Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 57 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pyjwt | 2.3.0 | >=1.5.0,<2.4.0 | 48542 | +==============================================================================+ | PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple | | different JWT signing algorithms. With JWT, an attacker submitting the JWT | | token can choose the used signing algorithm. The PyJWT library requires that | | the application chooses what algorithms are supported. The application can | | specify 'jwt.algorithms.get_default_algorithms()' to get support for all | | algorithms, or specify a single algorithm. The issue is not that big as | | 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. Users | | should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, | | always be explicit with the algorithms that are accepted and expected when | | decoding. | +==============================================================================+ +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 36 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.12.2 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```
- Loading branch information