dead10c5 / badge-project-template Goto Github PK
View Code? Open in Web Editor NEWUse this framework to start a badge project.
License: MIT License
Use this framework to start a badge project.
License: MIT License
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/markdown.yml
actions/checkout v4
nosborn/github-action-markdown-cli v3.3.0
.github/workflows/reuse.yml
actions/checkout v4
fsfe/reuse-action v2.0.0
src/requirements.txt
Path to dependency file: /src/requirements.txt
Path to vulnerable library: /src/requirements.txt
Found in HEAD commit: 5881f15b59821b26b470414322d95f74bd6a15c2
CVE | Severity | CVSS | Dependency | Type | Fixed in (esptool version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2024-26130 | High | 7.5 | cryptography-42.0.1-cp37-abi3-manylinux_2_28_x86_64.whl | Transitive | N/A* | ❌ |
CVE-2024-23342 | High | 7.4 | ecdsa-0.18.0-py2.py3-none-any.whl | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/f6/79/227c6f7e98657cf9387d5797d56e983165f294ed838679b2b8ca12118e18/cryptography-42.0.1-cp37-abi3-manylinux_2_28_x86_64.whl
Path to dependency file: /src/requirements.txt
Path to vulnerable library: /src/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 5881f15b59821b26b470414322d95f74bd6a15c2
Found in base branch: main
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serialize_key_and_certificates
is called with both a certificate whose public key did not match the provided private key and an encryption_algorithm
with hmac_hash
set (via PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)
, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a ValueError
is properly raised.
Publish Date: 2024-02-21
URL: CVE-2024-26130
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6vqw-3v5j-54x4
Release Date: 2024-02-21
Fix Resolution: cryptography - 42.0.4
Step up your Open Source Security Game with Mend here
ECDSA cryptographic signature library (pure python)
Library home page: https://files.pythonhosted.org/packages/09/d4/4f05f5d16a4863b30ba96c23b23e942da8889abfa1cdbabf2a0df12a4532/ecdsa-0.18.0-py2.py3-none-any.whl
Path to dependency file: /src/requirements.txt
Path to vulnerable library: /src/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 5881f15b59821b26b470414322d95f74bd6a15c2
Found in base branch: main
The ecdsa
PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
Publish Date: 2024-01-23
URL: CVE-2024-23342
Base Score Metrics:
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.