Skip to content

Commit

Permalink
chore(deps): update dependency aiohttp to v3.9.4 [security]
Browse files Browse the repository at this point in the history
  • Loading branch information
plural-renovate[bot] committed Jun 5, 2024
1 parent 64ac910 commit f0e99d7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ai/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
aiohttp==3.9.0
aiohttp==3.9.4

Check failure

Code scanning / Trivy

`python-multipart` is a streaming multipart parser for Python. When us ... High

Package: fastapi
Installed Version: 0.100.0
Vulnerability CVE-2024-24762
Severity: HIGH
Fixed Version: 0.109.1
Link: CVE-2024-24762

Check warning

Code scanning / Trivy

python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() Medium

Package: idna
Installed Version: 3.4
Vulnerability CVE-2024-3651
Severity: MEDIUM
Fixed Version: 3.7
Link: CVE-2024-3651

Check warning

Code scanning / Trivy

langchain vulnerable to path traversal Medium

Package: langchain
Installed Version: 0.0.329
Vulnerability CVE-2024-3571
Severity: MEDIUM
Fixed Version: 0.0.353
Link: CVE-2024-3571

Check notice

Code scanning / Trivy

langchain Server-Side Request Forgery vulnerability Low

Package: langchain
Installed Version: 0.0.329
Vulnerability CVE-2024-0243
Severity: LOW
Fixed Version: 0.1.0
Link: CVE-2024-0243

Check notice

Code scanning / Trivy

LangChain directory traversal vulnerability Low

Package: langchain
Installed Version: 0.0.329
Vulnerability CVE-2024-28088
Severity: LOW
Fixed Version: 0.0.339
Link: CVE-2024-28088

Check failure

Code scanning / Trivy

llama-index vulnerable to arbitrary code execution Critical

Package: llama-index
Installed Version: 0.7.4
Vulnerability CVE-2023-39662
Severity: CRITICAL
Fixed Version: 0.9.14
Link: CVE-2023-39662

Check warning

Code scanning / Trivy

python-pydantic: regular expression denial of service via crafted email string Medium

Package: pydantic
Installed Version: 1.10.11
Vulnerability CVE-2024-3772
Severity: MEDIUM
Fixed Version: 2.4.0, 1.10.13
Link: CVE-2024-3772

Check failure

Code scanning / Trivy

`python-multipart` is a streaming multipart parser for Python. When us ... High

Package: starlette
Installed Version: 0.27.0
Vulnerability CVE-2024-24762
Severity: HIGH
Fixed Version: 0.36.2
Link: CVE-2024-24762

Check notice

Code scanning / Trivy

python-tqdm: non-boolean CLI arguments may lead to local code execution Low

Package: tqdm
Installed Version: 4.65.0
Vulnerability CVE-2024-34062
Severity: LOW
Fixed Version: 4.66.3
Link: CVE-2024-34062

Check failure

Code scanning / Trivy

RunGptLLM class in LlamaIndex has a command injection High

Package: llama-index
Installed Version: 0.7.4
Vulnerability CVE-2024-4181
Severity: HIGH
Fixed Version: 0.10.13
Link: CVE-2024-4181

Check warning

Code scanning / Trivy

requests: subsequent requests to the same host ignore cert verification Medium

Package: requests
Installed Version: 2.31.0
Vulnerability CVE-2024-35195
Severity: MEDIUM
Fixed Version: 2.32.0
Link: CVE-2024-35195
aiosignal==1.3.1
anyio==3.7.1
async-timeout==4.0.2
Expand Down

0 comments on commit f0e99d7

Please sign in to comment.