -botocore==1.29.151 -certifi==2023.5.7 -charset-normalizer==3.1.0 -circuitbreaker==1.4.0 -click==8.1.3 -cryptography==39.0.2 -dnspython==2.3.0 -filelock==3.12.1 -idna==3.4 -importlib-metadata==6.6.0 -isodate==0.6.1 -jmespath==1.0.1 -localzone==0.9.8 -lxml==4.9.2 -markdown-it-py==2.2.0 -mdurl==0.1.2 -oci==2.104.1 -platformdirs==3.5.3 -prettytable==3.7.0 -prompt-toolkit==3.0.38 -pyopenssl==23.2.0 -python-dateutil==2.8.2 -pytz==2023.3 -requests==2.31.0 -requests-file==1.5.1 -requests-toolbelt==1.0.0 -rich==13.3.5 -s3transfer==0.6.1 -softlayer==6.1.7 -soupsieve==2.4.1 -tldextract==3.4.4 -urllib3==1.26.16 -wcwidth==0.2.6 -zeep==4.2.1 -zipp==3.15.0 diff --git a/requirements/libplacebo-requirements.txt b/requirements/libplacebo-requirements.txt deleted file mode 100644 index e8b31dbb..00000000 --- a/requirements/libplacebo-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -glad==2.0.4 -jinja==3.1.2 -markupsafe==2.1.2 diff --git a/requirements/linode-cli-requirements.txt b/requirements/linode-cli-requirements.txt deleted file mode 100644 index bcb970d3..00000000 --- a/requirements/linode-cli-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -markdown-it-py==3.0.0 -mdurl==0.1.2 -packaging==23.1 -requests==2.31.0 -rich==13.4.2 -urllib3==1.26.16 diff --git a/requirements/liquidctl-requirements.txt b/requirements/liquidctl-requirements.txt deleted file mode 100644 index 960fbd7f..00000000 --- a/requirements/liquidctl-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -colorlog==6.7.0 -crcmod==1.7 -docopt==0.6.2 -hidapi==0.13.1 -pyusb==1.2.1 diff --git a/requirements/litani-requirements.txt b/requirements/litani-requirements.txt deleted file mode 100644 index 631ef66e..00000000 --- a/requirements/litani-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -jinja2==3.1.2 -markupsafe==2.1.3 diff --git a/requirements/litecli-requirements.txt b/requirements/litecli-requirements.txt deleted file mode 100644 index 76fce9f1..00000000 --- a/requirements/litecli-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -cli-helpers==2.3.0 -click==8.1.3 -configobj==5.0.8 -prompt-toolkit==3.0.38 -sqlparse==0.4.4 -wcwidth==0.2.6 diff --git a/requirements/literate-git-requirements.txt b/requirements/literate-git-requirements.txt deleted file mode 100644 index 76bbf2d4..00000000 --- a/requirements/literate-git-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -docopt==0.6.2 -Jinja2==2.11.3 -markdown2==2.4.3 -MarkupSafe==1.1.1 -Pygments==2.5.2 diff --git a/requirements/localstack-requirements.txt b/requirements/localstack-requirements.txt deleted file mode 100644 index a7a69702..00000000 --- a/requirements/localstack-requirements.txt +++ /dev/null @@ -1,28 +0,0 @@ -cachetools==5.0.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -cryptography==41.0.1 -dill==0.3.2 -dnslib==0.9.23 -dnspython==2.3.0 -ecdsa==0.18.0 -idna==3.4 -localstack-core==2.1.0 -localstack-ext==2.1.0 -markdown-it-py==2.2.0 -mdurl==0.1.2 -pbr==5.11.1 -plux==1.3.2 -psutil==5.9.5 -pyaes==1.6.1 -pyasn1==0.5.0 -python-dotenv==1.0.0 -python-jose==3.3.0 -requests==2.31.0 -rich==13.4.1 -rsa==4.9 -semver==3.0.0 -stevedore==5.1.0 -tailer==0.4.1 -urllib3==2.0.2 diff --git a/requirements/locust-requirements.txt b/requirements/locust-requirements.txt deleted file mode 100644 index 223d87e9..00000000 --- a/requirements/locust-requirements.txt +++ /dev/null @@ -1,25 +0,0 @@ -blinker==1.6.2 -brotli==1.0.9 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -configargparse==1.5.3 -flask==2.3.2 -flask-basicauth==0.2.0 -flask-cors==3.0.10 -gevent==22.10.2 -geventhttpclient==2.0.9 -greenlet==2.0.2 -idna==3.4 -itsdangerous==2.1.2 -jinja2==3.1.2 -markupsafe==2.1.2 -msgpack==1.0.5 -psutil==5.9.5 -pyzmq==25.0.2 -requests==2.31.0 -roundrobin==0.0.4 -urllib3==2.0.2 -werkzeug==2.3.4 -zope-event==4.6 -zope-interface==6.0 diff --git a/requirements/mackup-requirements.txt b/requirements/mackup-requirements.txt deleted file mode 100644 index 1d9dff81..00000000 --- a/requirements/mackup-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -docopt==0.6.2 diff --git a/requirements/magic-wormhole-requirements.txt b/requirements/magic-wormhole-requirements.txt deleted file mode 100644 index bc8b7758..00000000 --- a/requirements/magic-wormhole-requirements.txt +++ /dev/null @@ -1,23 +0,0 @@ -attrs==23.1.0 -autobahn==23.1.2 -automat==22.10.0 -click==8.1.3 -constantly==15.1.0 -cryptography==41.0.1 -hkdf==0.0.3 -humanize==4.6.0 -hyperlink==21.0.0 -idna==3.4 -incremental==22.10.0 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pynacl==1.5.0 -pyopenssl==23.2.0 -service-identity==21.1.0 -spake2==0.8 -tqdm==4.65.0 -twisted==22.10.0 -txaio==23.1.1 -txtorcon==23.5.0 -wheel==0.40.0 -zope-interface==6.0 diff --git a/requirements/mapproxy-requirements.txt b/requirements/mapproxy-requirements.txt deleted file mode 100644 index 9c6a5940..00000000 --- a/requirements/mapproxy-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -certifi==2022.12.7 -pyproj==3.5.0 diff --git a/requirements/mat2-requirements.txt b/requirements/mat2-requirements.txt deleted file mode 100644 index 79026f20..00000000 --- a/requirements/mat2-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -mutagen==1.46.0 diff --git a/requirements/mathlibtools-requirements.txt b/requirements/mathlibtools-requirements.txt deleted file mode 100644 index 22e6ec45..00000000 --- a/requirements/mathlibtools-requirements.txt +++ /dev/null @@ -1,21 +0,0 @@ -atomicwrites==1.4.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -cryptography==41.0.1 -deprecated==1.2.14 -gitdb==4.0.10 -gitpython==3.1.31 -idna==3.4 -networkx==3.1 -pydot==1.4.2 -pygithub==1.58.2 -pyjwt==2.7.0 -pynacl==1.5.0 -pyparsing==3.0.9 -requests==2.31.0 -smmap==5.0.0 -toml==0.10.2 -tqdm==4.65.0 -urllib3==2.0.2 -wrapt==1.15.0 diff --git a/requirements/mavsdk-requirements.txt b/requirements/mavsdk-requirements.txt deleted file mode 100644 index 9f1b0b54..00000000 --- a/requirements/mavsdk-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -future==0.18.3 -Jinja2==3.1.2 -MarkupSafe==2.1.3 diff --git a/requirements/mdv-requirements.txt b/requirements/mdv-requirements.txt deleted file mode 100644 index 61889f0e..00000000 --- a/requirements/mdv-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -Markdown==2.6.11 diff --git a/requirements/mesa-requirements.txt b/requirements/mesa-requirements.txt deleted file mode 100644 index 4e2025db..00000000 --- a/requirements/mesa-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -Mako==1.2.4 -MarkupSafe==2.1.2 diff --git a/requirements/meta-package-manager-requirements.txt b/requirements/meta-package-manager-requirements.txt deleted file mode 100644 index e23cd27b..00000000 --- a/requirements/meta-package-manager-requirements.txt +++ /dev/null @@ -1,40 +0,0 @@ -alabaster==0.7.13 -babel==2.12.1 -beautifulsoup4==4.12.2 -boltons==23.0.0 -bracex==2.3.post1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-extra==3.10.0 -click-log==0.4.0 -cloup==2.1.0 -commentjson==0.9.0 -furo==2023.3.27 -idna==3.4 -imagesize==1.4.1 -jinja2==3.1.2 -lark-parser==0.7.8 -markupsafe==2.1.2 -mergedeep==1.3.4 -packageurl-python==0.11.1 -packaging==23.1 -pallets-sphinx-themes==2.1.0 -pygments-ansi-color==0.2.0 -regex==2022.10.31 -requests==2.31.0 -snowballstemmer==2.2.0 -soupsieve==2.4.1 -sphinx==5.3.0 -sphinx-basic-ng==1.0.0b1 -sphinxcontrib-applehelp==1.0.4 -sphinxcontrib-devhelp==1.0.2 -sphinxcontrib-htmlhelp==2.0.1 -sphinxcontrib-jsmath==1.0.1 -sphinxcontrib-qthelp==1.0.3 -sphinxcontrib-serializinghtml==1.1.5 -tomli-w==1.0.0 -urllib3==2.0.2 -wcmatch==8.4.1 -wcwidth==0.2.6 -xmltodict==0.13.0 diff --git a/requirements/mitmproxy-requirements.txt b/requirements/mitmproxy-requirements.txt deleted file mode 100644 index 4b0899c7..00000000 --- a/requirements/mitmproxy-requirements.txt +++ /dev/null @@ -1,34 +0,0 @@ -asgiref==3.5.2 -brotli==1.0.9 -certifi==2023.5.7 -cffi==1.15.1 -click==8.1.3 -cryptography==38.0.4 -flask==2.2.5 -h11==0.14.0 -h2==4.1.0 -hpack==4.0.0 -hyperframe==6.0.1 -itsdangerous==2.1.2 -jinja2==3.1.2 -kaitaistruct==0.10 -ldap3==2.9.1 -markupsafe==2.1.3 -mitmproxy-wireguard==0.1.23 -msgpack==1.0.5 -passlib==1.7.4 -protobuf==4.23.3 -publicsuffix2==2.20191221 -pyasn1==0.5.0 -pycparser==2.21 -pyopenssl==22.1.0 -pyparsing==3.0.9 -pyperclip==1.8.2 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -sortedcontainers==2.4.0 -tornado==6.3.2 -urwid==2.1.2 -werkzeug==2.3.6 -wsproto==1.2.0 -zstandard==0.19.0 diff --git a/requirements/mkdocs-requirements.txt b/requirements/mkdocs-requirements.txt deleted file mode 100644 index 808a3220..00000000 --- a/requirements/mkdocs-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -click==8.1.3 -ghp-import==2.1.0 -jinja2==3.1.2 -markdown==3.3.7 -markupsafe==2.1.2 -mergedeep==1.3.4 -packaging==23.1 -python-dateutil==2.8.2 -pyyaml-env-tag==0.1 -watchdog==3.0.0 diff --git a/requirements/molecule-requirements.txt b/requirements/molecule-requirements.txt deleted file mode 100644 index c56502d3..00000000 --- a/requirements/molecule-requirements.txt +++ /dev/null @@ -1,22 +0,0 @@ -ansible-compat==4.1.2 -ansible-core==2.15.1 -attrs==23.1.0 -click-help-colors==0.9.1 -cryptography==41.0.1 -distro==1.8.0 -docker-py==1.10.6 -docker-pycreds==0.4.0 -enrich==1.2.7 -jsonschema==4.17.3 -markdown-it-py==3.0.0 -mdurl==0.1.2 -molecule-vagrant==2.0.0 -packaging==23.1 -pluggy==1.2.0 -pyrsistent==0.19.3 -python-vagrant==1.0.0 -resolvelib==1.0.1 -rich==13.4.2 -selinux==0.3.0 -subprocess-tee==0.4.1 -websocket-client==1.6.1 diff --git a/requirements/mongo-orchestration-requirements.txt b/requirements/mongo-orchestration-requirements.txt deleted file mode 