CVE-2020-36242

Advisory

Nox-poetry 0.8.2 updates its dependency 'cryptography' to v3.4.6 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

:beetle: Fixes

* Convert exported requirements to constraints format (308) cjolowicz
* Do not set TMPDIR when exporting to requirements.txt (298) cjolowicz
* Do not skip pre-install commands when --install-only is passed (311) cjolowicz
* Use portable file URLs when installing the root package (299) cjolowicz

:books: Documentation

* Add disclaimer to README (304) cjolowicz
* Improve Contributor Guide section about development setup (302) cjolowicz
* Update badges to point to the main branch (301) cjolowicz

:package: Dependencies

* Bump codecov/codecov-action from v1.2.1 to v1.2.2 (296) dependabot
* Bump coverage from 5.4 to 5.5 (306) dependabot
* Bump darglint from 1.6.0 to 1.7.0 (309) dependabot
* Bump flake8-bugbear from 20.11.1 to 21.3.2 (307) dependabot
* Bump furo from 2020.12.30b24 to 2021.2.28b28 (310) dependabot
* Bump furo from 2020.12.30b24 to 2021.2.28b28 in /docs (287) dependabot
* Bump mypy from 0.800 to 0.812 (305) dependabot
* Bump poetry from 1.1.4 to 1.1.5 (303) dependabot
* Bump poetry from 1.1.4 to 1.1.5 in /.github/workflows (291) dependabot
* Bump pre-commit from 2.10.0 to 2.11.1 (297) dependabot
* Bump pygments from 2.7.4 to 2.8.1 (294) dependabot
* Bump pypa/gh-action-pypi-publish from v1.4.1 to v1.4.2 (275) dependabot
* Bump release-drafter/release-drafter from v5.13.0 to v5.14.0 (278) dependabot
* Bump reorder-python-imports from 2.3.6 to 2.4.0 (273) dependabot
* Bump sphinx from 3.4.3 to 3.5.2 (293) dependabot
* Bump sphinx from 3.4.3 to 3.5.2 in /docs (292) dependabot
* Bump typeguard from 2.10.0 to 2.11.1 (283) dependabot
* Update subdependencies (312) cjolowicz
* Upgrade vulnerable subdependencies (300) cjolowicz

Resources

• https://pypi.org/project/nox-poetry
• https://pyup.io/changelogs/nox-poetry/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242