100644 index ad130ef7..00000000 --- a/requirements/mongo-orchestration-requirements.txt +++ /dev/null @@ -1,11 +0,0 @@ -bottle==0.12.25 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cheroot==10.0.0 -dnspython==2.3.0 -idna==3.4 -jaraco-functools==3.6.0 -more-itertools==9.1.0 -pymongo==4.3.3 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/moto-requirements.txt b/requirements/moto-requirements.txt deleted file mode 100644 index b34e3c5c..00000000 --- a/requirements/moto-requirements.txt +++ /dev/null @@ -1,58 +0,0 @@ -attrs==23.1.0 -aws-sam-translator==1.70.0 -aws-xray-sdk==2.12.0 -blinker==1.6.2 -boto3==1.26.160 -botocore==1.29.160 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -cryptography==41.0.1 -docker==6.1.3 -ecdsa==0.18.0 -flask==2.3.2 -flask-cors==3.0.10 -graphql-core==3.2.3 -idna==3.4 -itsdangerous==2.1.2 -jinja2==3.1.2 -jmespath==1.0.1 -jschema-to-python==1.2.3 -jsondiff==2.0.0 -jsonpatch==1.32 -jsonpickle==3.0.1 -jsonpointer==2.3 -jsonschema==4.17.3 -jsonschema-spec==0.1.6 -junit-xml==1.9 -lazy-object-proxy==1.9.0 -MarkupSafe==2.1.3 -mpmath==1.3.0 -networkx==3.1 -openapi-schema-validator==0.4.4 -openapi-spec-validator==0.5.7 -packaging==23.1 -pathable==0.4.3 -pbr==5.11.1 -py-partiql-parser==0.3.3 -pyasn1==0.5.0 -pydantic==1.10.9 -pyparsing==3.1.0 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -python-jose==3.3.0 -regex==2023.6.3 -requests==2.31.0 -responses==0.23.1 -rfc3339-validator==0.1.4 -rsa==4.9 -s3transfer==0.6.1 -sarif-om==1.0.4 -sshpubkeys==3.3.1 -sympy==1.12 -types-pyyaml==6.0.12.10 -urllib3==1.26.16 -websocket-client==1.6.1 -werkzeug==2.3.6 -wrapt==1.15.0 -xmltodict==0.13.0 diff --git a/requirements/mps-youtube-requirements.txt b/requirements/mps-youtube-requirements.txt deleted file mode 100644 index 139ede7a..00000000 --- a/requirements/mps-youtube-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -pafy==0.5.5 -youtube_dl==2020.5.3 diff --git a/requirements/mycli-requirements.txt b/requirements/mycli-requirements.txt deleted file mode 100644 index 5a9f5c67..00000000 --- a/requirements/mycli-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -cli-helpers==2.3.0 -click==8.1.3 -configobj==5.0.8 -cryptography==36.0.2 -importlib-resources==5.12.0 -prompt-toolkit==3.0.38 -pyaes==1.6.1 -pymysql==1.0.3 -pyperclip==1.8.2 -sqlglot==11.6.0 -sqlparse==0.4.4 -wcwidth==0.2.6 diff --git a/requirements/mypy-requirements.txt b/requirements/mypy-requirements.txt deleted file mode 100644 index a9f4ed70..00000000 --- a/requirements/mypy-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -mypy-extensions==1.0.0 -typing-extensions==4.6.3 diff --git a/requirements/name-that-hash-requirements.txt b/requirements/name-that-hash-requirements.txt deleted file mode 100644 index b87872e3..00000000 --- a/requirements/name-that-hash-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -click==8.1.3 -commonmark==0.9.1 -rich==12.6.0 diff --git a/requirements/nbdime-requirements.txt b/requirements/nbdime-requirements.txt deleted file mode 100644 index c701583e..00000000 --- a/requirements/nbdime-requirements.txt +++ /dev/null @@ -1,25 +0,0 @@ -argon2-cffi-bindings==21.2.0 -arrow==1.2.3 -attrs==23.1.0 -beautifulsoup4==4.12.2 -colorama==0.4.6 -fastjsonschema==2.16.3 -fqdn==1.5.1 -gitdb==4.0.10 -gitpython==3.1.31 -isoduration==20.11.0 -jsonpointer==2.3 -jsonschema==4.17.3 -jupyter-events==0.6.3 -jupyter-server-mathjax==0.2.6 -jupyter-server-terminals==0.4.4 -platformdirs==3.5.0 -pyrsistent==0.19.3 -python-json-logger==2.0.7 -rfc3339-validator==0.1.4 -rfc3986-validator==0.1.1 -smmap==5.0.0 -soupsieve==2.4.1 -tinycss2==1.2.1 -uri-template==1.2.0 -webcolors==1.13 diff --git a/requirements/neovim-remote-requirements.txt b/requirements/neovim-remote-requirements.txt deleted file mode 100644 index 0992bd79..00000000 --- a/requirements/neovim-remote-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -greenlet==2.0.1 -msgpack==1.0.4 -psutil==5.9.4 -pynvim==0.4.3 diff --git a/requirements/notifiers-requirements.txt b/requirements/notifiers-requirements.txt deleted file mode 100644 index d21b1421..00000000 --- a/requirements/notifiers-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -idna==3.4 -jsonschema==4.17.3 -pyrsistent==0.19.3 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/nox-requirements.txt b/requirements/nox-requirements.txt deleted file mode 100644 index ff256b25..00000000 --- a/requirements/nox-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -argcomplete==3.0.6 -colorlog==6.7.0 -packaging==23.1 diff --git a/requirements/nvchecker-requirements.txt b/requirements/nvchecker-requirements.txt deleted file mode 100644 index f70a7519..00000000 --- a/requirements/nvchecker-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -packaging==23.1 -platformdirs==3.5.3 -pycurl==7.45.2 -structlog==23.1.0 -tornado==6.3.2 diff --git a/requirements/nyx-requirements.txt b/requirements/nyx-requirements.txt deleted file mode 100644 index 7a857f56..00000000 --- a/requirements/nyx-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -stem==1.8.1 diff --git a/requirements/oci-cli-requirements.txt b/requirements/oci-cli-requirements.txt deleted file mode 100644 index f40829fb..00000000 --- a/requirements/oci-cli-requirements.txt +++ /dev/null @@ -1,13 +0,0 @@ -arrow==1.2.3 -certifi==2023.5.7 -circuitbreaker==1.4.0 -click==8.0.4 -cryptography==39.0.2 -jmespath==0.10.0 -oci==2.105.0 -prompt-toolkit==3.0.29 -pyopenssl==23.2.0 -python-dateutil==2.8.2 -pytz==2023.3 -terminaltables==3.1.0 -wcwidth==0.2.6 diff --git a/requirements/ocrmypdf-requirements.txt b/requirements/ocrmypdf-requirements.txt deleted file mode 100644 index 514d977d..00000000 --- a/requirements/ocrmypdf-requirements.txt +++ /dev/null @@ -1,13 +0,0 @@ -charset-normalizer==3.1.0 -coloredlogs==15.0.1 -cryptography==41.0.1 -deprecation==2.1.0 -humanfriendly==10.0 -img2pdf==0.4.4 -lxml==4.9.2 -packaging==23.1 -pdfminer-six==20221105 -pikepdf==7.2.0 -pluggy==1.0.0 -reportlab==4.0.4 -tqdm==4.65.0 diff --git a/requirements/offlineimap-requirements.txt b/requirements/offlineimap-requirements.txt deleted file mode 100644 index de558f81..00000000 --- a/requirements/offlineimap-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -certifi==2021.10.8 -decorator==5.1.1 -distro==1.8.0 -gssapi==1.8.2 -imaplib2==3.6 -portalocker==2.6.0 -rfc6555==0.1.0 diff --git a/requirements/okta-awscli-requirements.txt b/requirements/okta-awscli-requirements.txt deleted file mode 100644 index c69da045..00000000 --- a/requirements/okta-awscli-requirements.txt +++ /dev/null @@ -1,17 +0,0 @@ -beautifulsoup4==4.12.2 -boto3==1.26.139 -botocore==1.29.139 -bs4==0.0.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -configparser==5.3.0 -decorator==5.1.1 -idna==3.4 -jmespath==1.0.1 -python-dateutil==2.8.2 -requests==2.31.0 -s3transfer==0.6.1 -soupsieve==2.4.1 -urllib3==1.26.16 -validators==0.20.0 diff --git a/requirements/onlykey-agent-requirements.txt b/requirements/onlykey-agent-requirements.txt deleted file mode 100644 index 517c4165..00000000 --- a/requirements/onlykey-agent-requirements.txt +++ /dev/null @@ -1,31 +0,0 @@ -aenum==3.1.12 -backports-shutil-which==3.5.2 -bech32==1.2.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -configargparse==1.5.3 -cryptography==41.0.1 -ecdsa==0.18.0 -fido2==0.9.3 -hidapi==0.14.0 -idna==3.4 -intelhex==2.3.0 -lib-agent==1.0.5 -lockfile==0.12.2 -mnemonic==0.20 -onlykey==1.2.10 -onlykey-solo-python==0.0.32 -prompt-toolkit==3.0.38 -pycryptodome==3.18.0 -pymsgbox==1.0.9 -pynacl==1.5.0 -pyserial==3.5 -python-daemon==3.0.1 -pyusb==1.2.1 -requests==2.31.0 -semver==3.0.0 -unidecode==1.3.6 -urllib3==2.0.2 -wcwidth==0.2.6 -wheel==0.40.0 diff --git a/requirements/openai-whisper-requirements.txt b/requirements/openai-whisper-requirements.txt deleted file mode 100644 index 9b98e5df..00000000 --- a/requirements/openai-whisper-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -ffmpeg-python==0.2.0 -future==0.18.3 -llvmlite==0.40.0rc1 -numba==0.57.1 -numpy==1.24.3 -regex==2023.3.23 -tiktoken==0.3.1 diff --git a/requirements/openstackclient-requirements.txt b/requirements/openstackclient-requirements.txt deleted file mode 100644 index 9e750976..00000000 --- a/requirements/openstackclient-requirements.txt +++ /dev/null @@ -1,55 +0,0 @@ -appdirs==1.4.4 -attrs==23.1.0 -autopage==0.5.1 -babel==2.12.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cliff==4.3.0 -cmd2==2.4.3 -cryptography==41.0.1 -debtcollector==2.5.0 -decorator==5.1.1 -dogpile-cache==1.2.1 -idna==3.4 -importlib-metadata==6.6.0 -iso8601==1.1.0 -jmespath==1.0.1 -jsonpatch==1.32 -jsonpointer==2.3 -keystoneauth1==5.2.0 -msgpack==1.0.5 -netaddr==0.8.0 -netifaces==0.11.0 -openstacksdk==1.2.0 -os-client-config==2.1.0 -os-service-types==1.7.0 -osc-lib==2.8.0 -oslo-config==9.1.1 -oslo-context==5.1.1 -oslo-i18n==6.0.0 -oslo-log==5.2.0 -oslo-serialization==5.1.1 -oslo-utils==6.1.0 -packaging==23.1 -pbr==5.11.1 -prettytable==3.7.0 -pyparsing==3.0.9 -pyperclip==1.8.2 -python-cinderclient==9.3.0 -python-dateutil==2.8.2 -python-heatclient==3.3.0 -python-keystoneclient==5.1.0 -python-neutronclient==10.0.0 -python-novaclient==18.3.0 -python-octaviaclient==3.4.0 -python-swiftclient==4.3.0 -pytz==2023.3 -requests==2.31.0 -requestsexceptions==1.4.0 -rfc3986==2.0.0 -simplejson==3.19.1 -stevedore==5.1.0 -urllib3==2.0.2 -wcwidth==0.2.6 -wrapt==1.15.0 -zipp==3.15.0 diff --git a/requirements/organize-tool-requirements.txt b/requirements/organize-tool-requirements.txt deleted file mode 100644 index 328e5163..00000000 --- a/requirements/organize-tool-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -appdirs==1.4.4 -click==8.1.3 -commonmark==0.9.1 -contextlib2==21.6.0 -ExifRead==3.0.0 -fs==2.4.16 -Jinja2==3.0.3 -MarkupSafe==2.1.1 -rich==12.5.1 -schema==0.7.5 -Send2Trash==1.8.0 -simplematch==1.3 diff --git a/requirements/osc-cli-requirements.txt b/requirements/osc-cli-requirements.txt deleted file mode 100644 index 62bf389b..00000000 --- a/requirements/osc-cli-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -defusedxml==0.7.1 -fire==0.5.0 -idna==3.4 -requests==2.31.0 -termcolor==2.3.0 -urllib3==2.0.3 -xmltodict==0.13.0 diff --git a/requirements/osc-requirements.txt b/requirements/osc-requirements.txt deleted file mode 100644 index 842863a3..00000000 --- a/requirements/osc-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -cryptography==41.0.1 -rpm==0.1.0 -urllib3==2.0.3 diff --git a/requirements/parliament-requirements.txt b/requirements/parliament-requirements.txt deleted file mode 100644 index dc290c96..00000000 --- a/requirements/parliament-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -boto3==1.26.8 -botocore==1.29.8 -jmespath==1.0.1 -json-cfg==0.4.2 -kwonly-args==1.0.10 -python-dateutil==2.8.2 -s3transfer==0.6.0 -urllib3==1.26.12 diff --git a/requirements/pass-git-helper-requirements.txt b/requirements/pass-git-helper-requirements.txt deleted file mode 100644 index f0e31dea..00000000 --- a/requirements/pass-git-helper-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pyxdg==0.28 diff --git a/requirements/pdm-requirements.txt b/requirements/pdm-requirements.txt deleted file mode 100644 index efa42e69..00000000 --- a/requirements/pdm-requirements.txt +++ /dev/null @@ -1,26 +0,0 @@ -blinker==1.6.2 -cachecontrol==0.13.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -distlib==0.3.6 -filelock==3.12.2 -findpython==0.2.5 -idna==3.4 -installer==0.7.0 -markdown-it-py==3.0.0 -mdurl==0.1.2 -msgpack==1.0.5 -packaging==23.1 -platformdirs==3.5.3 -pyproject-hooks==1.0.0 -python-dotenv==1.0.0 -requests==2.31.0 -requests-toolbelt==1.0.0 -resolvelib==1.0.1 -rich==13.4.2 -shellingham==1.5.0.post1 -tomlkit==0.11.8 -unearth==0.9.1 -urllib3==2.0.3 -virtualenv==20.23.0 -wheel==0.40.0 diff --git a/requirements/percol-requirements.txt b/requirements/percol-requirements.txt deleted file mode 100644 index bab94bb0..00000000 --- a/requirements/percol-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -cmigemo==0.1.6 diff --git a/requirements/peru-requirements.txt b/requirements/peru-requirements.txt deleted file mode 100644 index 1d9dff81..00000000 --- a/requirements/peru-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -docopt==0.6.2 diff --git a/requirements/pferd-requirements.txt b/requirements/pferd-requirements.txt deleted file mode 100644 index 98cf5490..00000000 --- a/requirements/pferd-requirements.txt +++ /dev/null @@ -1,20 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==23.1.0 -beautifulsoup4==4.12.2 -certifi==2022.12.7 -charset-normalizer==3.1.0 -frozenlist==1.3.3 -idna==3.4 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -keyring==23.13.1 -markdown-it-py==2.2.0 -mdurl==0.1.2 -more-itertools==9.1.0 -multidict==6.0.4 -rich==13.3.5 -soupsieve==2.4.1 -yarl==1.9.2 -zipp==3.15.0 diff --git a/requirements/pgcli-requirements.txt b/requirements/pgcli-requirements.txt deleted file mode 100644 index ad59470a..00000000 --- a/requirements/pgcli-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -cli-helpers==2.3.0 -click==8.1.3 -configobj==5.0.8 -pendulum==2.1.2 -pgspecial==2.1.0 -prompt-toolkit==3.0.38 -psycopg==3.1.8 -python-dateutil==2.8.2 -pytzdata==2020.1 -setproctitle==1.3.2 -sqlparse==0.4.4 -wcwidth==0.2.6 diff --git a/requirements/pip-audit-requirements.txt b/requirements/pip-audit-requirements.txt deleted file mode 100644 index f9beb7b2..00000000 --- a/requirements/pip-audit-requirements.txt +++ /dev/null @@ -1,23 +0,0 @@ -cachecontrol==0.13.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cyclonedx-python-lib==4.0.1 -defusedxml==0.7.1 -filelock==3.12.2 -html5lib==1.1 -idna==3.4 -markdown-it-py==3.0.0 -mdurl==0.1.2 -msgpack==1.0.5 -packageurl-python==0.11.1 -packaging==23.1 -pip-api==0.0.30 -pip-requirements-parser==32.0.1 -py-serializable==0.11.1 -pyparsing==3.1.0 -requests==2.31.0 -rich==13.4.2 -sortedcontainers==2.4.0 -toml==0.10.2 -urllib3==2.0.3 -webencodings==0.5.1 diff --git a/requirements/pip-tools-requirements.txt b/requirements/pip-tools-requirements.txt deleted file mode 100644 index 39bbe63e..00000000 --- a/requirements/pip-tools-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -build==0.10.0 -click==8.1.3 -packaging==23.1 -pyproject-hooks==1.0.0 -wheel==0.40.0 diff --git a/requirements/pipenv-requirements.txt b/requirements/pipenv-requirements.txt deleted file mode 100644 index 91f1a552..00000000 --- a/requirements/pipenv-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2023.5.7 -distlib==0.3.6 -filelock==3.12.2 -platformdirs==3.8.0 -virtualenv==20.23.1 -virtualenv-clone==0.5.7 diff --git a/requirements/pipgrip-requirements.txt b/requirements/pipgrip-requirements.txt deleted file mode 100644 index e9a9fce8..00000000 --- a/requirements/pipgrip-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -anytree==2.8.0 -click==8.1.3 -packaging==23.0 -pkginfo==1.7.1 -wheel==0.38.4 diff --git a/requirements/pipx-requirements.txt b/requirements/pipx-requirements.txt deleted file mode 100644 index 458bf088..00000000 --- a/requirements/pipx-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -argcomplete==2.1.1 -click==8.1.3 -packaging==23.0 -userpath==1.8.0 diff --git a/requirements/platformio-requirements.txt b/requirements/platformio-requirements.txt deleted file mode 100644 index d0f762ad..00000000 --- a/requirements/platformio-requirements.txt +++ /dev/null @@ -1,21 +0,0 @@ -aiofiles==23.1.0 -ajsonrpc==1.2.0 -anyio==3.7.0 -bottle==0.12.25 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.6 -h11==0.14.0 -idna==3.4 -marshmallow==3.19.0 -packaging==23.1 -pyelftools==0.29 -pyserial==3.5 -requests==2.31.0 -semantic-version==2.10.0 -sniffio==1.3.0 -starlette==0.28.0 -urllib3==2.0.3 -uvicorn==0.22.0 -wsproto==1.2.0 diff --git a/requirements/pocsuite3-requirements.txt b/requirements/pocsuite3-requirements.txt deleted file mode 100644 index eabd069c..00000000 --- a/requirements/pocsuite3-requirements.txt +++ /dev/null @@ -1,23 +0,0 @@ -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -colorama==0.4.6 -colorlog==6.7.0 -cryptography==41.0.1 -dacite==1.8.0 -faker==18.10.1 -idna==3.4 -jq==1.4.1 -lxml==4.9.2 -mmh3==4.0.0 -prettytable==3.8.0 -pycryptodomex==3.18.0 -pyopenssl==23.2.0 -pysocks==1.7.1 -python-dateutil==2.8.2 -requests==2.31.0 -requests-toolbelt==1.0.0 -scapy==2.5.0 -termcolor==2.3.0 -urllib3==2.0.3 -wcwidth==0.2.6 diff --git a/requirements/podman-compose-requirements.txt b/requirements/podman-compose-requirements.txt deleted file mode 100644 index f8e70610..00000000 --- a/requirements/podman-compose-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -python-dotenv==1.0.0 diff --git a/requirements/poetry-requirements.txt b/requirements/poetry-requirements.txt deleted file mode 100644 index b46cfdc6..00000000 --- a/requirements/poetry-requirements.txt +++ /dev/null @@ -1,39 +0,0 @@ -attrs==23.1.0 -build==0.10.0 -cachecontrol==0.12.11 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cleo==2.0.1 -crashtest==0.4.1 -distlib==0.3.6 -dulwich==0.21.5 -filelock==3.12.0 -html5lib==1.1 -idna==3.4 -importlib-metadata==6.6.0 -installer==0.7.0 -jaraco-classes==3.2.3 -jsonschema==4.17.3 -keyring==23.13.1 -lockfile==0.12.2 -more-itertools==9.1.0 -msgpack==1.0.5 -packaging==23.1 -pexpect==4.8.0 -pkginfo==1.9.6 -platformdirs==3.5.1 -poetry-core==1.6.1 -poetry-plugin-export==1.4.0 -ptyprocess==0.7.0 -pyproject-hooks==1.0.0 -pyrsistent==0.19.3 -rapidfuzz==2.15.1 -requests==2.31.0 -requests-toolbelt==1.0.0 -shellingham==1.5.0.post1 -tomlkit==0.11.8 -trove-classifiers==2023.5.24 -urllib3==1.26.16 -webencodings==0.5.1 -xattr==0.10.1 -zipp==3.15.0 diff --git a/requirements/polynote-requirements.txt b/requirements/polynote-requirements.txt deleted file mode 100644 index 932fb329..00000000 --- a/requirements/polynote-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -jep==4.1.1 diff --git a/requirements/pre-commit-requirements.txt b/requirements/pre-commit-requirements.txt deleted file mode 100644 index 9d295850..00000000 --- a/requirements/pre-commit-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -cfgv==3.3.1 -distlib==0.3.6 -filelock==3.12.2 -identify==2.5.24 -nodeenv==1.8.0 -platformdirs==3.5.3 diff --git a/requirements/principalmapper-requirements.txt b/requirements/principalmapper-requirements.txt deleted file mode 100644 index 0daa7795..00000000 --- a/requirements/principalmapper-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -botocore==1.29.3 -jmespath==1.0.1 -packaging==21.3 -pydot==1.4.2 -pyparsing==3.0.9 -python-dateutil==2.8.2 -urllib3==1.26.12 diff --git a/requirements/proselint-requirements.txt b/requirements/proselint-requirements.txt deleted file mode 100644 index f0ef68c3..00000000 --- a/requirements/proselint-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -click==8.1.3 -future==0.18.3 diff --git a/requirements/prowler-requirements.txt b/requirements/prowler-requirements.txt deleted file mode 100644 index db17cefe..00000000 --- a/requirements/prowler-requirements.txt +++ /dev/null @@ -1,56 +0,0 @@ -about-time==4.2.1 -alive-progress==3.1.4 -awsipranges==0.3.3 -azure-common==1.1.28 -azure-core==1.27.1 -azure-identity==1.13.0 -azure-mgmt-authorization==3.0.0 -azure-mgmt-core==1.4.0 -azure-mgmt-security==5.0.0 -azure-mgmt-storage==21.0.0 -azure-mgmt-subscription==3.1.1 -azure-storage-blob==12.16.0 -boto3==1.26.147 -botocore==1.29.152 -cachetools==5.3.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-plugins==1.1.1 -colorama==0.4.6 -contextlib2==21.6.0 -cryptography==41.0.1 -detect-secrets==1.4.0 -google-api-core==2.11.1 -google-api-python-client==2.88.0 -google-auth==2.20.0 -google-auth-httplib2==0.1.0 -googleapis-common-protos==1.59.1 -grapheme==0.6.0 -httplib2==0.22.0 -idna==3.4 -isodate==0.6.1 -jmespath==1.0.1 -msal==1.22.0 -msal-extensions==1.0.0 -msgraph-core==0.2.2 -msrest==0.7.1 -oauthlib==3.2.2 -portalocker==2.7.0 -protobuf==4.23.3 -pyasn1==0.5.0 -pyasn1-modules==0.3.0 -pydantic==1.10.9 -pyjwt==2.7.0 -pyparsing==3.0.9 -python-dateutil==2.8.2 -requests==2.31.0 -requests-oauthlib==1.3.1 -rsa==4.9 -s3transfer==0.6.1 -schema==0.7.5 -shodan==1.29.1 -slack-sdk==3.21.3 -uritemplate==4.1.1 -urllib3==1.26.16 -xlsxwriter==3.1.2 diff --git a/requirements/psutils-requirements.txt b/requirements/psutils-requirements.txt deleted file mode 100644 index b722052e..00000000 --- a/requirements/psutils-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -puremagic==1.15 -pypdf==3.12.0 diff --git a/requirements/ptpython-requirements.txt b/requirements/ptpython-requirements.txt deleted file mode 100644 index e1773553..00000000 --- a/requirements/ptpython-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -appdirs==1.4.4 -jedi==0.18.2 -parso==0.8.3 -prompt-toolkit==3.0.37 -wcwidth==0.2.6 diff --git a/requirements/pwntools-requirements.txt b/requirements/pwntools-requirements.txt deleted file mode 100644 index 03a5c3b8..00000000 --- a/requirements/pwntools-requirements.txt +++ /dev/null @@ -1,25 +0,0 @@ -bcrypt==4.0.1 -capstone==5.0.0rc2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colored-traceback==0.3.0 -cryptography==41.0.1 -idna==3.4 -intervaltree==3.1.0 -mako==1.2.4 -markupsafe==2.1.3 -packaging==23.1 -paramiko==3.2.0 -plumbum==1.8.2 -psutil==5.9.5 -pyelftools==0.29 -pynacl==1.5.0 -pyserial==3.5 -pysocks==1.7.1 -python-dateutil==2.8.2 -requests==2.31.0 -ropgadget==7.3 -rpyc==5.3.1 -sortedcontainers==2.4.0 -unicorn==2.0.1.post1 -urllib3==2.0.2 diff --git a/requirements/px-requirements.txt b/requirements/px-requirements.txt deleted file mode 100644 index 01fa3db6..00000000 --- a/requirements/px-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -python-dateutil==2.8.2 diff --git a/requirements/pydocstyle-requirements.txt b/requirements/pydocstyle-requirements.txt deleted file mode 100644 index 5db385c8..00000000 --- a/requirements/pydocstyle-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -snowballstemmer==2.2.0 diff --git a/requirements/pygitup-requirements.txt b/requirements/pygitup-requirements.txt deleted file mode 100644 index 204dc189..00000000 --- a/requirements/pygitup-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -colorama==0.4.6 -gitdb==4.0.10 -GitPython==3.1.30 -smmap==5.0.0 -termcolor==2.2.0 diff --git a/requirements/pyinstaller-requirements.txt b/requirements/pyinstaller-requirements.txt deleted file mode 100644 index 2791e60c..00000000 --- a/requirements/pyinstaller-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -altgraph==0.17.3 -macholib==1.16.2 -pyinstaller-hooks-contrib==2023.3 diff --git a/requirements/pylint-requirements.txt b/requirements/pylint-requirements.txt deleted file mode 100644 index 04531b81..00000000 --- a/requirements/pylint-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -astroid==2.15.4 -dill==0.3.6 -lazy-object-proxy==1.9.0 -mccabe==0.7.0 -platformdirs==3.5.0 -tomlkit==0.11.8 -wrapt==1.15.0 diff --git a/requirements/pymol-requirements.txt b/requirements/pymol-requirements.txt deleted file mode 100644 index 4211fe4d..00000000 --- a/requirements/pymol-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -msgpack==1.0.3 -mmtf-python==1.1.2 diff --git a/requirements/pympress-requirements.txt b/requirements/pympress-requirements.txt deleted file mode 100644 index 7884b245..00000000 --- a/requirements/pympress-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -watchdog==3.0.0 diff --git a/requirements/pypy-requirements.txt b/requirements/pypy-requirements.txt deleted file mode 100644 index cb524c06..00000000 --- a/requirements/pypy-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -setuptools==44.1.1 -pip==20.3.4 diff --git a/requirements/pypy3.10-requirements.txt b/requirements/pypy3.10-requirements.txt deleted file mode 100644 index 48cf0f14..00000000 --- a/requirements/pypy3.10-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -setuptools==59.8.0 -pip==23.1.2 diff --git a/requirements/pypy3.9-requirements.txt b/requirements/pypy3.9-requirements.txt deleted file mode 100644 index 48cf0f14..00000000 --- a/requirements/pypy3.9-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -setuptools==59.8.0 -pip==23.1.2 diff --git a/requirements/pyqt-builder-requirements.txt b/requirements/pyqt-builder-requirements.txt deleted file mode 100644 index 0ac38871..00000000 --- a/requirements/pyqt-builder-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -ply==3.11 diff --git a/requirements/pyqt-requirements.txt b/requirements/pyqt-requirements.txt deleted file mode 100644 index 63ba7c49..00000000 --- a/requirements/pyqt-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -pyqt6-3d==6.5.0 -pyqt6-charts==6.5.0 -pyqt6-datavisualization==6.5.0 -pyqt6-networkauth==6.5.0 -pyqt6-sip==13.5.1 -pyqt6-webengine==6.5.0 diff --git a/requirements/pyqt@5-requirements.txt b/requirements/pyqt@5-requirements.txt deleted file mode 100644 index 1426a0f8..00000000 --- a/requirements/pyqt@5-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -PyQt5-sip==12.11.0 -PyQt3D==5.15.5 -PyQtChart==5.15.6 -PyQtDataVisualization==5.15.5 -PyQtNetworkAuth==5.15.5 -PyQtWebEngine==5.15.6 -PyQtPurchasing==5.15.5 diff --git a/requirements/python-build-requirements.txt b/requirements/python-build-requirements.txt deleted file mode 100644 index 3a33c4b1..00000000 --- a/requirements/python-build-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -packaging==23.0 -pyproject_hooks==1.0.0 diff --git a/requirements/python-lsp-server-requirements.txt b/requirements/python-lsp-server-requirements.txt deleted file mode 100644 index d83e5d68..00000000 --- a/requirements/python-lsp-server-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -docstring-to-markdown==0.12 -jedi==0.18.2 -parso==0.8.3 -pluggy==1.2.0 -python-lsp-jsonrpc==1.0.0 -ujson==5.8.0 diff --git a/requirements/python-yq-requirements.txt b/requirements/python-yq-requirements.txt deleted file mode 100644 index 6fec5d62..00000000 --- a/requirements/python-yq-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -argcomplete==3.0.6 -tomlkit==0.11.7 -xmltodict==0.13.0 diff --git a/requirements/python@3.10-requirements.txt b/requirements/python@3.10-requirements.txt deleted file mode 100644 index 659d18f0..00000000 --- a/requirements/python@3.10-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -flit-core==3.8.0 -pip==23.0.1 -setuptools==67.6.1 -wheel==0.40.0 diff --git a/requirements/python@3.11-requirements.txt b/requirements/python@3.11-requirements.txt deleted file mode 100644 index b0636e81..00000000 --- a/requirements/python@3.11-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -flit-core==3.8.0 -setuptools==67.6.1 -pip==23.0.1 -wheel==0.40.0 diff --git a/requirements/python@3.8-requirements.txt b/requirements/python@3.8-requirements.txt deleted file mode 100644 index 5b57bd54..00000000 --- a/requirements/python@3.8-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -setuptools==67.8.0 -pip==23.1.2 -wheel==0.40.0 diff --git a/requirements/python@3.9-requirements.txt b/requirements/python@3.9-requirements.txt deleted file mode 100644 index 4f058bb3..00000000 --- a/requirements/python@3.9-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -setuptools==65.6.3 -pip==22.3.1 -wheel==0.38.4 diff --git a/requirements/pythran-requirements.txt b/requirements/pythran-requirements.txt deleted file mode 100644 index 2be9fa69..00000000 --- a/requirements/pythran-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -beniget==0.4.1 -gast==0.5.4 -ply==3.11 diff --git a/requirements/pytorch-requirements.txt b/requirements/pytorch-requirements.txt deleted file mode 100644 index a9d654cc..00000000 --- a/requirements/pytorch-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -filelock==3.12.0 -Jinja2==3.1.2 -mpmath==1.3.0 -networkx==3.1 -opt-einsum==3.3.0 -sympy==1.11.1 diff --git a/requirements/pyvim-requirements.txt b/requirements/pyvim-requirements.txt deleted file mode 100644 index 4656dbfb..00000000 --- a/requirements/pyvim-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -docopt==0.6.2 -prompt-toolkit==3.0.32 -pyflakes==2.5.0 -wcwidth==0.2.5 diff --git a/requirements/pywhat-requirements.txt b/requirements/pywhat-requirements.txt deleted file mode 100644 index 584c4dc0..00000000 --- a/requirements/pywhat-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -click==7.1.2 -colorama==0.4.6 -commonmark==0.9.1 -rich==10.16.2 diff --git a/requirements/qt-requirements.txt b/requirements/qt-requirements.txt deleted file mode 100644 index 116cde80..00000000 --- a/requirements/qt-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -html5lib==1.1 -webencodings==0.5.1 diff --git a/requirements/rbtools-requirements.txt b/requirements/rbtools-requirements.txt deleted file mode 100644 index b5ecfa40..00000000 --- a/requirements/rbtools-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -colorama==0.4.6 -pydiffx==1.1 -texttable==1.6.7 -tqdm==4.65.0 diff --git a/requirements/recon-ng-requirements.txt b/requirements/recon-ng-requirements.txt deleted file mode 100644 index dece9f29..00000000 --- a/requirements/recon-ng-requirements.txt +++ /dev/null @@ -1,30 +0,0 @@ -aniso8601==9.0.1 -async-timeout==4.0.2 -attrs==22.2.0 -certifi==2022.12.7 -charset-normalizer==2.1.1 -click==8.1.3 -dicttoxml==1.7.16 -dnspython==2.2.1 -flasgger==0.9.5 -Flask==2.2.2 -Flask-RESTful==0.3.9 -html5lib==1.1 -idna==3.4 -itsdangerous==2.1.2 -Jinja2==3.1.2 -jsonschema==4.17.3 -lxml==4.9.2 -MarkupSafe==2.1.1 -mechanize==0.4.8 -mistune==2.0.4 -pyrsistent==0.19.3 -pytz==2022.7 -redis==4.4.0 -requests==2.28.1 -rq==1.11.1 -unicodecsv==0.14.1 -urllib3==1.26.13 -webencodings==0.5.1 -Werkzeug==2.2.2 -XlsxWriter==3.0.5 diff --git a/requirements/redo-requirements.txt b/requirements/redo-requirements.txt deleted file mode 100644 index b757253f..00000000 --- a/requirements/redo-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -beautifulsoup4==4.11.1 -Markdown==3.3.7 -soupsieve==2.3.2.post1 diff --git a/requirements/regipy-requirements.txt b/requirements/regipy-requirements.txt deleted file mode 100644 index a6cbb828..00000000 --- a/requirements/regipy-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -attrs==23.1.0 -click==8.1.3 -construct==2.10.68 -inflection==0.5.1 -pytz==2023.3 diff --git a/requirements/remarshal-requirements.txt b/requirements/remarshal-requirements.txt deleted file mode 100644 index a8f8d656..00000000 --- a/requirements/remarshal-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -cbor2==5.4.3 -python-dateutil==2.8.2 -tomlkit==0.7.2 -u-msgpack-python==2.7.2 diff --git a/requirements/reorder-python-imports-requirements.txt b/requirements/reorder-python-imports-requirements.txt deleted file mode 100644 index b1cb1b42..00000000 --- a/requirements/reorder-python-imports-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -classify-imports==4.2.0 diff --git a/requirements/restview-requirements.txt b/requirements/restview-requirements.txt deleted file mode 100644 index 74fbdebb..00000000 --- a/requirements/restview-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -bleach==5.0.1 -readme-renderer==36.0 -webencodings==0.5.1 diff --git a/requirements/rich-cli-requirements.txt b/requirements/rich-cli-requirements.txt deleted file mode 100644 index 40d768b1..00000000 --- a/requirements/rich-cli-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -commonmark==0.9.1 -idna==3.4 -requests==2.31.0 -rich==12.6.0 -rich-rst==1.1.7 -textual==0.1.18 -urllib3==2.0.2 diff --git a/requirements/robot-framework-requirements.txt b/requirements/robot-framework-requirements.txt deleted file mode 100644 index 21a041ee..00000000 --- a/requirements/robot-framework-requirements.txt +++ /dev/null @@ -1,25 +0,0 @@ -async-generator==1.10 -attrs==23.1.0 -bcrypt==4.0.1 -certifi==2023.5.7 -cryptography==41.0.1 -exceptiongroup==1.1.1 -h11==0.14.0 -idna==3.4 -outcome==1.2.0 -paramiko==3.2.0 -pynacl==1.5.0 -pysocks==1.7.1 -robotframework-archivelibrary==0.4.2 -robotframework-pythonlibcore==4.1.2 -robotframework-selenium2library==3.0.0 -robotframework-seleniumlibrary==6.1.0 -robotframework-sshlibrary==3.8.0 -scp==0.14.5 -selenium==4.10.0 -sniffio==1.3.0 -sortedcontainers==2.4.0 -trio==0.22.0 -trio-websocket==0.10.3 -urllib3==2.0.3 -wsproto==1.2.0 diff --git a/requirements/rpl-requirements.txt b/requirements/rpl-requirements.txt deleted file mode 100644 index 957e62d8..00000000 --- a/requirements/rpl-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -chainstream==1.0.1 -chardet==5.1.0 -regex==2023.5.5 diff --git a/requirements/s3cmd-requirements.txt b/requirements/s3cmd-requirements.txt deleted file mode 100644 index 7928989b..00000000 --- a/requirements/s3cmd-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -python-dateutil==2.8.2 -python-magic==0.4.27 diff --git a/requirements/s4cmd-requirements.txt b/requirements/s4cmd-requirements.txt deleted file mode 100644 index aad5da3f..00000000 --- a/requirements/s4cmd-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -boto3==1.26.3 -botocore==1.29.3 -jmespath==1.0.1 -python-dateutil==2.8.2 -pytz==2022.6 -s3transfer==0.6.0 -urllib3==1.26.12 diff --git a/requirements/sail-requirements.txt b/requirements/sail-requirements.txt deleted file mode 100644 index 385709f3..00000000 --- a/requirements/sail-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -certifi==2022.12.7 -charset-normalizer==3.1.0 -click==8.1.3 -decorator==5.1.1 -filelock==3.10.0 -idna==3.4 -Jinja2==3.1.2 -jsonpickle==3.0.1 -MarkupSafe==2.1.2 -packaging==23.0 -python-digitalocean==1.17.0 -requests==2.28.2 -requests-file==1.5.1 -tldextract==3.4.0 -urllib3==1.26.15 diff --git a/requirements/salt-lint-requirements.txt b/requirements/salt-lint-requirements.txt deleted file mode 100644 index 8302ecd9..00000000 --- a/requirements/salt-lint-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pathspec==0.11.0 diff --git a/requirements/sceptre-requirements.txt b/requirements/sceptre-requirements.txt deleted file mode 100644 index 169a7548..00000000 --- a/requirements/sceptre-requirements.txt +++ /dev/null @@ -1,27 +0,0 @@ -attrs==23.1.0 -boto3==1.26.153 -botocore==1.29.153 -certifi==2023.5.7 -cfn-flip==1.3.0 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.3 -deepdiff==5.8.1 -deprecation==2.1.0 -idna==3.4 -jinja2==3.1.2 -jmespath==1.0.1 -jsonschema==3.2.0 -markupsafe==2.1.3 -networkx==2.6.3 -ordered-set==4.1.0 -packaging==21.3 -pyparsing==3.0.9 -pyrsistent==0.19.3 -python-dateutil==2.8.2 -pyyaml==5.4.1 -requests==2.31.0 -s3transfer==0.6.1 -sceptre-cmd-resolver==2.0.0 -sceptre-file-resolver==1.0.6 -urllib3==1.26.16 diff --git a/requirements/schemathesis-requirements.txt b/requirements/schemathesis-requirements.txt deleted file mode 100644 index ebf6a0e7..00000000 --- a/requirements/schemathesis-requirements.txt +++ /dev/null @@ -1,37 +0,0 @@ -anyio==3.7.0 -attrs==23.1.0 -backoff==2.2.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.6 -curlify==2.2.1 -graphql-core==3.2.3 -h11==0.14.0 -httpcore==0.17.2 -httpx==0.24.1 -hypothesis==6.75.9 -hypothesis-graphql==0.10.0 -hypothesis-jsonschema==0.22.1 -idna==3.4 -iniconfig==2.0.0 -jsonschema==4.17.3 -junit-xml==1.9 -markupsafe==2.1.3 -multidict==6.0.4 -packaging==23.1 -pluggy==1.0.0 -pyrate-limiter==2.10.0 -pyrsistent==0.19.3 -pytest==7.3.1 -pytest-subtests==0.7.0 -requests==2.31.0 -sniffio==1.3.0 -sortedcontainers==2.4.0 -starlette==0.27.0 -starlette-testclient==0.2.0 -tomli==2.0.1 -tomli-w==1.0.0 -urllib3==2.0.2 -werkzeug==2.3.4 -yarl==1.9.2 diff --git a/requirements/scrapy-requirements.txt b/requirements/scrapy-requirements.txt deleted file mode 100644 index 3cfcc99d..00000000 --- a/requirements/scrapy-requirements.txt +++ /dev/null @@ -1,33 +0,0 @@ -attrs==23.1.0 -automat==22.10.0 -certifi==2023.5.7 -cffi==1.15.1 -charset-normalizer==3.1.0 -constantly==15.1.0 -cryptography==41.0.1 -cssselect==1.2.0 -filelock==3.12.2 -hyperlink==21.0.0 -idna==3.4 -incremental==22.10.0 -itemadapter==0.8.0 -itemloaders==1.1.0 -jmespath==1.0.1 -lxml==4.9.2 -packaging==23.1 -parsel==1.8.1 -protego==0.2.1 -pyasn1-modules==0.3.0 -pyasn1==0.5.0 -pydispatcher==2.0.7 -pyopenssl==23.2.0 -queuelib==1.6.2 -requests-file==1.5.1 -requests==2.31.0 -service-identity==23.1.0 -setuptools==68.0.0 -tldextract==3.4.4 -twisted==22.10.0 -urllib3==2.0.3 -w3lib==2.1.1 -zope-interface==6.0 diff --git a/requirements/search-that-hash-requirements.txt b/requirements/search-that-hash-requirements.txt deleted file mode 100644 index 8ae7aa98..00000000 --- a/requirements/search-that-hash-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -appdirs==1.4.4 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cloudscraper==1.2.71 -colorama==0.4.6 -coloredlogs==15.0.1 -humanfriendly==10.0 -idna==3.4 -loguru==0.5.3 -pyparsing==3.0.9 -requests==2.31.0 -requests-toolbelt==1.0.0 -toml==0.10.2 -urllib3==2.0.2 diff --git a/requirements/semgrep-requirements.txt b/requirements/semgrep-requirements.txt deleted file mode 100644 index 40ec867a..00000000 --- a/requirements/semgrep-requirements.txt +++ /dev/null @@ -1,27 +0,0 @@ -attrs==23.1.0 -boltons==21.0.0 -bracex==2.3.post1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-option-group==0.5.6 -colorama==0.4.6 -defusedxml==0.7.1 -face==22.0.0 -glom==22.1.0 -idna==3.4 -jsonschema==4.17.3 -markdown-it-py==3.0.0 -mdurl==0.1.2 -packaging==23.1 -peewee==3.16.2 -pyrsistent==0.19.3 -python-lsp-jsonrpc==1.0.0 -requests==2.31.0 -rich==13.4.2 -ruamel-yaml==0.17.32 -ruamel-yaml-clib==0.2.7 -tomli==2.0.1 -ujson==5.8.0 -urllib3==1.26.16 -wcmatch==8.4.1 diff --git a/requirements/sgr-requirements.txt b/requirements/sgr-requirements.txt deleted file mode 100644 index 6be6b6c3..00000000 --- a/requirements/sgr-requirements.txt +++ /dev/null @@ -1,32 +0,0 @@ -asciitree==0.3.3 -attrs==22.2.0 -certifi==2022.6.15 -cffi==1.14.6 -chardet==4.0.0 -charset-normalizer==2.1.0 -click==7.1.2 -click-log==0.4.0 -cryptography==37.0.4 -docker==5.0.3 -idna==3.3 -inflection==0.5.1 -joblib==1.1.0 -jsonschema==4.17.3 -minio==7.1.10 -packaging==21.3 -parsimonious==0.8.1 -pglast==3.17 -psycopg2-binary==2.9.3 -pycparser==2.21 -pydantic==1.9.1 -pyparsing==3.0.9 -pyrsistent==0.19.3 -requests==2.28.1 -ruamel.yaml==0.17.21 -ruamel.yaml.clib==0.2.7 -sodapy==2.1.1 -splitgraph==0.3.10 -splitgraph-pipelinewise-target-postgres==2.1.0 -tqdm==4.64.0 -urllib3==1.26.10 -websocket-client==1.3.3 diff --git a/requirements/shallow-backup-requirements.txt b/requirements/shallow-backup-requirements.txt deleted file mode 100644 index 998235b3..00000000 --- a/requirements/shallow-backup-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -blessed==1.20.0 -click==8.1.3 -colorama==0.4.6 -gitdb==4.0.10 -GitPython==3.1.30 -inquirer==3.1.2 -python-editor==1.0.4 -readchar==4.0.3 -smmap==5.0.0 -wcwidth==0.2.6 diff --git a/requirements/shodan-requirements.txt b/requirements/shodan-requirements.txt deleted file mode 100644 index f4aed945..00000000 --- a/requirements/shodan-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click-plugins==1.1.1 -click==8.1.3 -colorama==0.4.6 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 -xlsxwriter==3.1.1 diff --git a/requirements/shub-requirements.txt b/requirements/shub-requirements.txt deleted file mode 100644 index dabe26ad..00000000 --- a/requirements/shub-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -docker==6.1.3 -idna==3.4 -packaging==23.1 -pip==23.1.2 -requests==2.31.0 -retrying==1.3.4 -scrapinghub==2.4.0 -toml==0.10.2 -tqdm==4.55.1 -urllib3==2.0.3 -websocket-client==1.6.1 diff --git a/requirements/sickchill-requirements.txt b/requirements/sickchill-requirements.txt deleted file mode 100644 index fc9ed76e..00000000 --- a/requirements/sickchill-requirements.txt +++ /dev/null @@ -1,73 +0,0 @@ -appdirs==1.4.4 -babelfish==0.6.0 -beautifulsoup4==4.12.2 -beekeeper-alt==2022.9.3 -bencode.py==4.0.0 -cacheyou==23.3 -certifi==2023.5.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -cinemagoer==2023.5.1 -click==8.1.3 -configobj==5.0.8 -cryptography==41.0.1 -decorator==5.1.1 -deluge-client==1.9.0 -Deprecated==1.2.14 -dogpile.cache==1.2.1 -enzyme==0.4.1 -future==0.18.3 -gntp==1.0.3 -greenlet==2.0.2 -guessit==3.7.1 -idna==3.4 -ifaddr==0.2.0 -imagesize==1.4.1 -IMDbPY==2022.7.9 -ipaddress==1.0.23 -jsonrpclib-pelix==0.4.3.2 -kodipydent-alt==2022.9.3 -lxml==4.9.2 -Mako==1.2.4 -markdown2==2.4.8 -MarkupSafe==2.1.3 -msgpack==1.0.5 -new-rtorrent-python==1.0.1a0 -oauthlib==3.2.2 -packaging==23.1 -pbr==5.11.1 -profilehooks==1.12.0 -putio.py==8.7.0 -PyGithub==1.58.2 -PyJWT==2.7.0 -PyNaCl==1.5.0 -PyNMA==1.0 -pyOpenSSL==23.2.0 -pysrt==1.1.2 -python-dateutil==2.8.2 -python-slugify==8.0.1 -python-twitter==3.5 -python3-fanart==2.0.0 -pytz==2023.3 -qbittorrent-api==2023.6.49 -rarfile==4.0 -rebulk==3.2.0 -requests==2.31.0 -requests-oauthlib==1.3.1 -Send2Trash==1.8.2 -soupsieve==2.4.1 -SQLAlchemy==2.0.16 -stevedore==5.1.0 -subliminal==2.1.0 -text-unidecode==1.3 -tmdbsimple==2.9.1 -tornado==6.3.2 -tus.py==1.3.4 -tvdbsimple==1.0.6 -typing-extensions==4.6.3 -Unidecode==1.3.6 -urllib3==2.0.3 -validators==0.20.0 -win-inet-pton==1.1.0 -wrapt==1.15.0 -xmltodict==0.13.0 diff --git a/requirements/sip-requirements.txt b/requirements/sip-requirements.txt deleted file mode 100644 index ef00d522..00000000 --- a/requirements/sip-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -packaging==23.1 -ply==3.11 diff --git a/requirements/slither-analyzer-requirements.txt b/requirements/slither-analyzer-requirements.txt deleted file mode 100644 index 5d3714ab..00000000 --- a/requirements/slither-analyzer-requirements.txt +++ /dev/null @@ -1,37 +0,0 @@ -aiohttp==3.8.4 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==23.1.0 -bitarray==2.7.6 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cytoolz==0.12.1 -eth-abi==4.1.0 -eth-account==0.9.0 -eth-hash==0.5.2 -eth-keyfile==0.6.1 -eth-keys==0.4.0 -eth-rlp==0.3.0 -eth-typing==3.4.0 -eth-utils==2.1.1 -frozenlist==1.3.3 -hexbytes==0.3.1 -idna==3.4 -jsonschema==4.17.3 -lru-dict==1.2.0 -multidict==6.0.4 -packaging==23.1 -parsimonious==0.9.0 -prettytable==3.8.0 -protobuf==4.23.3 -pypandoc==1.7.5 -pyrsistent==0.19.3 -regex==2023.6.3 -requests==2.31.0 -rlp==3.0.0 -toolz==0.12.0 -urllib3==2.0.3 -wcwidth==0.2.6 -web3==6.5.0 -websockets==11.0.3 -yarl==1.9.2 diff --git a/requirements/snakefmt-requirements.txt b/requirements/snakefmt-requirements.txt deleted file mode 100644 index b77f536e..00000000 --- a/requirements/snakefmt-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -toml==0.10.2 diff --git a/requirements/snakemake-requirements.txt b/requirements/snakemake-requirements.txt deleted file mode 100644 index 763a439f..00000000 --- a/requirements/snakemake-requirements.txt +++ /dev/null @@ -1,35 +0,0 @@ -appdirs==1.4.4 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -configargparse==1.5.5 -connection-pool==0.0.3 -datrie==0.8.2 -dpath==2.1.6 -fastjsonschema==2.17.1 -gitdb==4.0.10 -gitpython==3.1.31 -humanfriendly==10.0 -idna==3.4 -jinja2==3.1.2 -jsonschema==4.17.3 -jupyter-core==5.3.1 -markupsafe==2.1.3 -nbformat==5.9.0 -packaging==23.1 -plac==1.3.5 -platformdirs==3.8.0 -psutil==5.9.5 -pulp==2.7.0 -pyrsistent==0.19.3 -requests==2.31.0 -reretry==0.11.8 -smart-open==6.3.0 -smmap==5.0.0 -stopit==1.1.2 -throttler==1.2.2 -toposort==1.10 -traitlets==5.9.0 -urllib3==2.0.3 -wrapt==1.15.0 -yte==1.5.1 diff --git a/requirements/snapcraft-requirements.txt b/requirements/snapcraft-requirements.txt deleted file mode 100644 index 4251eff1..00000000 --- a/requirements/snapcraft-requirements.txt +++ /dev/null @@ -1,63 +0,0 @@ -setuptools==65.7.0 -attrs==22.2.0 -catkin-pkg==0.5.2 -certifi==2022.9.24 -cffi==1.15.1 -charset-normalizer==2.1.1 -click==8.1.3 -craft-cli==1.2.0 -craft-grammar==1.1.1 -craft-parts==1.18.1 -craft-providers==1.7.2 -craft-store==2.3.0 -cryptography==3.4 -Deprecated==1.2.13 -distro==1.8.0 -gnupg==2.3.1 -httplib2==0.21.0 -idna==3.4 -importlib-metadata==6.0.0 -jaraco.classes==3.2.3 -jsonschema==2.5.1 -keyring==23.13.1 -launchpadlib==1.11.0 -lazr.restfulclient==0.14.5 -lazr.uri==1.0.6 -lxml==4.9.2 -macaroonbakery==1.3.1 -more-itertools==8.14.0 -mypy-extensions==0.4.3 -oauthlib==3.2.2 -overrides==7.3.1 -packaging==23.0 -platformdirs==2.6.2 -progressbar==2.5 -protobuf==3.20.3 -psutil==5.9.2 -pycparser==2.21 -pydantic==1.9.0 -pydantic-yaml==0.9.0 -pyelftools==0.29 -pymacaroons==0.13.0 -PyNaCl==1.5.0 -pyparsing==3.0.9 -pyRFC3339==1.1 -python-dateutil==2.8.2 -pytz==2022.7 -pyxdg==0.28 -raven==6.10.0 -requests==2.28.1 -requests-toolbelt==0.10.0 -requests-unixsocket==0.3.0 -semantic-version==2.10.0 -semver==2.13.0 -setuptools-rust==1.5.1 -simplejson==3.18.1 -snap-helpers==0.2.0 -tinydb==4.7.0 -toml==0.10.2 -types-Deprecated==1.2.9 -urllib3==1.26.12 -wadllib==1.3.6 -wrapt==1.14.1 -zipp==3.14.0 diff --git a/requirements/solc-select-requirements.txt b/requirements/solc-select-requirements.txt deleted file mode 100644 index 9498ae1c..00000000 --- a/requirements/solc-select-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -packaging==23.1 -pycryptodome==3.18.0 diff --git a/requirements/sphinx-doc-requirements.txt b/requirements/sphinx-doc-requirements.txt deleted file mode 100644 index 050bd3f2..00000000 --- a/requirements/sphinx-doc-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -alabaster==0.7.13 -babel==2.12.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -imagesize==1.4.1 -jinja2==3.1.2 -markupsafe==2.1.2 -numpydoc==1.5.0 -packaging==23.1 -requests==2.31.0 -snowballstemmer==2.2.0 -sphinxcontrib-applehelp==1.0.4 -sphinxcontrib-devhelp==1.0.2 -sphinxcontrib-htmlhelp==2.0.1 -sphinxcontrib-jsmath==1.0.1 -sphinxcontrib-qthelp==1.0.3 -sphinxcontrib-serializinghtml==1.1.5 -urllib3==2.0.2 diff --git a/requirements/spice-gtk-requirements.txt b/requirements/spice-gtk-requirements.txt deleted file mode 100644 index 367c5e19..00000000 --- a/requirements/spice-gtk-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pyparsing==3.0.9 diff --git a/requirements/spoof-mac-requirements.txt b/requirements/spoof-mac-requirements.txt deleted file mode 100644 index 1d9dff81..00000000 --- a/requirements/spoof-mac-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -docopt==0.6.2 diff --git a/requirements/sqlfluff-requirements.txt b/requirements/sqlfluff-requirements.txt deleted file mode 100644 index 2cea1a2d..00000000 --- a/requirements/sqlfluff-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -appdirs==1.4.4 -chardet==5.1.0 -click==8.1.3 -colorama==0.4.6 -diff-cover==7.6.0 -iniconfig==2.0.0 -jinja2==3.1.2 -markupsafe==2.1.3 -packaging==23.1 -pathspec==0.11.1 -pluggy==1.2.0 -pytest==7.4.0 -regex==2023.6.3 -tblib==2.0.0 -tqdm==4.65.0 diff --git a/requirements/sqlite-utils-requirements.txt b/requirements/sqlite-utils-requirements.txt deleted file mode 100644 index 4773c3cd..00000000 --- a/requirements/sqlite-utils-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -click==8.1.3 -click-default-group-wheel==1.2.2 -python-dateutil==2.8.2 -sqlite-fts4==1.0.3 diff --git a/requirements/sslmate-requirements.txt b/requirements/sslmate-requirements.txt deleted file mode 100644 index a842adea..00000000 --- a/requirements/sslmate-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -boto==2.49.0 diff --git a/requirements/sslyze-requirements.txt b/requirements/sslyze-requirements.txt deleted file mode 100644 index d996d58b..00000000 --- a/requirements/sslyze-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -cffi==1.15.1 -cryptography==39.0.2 -pydantic==1.10.6 -pyOpenSSL==23.0.0 -tls-parser==2.0.0 diff --git a/requirements/streamlink-requirements.txt b/requirements/streamlink-requirements.txt deleted file mode 100644 index dd43c9af..00000000 --- a/requirements/streamlink-requirements.txt +++ /dev/null @@ -1,11 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -isodate==0.6.1 -lxml==4.9.2 -pycountry==22.3.5 -pycryptodome==3.18.0 -pysocks==1.7.1 -requests==2.31.0 -urllib3==2.0.2 -websocket-client==1.5.2 diff --git a/requirements/svtplay-dl-requirements.txt b/requirements/svtplay-dl-requirements.txt deleted file mode 100644 index c28b5baa..00000000 --- a/requirements/svtplay-dl-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -cryptography==41.0.1 -idna==3.4 -pysocks==1.7.1 -requests==2.31.0 -urllib3==2.0.3 diff --git a/requirements/tarsnapper-requirements.txt b/requirements/tarsnapper-requirements.txt deleted file mode 100644 index 4f10ad21..00000000 --- a/requirements/tarsnapper-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -pexpect==4.8.0 -ptyprocess==0.7.0 -python-dateutil==2.8.2 diff --git a/requirements/terminator-requirements.txt b/requirements/terminator-requirements.txt deleted file mode 100644 index 2e2fb717..00000000 --- a/requirements/terminator-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -psutil==5.9.4 -configobj==5.0.8 diff --git a/requirements/tern-requirements.txt b/requirements/tern-requirements.txt deleted file mode 100644 index f34fa806..00000000 --- a/requirements/tern-requirements.txt +++ /dev/null @@ -1,23 +0,0 @@ -attrs==22.2.0 -boolean-py==4.0 -certifi==2022.12.7 -chardet==5.1.0 -charset-normalizer==3.1.0 -debian-inspector==31.0.0 -docker==6.0.1 -dockerfile-parse==2.0.0 -gitdb==4.0.10 -gitpython==3.1.31 -idna==3.4 -license-expression==30.1.0 -packageurl-python==0.10.4 -packaging==23.0 -pbr==5.11.1 -prettytable==3.6.0 -regex==2022.10.31 -requests==2.28.2 -smmap==5.0.0 -stevedore==5.0.0 -urllib3==1.26.15 -wcwidth==0.2.6 -websocket-client==1.5.1 diff --git a/requirements/textract-requirements.txt b/requirements/textract-requirements.txt deleted file mode 100644 index 76f12137..00000000 --- a/requirements/textract-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -argcomplete==1.10.3 -beautifulsoup4==4.11.1 -chardet==3.0.4 -compressed-rtf==1.0.6 -docx2txt==0.8 -extract-msg==0.28.7 -IMAPClient==2.1.0 -lxml==4.9.1 -olefile==0.46 -pdfminer.six==20191110 -pycryptodome==3.15.0 -python-pptx==0.6.21 -pytz-deprecation-shim==0.1.0.post0 -sortedcontainers==2.4.0 -soupsieve==2.3.2.post1 -tzdata==2022.4 -tzlocal==4.2 -xlrd==1.2.0 -XlsxWriter==3.0.3 diff --git a/requirements/thefuck-requirements.txt b/requirements/thefuck-requirements.txt deleted file mode 100644 index 41d7110a..00000000 --- a/requirements/thefuck-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -colorama==0.4.6 -decorator==5.1.1 -psutil==5.9.3 -pyte==0.8.1 -wcwidth==0.2.5 diff --git a/requirements/theharvester-requirements.txt b/requirements/theharvester-requirements.txt deleted file mode 100644 index ca25519d..00000000 --- a/requirements/theharvester-requirements.txt +++ /dev/null @@ -1,57 +0,0 @@ -aiodns==3.0.0 -aiofiles==23.1.0 -aiohttp==3.8.4 -aiomultiprocess==0.9.0 -aiosignal==1.3.1 -aiosqlite==0.19.0 -anyio==3.6.2 -appdirs==1.4.4 -argcomplete==3.0.8 -async-timeout==4.0.2 -attrs==23.1.0 -backoff==2.2.1 -beautifulsoup4==4.12.2 -censys==2.2.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-plugins==1.1.1 -colorama==0.4.6 -Deprecated==1.2.13 -dnspython==2.3.0 -fastapi==0.95.2 -frozenlist==1.3.3 -h11==0.14.0 -idna==3.4 -importlib-metadata==6.6.0 -importlib-resources==5.12.0 -limits==3.5.0 -lxml==4.9.2 -markdown-it-py==2.2.0 -mdurl==0.1.2 -multidict==6.0.4 -netaddr==0.8.0 -packaging==23.1 -pycares==4.3.0 -pydantic==1.10.7 -pyee==8.2.2 -pyppeteer==1.0.2 -python-dateutil==2.8.2 -requests==2.30.0 -retrying==1.3.4 -rich==13.3.5 -shodan==1.29.1 -slowapi==0.1.8 -sniffio==1.3.0 -soupsieve==2.4.1 -starlette==0.27.0 -tqdm==4.65.0 -ujson==5.7.0 -urllib3==1.26.15 -uvicorn==0.22.0 -uvloop==0.17.0 -websockets==10.4 -wrapt==1.15.0 -XlsxWriter==3.1.0 -yarl==1.9.2 -zipp==3.15.0 diff --git a/requirements/tmuxp-requirements.txt b/requirements/tmuxp-requirements.txt deleted file mode 100644 index 745c8d78..00000000 --- a/requirements/tmuxp-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -colorama==0.4.6 -libtmux==0.22.1 diff --git a/requirements/todoman-requirements.txt b/requirements/todoman-requirements.txt deleted file mode 100644 index 80f14c38..00000000 --- a/requirements/todoman-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -atomicwrites==1.4.1 -click==8.1.3 -click-log==0.4.0 -humanize==4.6.0 -icalendar==5.0.4 -parsedatetime==2.6 -python-dateutil==2.8.2 -pytz==2023.2 -pyxdg==0.28 -urwid==2.1.2 diff --git a/requirements/toot-requirements.txt b/requirements/toot-requirements.txt deleted file mode 100644 index 92b4c3da..00000000 --- a/requirements/toot-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -beautifulsoup4==4.12.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -soupsieve==2.4.1 -urllib3==2.0.3 -urwid==2.1.2 -wcwidth==0.2.6 diff --git a/requirements/torchvision-requirements.txt b/requirements/torchvision-requirements.txt deleted file mode 100644 index 3f76b9bb..00000000 --- a/requirements/torchvision-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.30.0 -urllib3==2.0.2 diff --git a/requirements/touca-requirements.txt b/requirements/touca-requirements.txt deleted file mode 100644 index 3662c852..00000000 --- a/requirements/touca-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2022.12.7 -commonmark==0.9.1 -flatbuffers==23.1.21 -rich==12.6.0 -touca-fbs==0.0.3 -urllib3==1.26.14 diff --git a/requirements/tox-requirements.txt b/requirements/tox-requirements.txt deleted file mode 100644 index 8284fb25..00000000 --- a/requirements/tox-requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -cachetools==5.3.1 -chardet==5.1.0 -colorama==0.4.6 -distlib==0.3.6 -filelock==3.12.2 -packaging==23.1 -platformdirs==3.6.0 -pluggy==1.0.0 -pyproject-api==1.5.2 -virtualenv==20.23.1 diff --git a/requirements/trailscraper-requirements.txt b/requirements/trailscraper-requirements.txt deleted file mode 100644 index 1a0a9097..00000000 --- a/requirements/trailscraper-requirements.txt +++ /dev/null @@ -1,15 +0,0 @@ -boto3==1.26.54 -botocore==1.29.59 -click==8.1.3 -dateparser==1.1.6 -jmespath==1.0.1 -python-dateutil==2.8.2 -pytz==2022.7.1 -pytz-deprecation-shim==0.1.0.post0 -regex==2022.10.31 -ruamel.yaml==0.17.21 -s3transfer==0.6.0 -toolz==0.12.0 -tzdata==2022.7 -tzlocal==4.2 -urllib3==1.26.14 diff --git a/requirements/translate-toolkit-requirements.txt b/requirements/translate-toolkit-requirements.txt deleted file mode 100644 index 29b232b9..00000000 --- a/requirements/translate-toolkit-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -lxml==4.9.2 diff --git a/requirements/trash-cli-requirements.txt b/requirements/trash-cli-requirements.txt deleted file mode 100644 index 1b9f3e29..00000000 --- a/requirements/trash-cli-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -psutil==5.9.4 -typing==3.7.4.3 diff --git a/requirements/trezor-agent-requirements.txt b/requirements/trezor-agent-requirements.txt deleted file mode 100644 index 2d074081..00000000 --- a/requirements/trezor-agent-requirements.txt +++ /dev/null @@ -1,46 +0,0 @@ -backports-shutil-which==3.5.2 -bech32==1.2.0 -bleak==0.20.2 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -configargparse==1.5.3 -construct==2.10.68 -construct-classes==0.1.2 -cryptography==41.0.1 -ecdsa==0.18.0 -ecpy==1.2.5 -future==0.18.3 -hidapi==0.14.0 -idna==3.4 -keepkey==6.3.1 -keepkey-agent==0.9.0 -ledger-agent==0.9.0 -ledgerblue==0.1.47 -libagent==0.14.7 -libusb1==3.0.0 -lockfile==0.12.2 -mnemonic==0.20 -ndeflib==0.3.3 -nfcpy==1.0.4 -protobuf==4.23.2 -pycryptodomex==3.18.0 -pydes==2.0.1 -pyelftools==0.29 -pymsgbox==1.0.9 -pynacl==1.5.0 -pyobjc-core==9.1.1 -pyobjc-framework-cocoa==9.1.1 -pyobjc-framework-corebluetooth==9.1.1 -pyobjc-framework-libdispatch==9.1.1 -pyserial==3.5 -python-daemon==3.0.1 -python-u2flib-host==3.0.3 -requests==2.31.0 -semver==3.0.0 -simple-rlp==0.1.3 -trezor==0.13.7 -unidecode==1.3.6 -urllib3==2.0.2 -websocket-client==1.5.2 -wheel==0.40.0 diff --git a/requirements/trzsz-requirements.txt b/requirements/trzsz-requirements.txt deleted file mode 100644 index 91d7fd7a..00000000 --- a/requirements/trzsz-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -iterm2==2.7 -trzsz-iterm2==1.1.2 -trzsz-libs==1.1.2 -trzsz-svr==1.1.2 -websockets==10.4 diff --git a/requirements/tvnamer-requirements.txt b/requirements/tvnamer-requirements.txt deleted file mode 100644 index 37c9c2d6..00000000 --- a/requirements/tvnamer-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -requests==2.31.0 -requests-cache==0.5.2 -tvdb-api==3.1.0 -urllib3==2.0.2 diff --git a/requirements/twarc-requirements.txt b/requirements/twarc-requirements.txt deleted file mode 100644 index 1c516c82..00000000 --- a/requirements/twarc-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-config-file==0.6.0 -click-plugins==1.1.1 -configobj==5.0.8 -humanize==4.6.0 -idna==3.4 -oauthlib==3.2.2 -python-dateutil==2.8.2 -requests==2.31.0 -requests-oauthlib==1.3.1 -tqdm==4.65.0 -urllib3==2.0.2 diff --git a/requirements/twine-pypi-requirements.txt b/requirements/twine-pypi-requirements.txt deleted file mode 100644 index f95bc6a0..00000000 --- a/requirements/twine-pypi-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -bleach==6.0.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -keyring==23.13.1 -markdown-it-py==2.2.0 -mdurl==0.1.2 -more-itertools==9.1.0 -pkginfo==1.9.6 -readme-renderer==37.3 -requests==2.31.0 -requests-toolbelt==1.0.0 -rfc3986==2.0.0 -rich==13.3.5 -urllib3==2.0.2 -webencodings==0.5.1 -zipp==3.15.0 diff --git a/requirements/twtxt-requirements.txt b/requirements/twtxt-requirements.txt deleted file mode 100644 index 91915612..00000000 --- a/requirements/twtxt-requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -aiohttp==3.8.3 -aiosignal==1.3.1 -async-timeout==4.0.2 -attrs==22.1.0 -charset-normalizer==2.1.1 -click==8.1.3 -frozenlist==1.3.3 -humanize==4.4.0 -idna==3.4 -multidict==6.0.2 -python-dateutil==2.8.2 -yarl==1.8.1 diff --git a/requirements/uhd-requirements.txt b/requirements/uhd-requirements.txt deleted file mode 100644 index 4e2025db..00000000 --- a/requirements/uhd-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -Mako==1.2.4 -MarkupSafe==2.1.2 diff --git a/requirements/urh-requirements.txt b/requirements/urh-requirements.txt deleted file mode 100644 index 069e31c6..00000000 --- a/requirements/urh-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -psutil==5.9.4 diff --git a/requirements/urlwatch-requirements.txt b/requirements/urlwatch-requirements.txt deleted file mode 100644 index 6de05198..00000000 --- a/requirements/urlwatch-requirements.txt +++ /dev/null @@ -1,14 +0,0 @@ -appdirs==1.4.4 -certifi==2023.5.7 -charset-normalizer==3.1.0 -cssselect==1.2.0 -idna==3.4 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -keyring==23.13.1 -lxml==4.9.2 -minidb==2.0.7 -more-itertools==9.1.0 -requests==2.31.0 -urllib3==2.0.2 -zipp==3.15.0 diff --git a/requirements/vdirsyncer-requirements.txt b/requirements/vdirsyncer-requirements.txt deleted file mode 100644 index bad88907..00000000 --- a/requirements/vdirsyncer-requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -aiohttp==3.8.4 -aiohttp-oauthlib==0.1.0 -aiosignal==1.3.1 -aiostream==0.4.5 -async-timeout==4.0.2 -atomicwrites==1.4.1 -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-log==0.4.0 -frozenlist==1.3.3 -idna==3.4 -multidict==6.0.4 -oauthlib==3.2.2 -requests==2.31.0 -requests-toolbelt==1.0.0 -urllib3==2.0.2 -yarl==1.9.2 diff --git a/requirements/vint-requirements.txt b/requirements/vint-requirements.txt deleted file mode 100644 index 392a6394..00000000 --- a/requirements/vint-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -ansicolor==0.3.2 -chardet==5.0.0 diff --git a/requirements/virt-manager-requirements.txt b/requirements/virt-manager-requirements.txt deleted file mode 100644 index dc901c5f..00000000 --- a/requirements/virt-manager-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -libvirt-python==9.5.0 -requests==2.31.0 -urllib3==1.26.16 diff --git a/requirements/virtualenv-requirements.txt b/requirements/virtualenv-requirements.txt deleted file mode 100644 index 4d554f84..00000000 --- a/requirements/virtualenv-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -distlib==0.3.6 -filelock==3.12.2 -platformdirs==3.5.3 diff --git a/requirements/virtualenvwrapper-requirements.txt b/requirements/virtualenvwrapper-requirements.txt deleted file mode 100644 index 0b1567de..00000000 --- a/requirements/virtualenvwrapper-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -appdirs==1.4.4 -pbr==5.5.1 -stevedore==3.3.0 -virtualenv-clone==0.5.4 diff --git a/requirements/virtualfish-requirements.txt b/requirements/virtualfish-requirements.txt deleted file mode 100644 index 54c9dafc..00000000 --- a/requirements/virtualfish-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -distlib==0.3.6 -filelock==3.12.0 -packaging==23.1 -pkgconfig==1.5.5 -platformdirs==3.5.0 -psutil==5.9.5 -virtualenv==20.23.0 diff --git a/requirements/vit-requirements.txt b/requirements/vit-requirements.txt deleted file mode 100644 index ae8a038c..00000000 --- a/requirements/vit-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -tasklib==2.5.1 -urwid==2.1.2 diff --git a/requirements/volatility-requirements.txt b/requirements/volatility-requirements.txt deleted file mode 100644 index 8f9ea6ec..00000000 --- a/requirements/volatility-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -attrs==22.2.0 -capstone==4.0.2 -future==0.18.3 -jsonschema==4.17.3 -pefile==2023.2.7 -pycryptodome==3.17 -pyrsistent==0.19.3 -yara-python==4.3.0 diff --git a/requirements/volk-requirements.txt b/requirements/volk-requirements.txt deleted file mode 100644 index c40e3877..00000000 --- a/requirements/volk-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -Mako==1.2.4 -MarkupSafe==2.1.1 diff --git a/requirements/vpn-slice-requirements.txt b/requirements/vpn-slice-requirements.txt deleted file mode 100644 index 1eca9c39..00000000 --- a/requirements/vpn-slice-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -dnspython==2.2.1 -setproctitle==1.3.2 diff --git a/requirements/vulture-requirements.txt b/requirements/vulture-requirements.txt deleted file mode 100644 index b77f536e..00000000 --- a/requirements/vulture-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -toml==0.10.2 diff --git a/requirements/watson-requirements.txt b/requirements/watson-requirements.txt deleted file mode 100644 index d4ff1972..00000000 --- a/requirements/watson-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -arrow==1.2.3 -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -click-didyoumean==0.3.0 -idna==3.4 -python-dateutil==2.8.2 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/waybackpy-requirements.txt b/requirements/waybackpy-requirements.txt deleted file mode 100644 index 9c3ce122..00000000 --- a/requirements/waybackpy-requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -click==8.1.3 -idna==3.4 -requests==2.31.0 -urllib3==2.0.2 diff --git a/requirements/weasyprint-requirements.txt b/requirements/weasyprint-requirements.txt deleted file mode 100644 index 85da5a4f..00000000 --- a/requirements/weasyprint-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -cssselect2==0.7.0 -html5lib==1.1 -pydyf==0.6.0 -pyphen==0.14.0 -tinycss2==1.2.1 -webencodings==0.5.1 -zopfli==0.2.2 diff --git a/requirements/west-requirements.txt b/requirements/west-requirements.txt deleted file mode 100644 index aa41a31b..00000000 --- a/requirements/west-requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -colorama==0.4.6 -docopt==0.6.2 -packaging==23.1 -pykwalify==1.8.0 -python-dateutil==2.8.2 -ruamel-yaml==0.17.31 -ruamel-yaml-clib==0.2.7 diff --git a/requirements/woob-requirements.txt b/requirements/woob-requirements.txt deleted file mode 100644 index 28346f56..00000000 --- a/requirements/woob-requirements.txt +++ /dev/null @@ -1,16 +0,0 @@ -babel==2.12.1 -certifi==2023.5.7 -charset-normalizer==3.1.0 -colorama==0.4.6 -html2text==2020.1.16 -idna==3.4 -lxml==4.9.2 -markdown-it-py==2.2.0 -mdurl==0.1.2 -packaging==23.1 -pycountry==22.3.5 -python-dateutil==2.8.2 -requests==2.31.0 -rich==13.3.5 -unidecode==1.3.6 -urllib3==2.0.2 diff --git a/requirements/xdot-requirements.txt b/requirements/xdot-requirements.txt deleted file mode 100644 index 68851700..00000000 --- a/requirements/xdot-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -graphviz==0.20 diff --git a/requirements/xonsh-requirements.txt b/requirements/xonsh-requirements.txt deleted file mode 100644 index ea64ee51..00000000 --- a/requirements/xonsh-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -prompt-toolkit==3.0.38 -pyperclip==1.8.2 -setproctitle==1.3.2 -wcwidth==0.2.6 diff --git a/requirements/xxh-requirements.txt b/requirements/xxh-requirements.txt deleted file mode 100644 index 7f04437c..00000000 --- a/requirements/xxh-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -pexpect==4.8.0 -ptyprocess==0.7.0 diff --git a/requirements/yamllint-requirements.txt b/requirements/yamllint-requirements.txt deleted file mode 100644 index 85502a07..00000000 --- a/requirements/yamllint-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pathspec==0.11.1 diff --git a/requirements/yapf-requirements.txt b/requirements/yapf-requirements.txt deleted file mode 100644 index 92fc2bb4..00000000 --- a/requirements/yapf-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -importlib-metadata==6.7.0 -platformdirs==3.6.0 -tomli==2.0.1 -zipp==3.15.0 diff --git a/requirements/yelp-tools-requirements.txt b/requirements/yelp-tools-requirements.txt deleted file mode 100644 index ef050ea4..00000000 --- a/requirements/yelp-tools-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -lxml==4.9.1 diff --git a/requirements/ykdl-requirements.txt b/requirements/ykdl-requirements.txt deleted file mode 100644 index 9b927fc6..00000000 --- a/requirements/ykdl-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -iso8601==1.1.0 -jsengine==1.0.5 -m3u8==3.3.0 diff --git a/requirements/ykman-requirements.txt b/requirements/ykman-requirements.txt deleted file mode 100644 index 07fbdad7..00000000 --- a/requirements/ykman-requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -click==8.1.3 -cryptography==41.0.1 -fido2==1.1.1 -importlib-metadata==6.6.0 -jaraco-classes==3.2.3 -more-itertools==9.1.0 -pyscard==2.0.7 -zipp==3.15.0 diff --git a/requirements/yle-dl-requirements.txt b/requirements/yle-dl-requirements.txt deleted file mode 100644 index b0e175ce..00000000 --- a/requirements/yle-dl-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -attrs==23.1.0 -certifi==2023.5.7 -charset-normalizer==3.1.0 -configargparse==1.5.3 -idna==3.4 -lxml==4.9.2 -requests==2.31.0 -urllib3==2.0.3 -xattr==0.10.1 diff --git a/requirements/yt-dlp-requirements.txt b/requirements/yt-dlp-requirements.txt deleted file mode 100644 index c947d06c..00000000 --- a/requirements/yt-dlp-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -brotli==1.0.9 -certifi==2023.5.7 -mutagen==1.46.0 -pycryptodomex==3.18.0 -websockets==11.0.3 diff --git a/requirements/zabbix-cli-requirements.txt b/requirements/zabbix-cli-requirements.txt deleted file mode 100644 index b76ce1ee..00000000 --- a/requirements/zabbix-cli-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -certifi==2022.9.24 -charset-normalizer==2.1.1 -idna==3.4 -requests==2.28.1 -urllib3==1.26.12 diff --git a/requirements/zim-requirements.txt b/requirements/zim-requirements.txt deleted file mode 100644 index f0e31dea..00000000 --- a/requirements/zim-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pyxdg==0.28 diff --git a/requirements/zurl-requirements.txt b/requirements/zurl-requirements.txt deleted file mode 100644 index 1085a114..00000000 --- a/requirements/zurl-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pyzmq==24.0.1