Safety vulnerability ID: 65887
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Embody-codec version 1.0.28 raises its Python version requirement from at least 3.7 but less than 4.0, to now requiring a minimum of 3.9 due to security concerns outlined in CVE-2020-8492.
https://github.com/aidee-health/embody-codec/pull/354/commits/a82092116340a5ee3d7d6fd70d11fb5bd4c2746d
Latest version: 1.0.31
Embody Codec
Changes
:package: Dependencies
* Bump version to 1.0.28 (355) espenwest
* Update vulnerable dependencies (354) espenwest
* Bump cryptography from 41.0.7 to 42.0.5 (350) dependabot
* Bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12 (351) dependabot
* Bump nox from 2023.4.22 to 2024.3.2 in /.github/workflows (352) dependabot
* Bump poetry from 1.7.1 to 1.8.2 in /.github/workflows (353) dependabot
* Bump virtualenv from 20.25.0 to 20.25.1 in /.github/workflows (348) dependabot
* Bump cryptography from 41.0.7 to 42.0.4 (347) dependabot
* Bump safety-schemas from 0.0.1 to 0.0.2 (345) dependabot
* Bump certifi from 2023.11.17 to 2024.2.2 (344) dependabot
* Bump markupsafe from 2.1.4 to 2.1.5 (343) dependabot
* Bump packaging from 23.0 to 23.2 (342) dependabot
* Bump rich from 13.6.0 to 13.7.0 (333) dependabot
* Bump idna from 3.4 to 3.6 (334) dependabot
* Bump pygments from 2.16.1 to 2.17.2 (335) dependabot
* Bump safety from 2.3.4 to 3.0.1 (337) dependabot
* Bump release-drafter/release-drafter from 5.25.0 to 6.0.0 (338) dependabot
* Bump pip from 23.3.2 to 24.0 in /.github/workflows (339) dependabot
* Bump ruamel-yaml from 0.17.35 to 0.18.6 (340) dependabot
* Bump pytest from 7.4.2 to 7.4.4 (327) dependabot
* Bump attrs from 23.1.0 to 23.2.0 (328) dependabot
* Bump actions/cache from 3 to 4 (329) dependabot
* Bump distlib from 0.3.7 to 0.3.8 (330) dependabot
* Bump gitdb from 4.0.10 to 4.0.11 (331) dependabot
* Bump actions/dependency-review-action from 3 to 4 (332) dependabot
* Bump actions/upload-artifact from 3 to 4 (323) dependabot
* Bump actions/download-artifact from 3 to 4 (324) dependabot
* Bump exceptiongroup from 1.1.3 to 1.2.0 (315) dependabot
* Bump charset-normalizer from 3.3.0 to 3.3.2 (316) dependabot
* Bump certifi from 2023.7.22 to 2023.11.17 (317) dependabot
* Bump pbr from 5.11.1 to 6.0.0 (318) dependabot
* Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (319) dependabot
* Bump virtualenv from 20.24.7 to 20.25.0 in /.github/workflows (320) dependabot
* Bump actions/setup-python from 4 to 5 (321) dependabot
* Bump github/codeql-action from 2 to 3 (322) dependabot
* Bump pip from 23.2.1 to 23.3.2 in /.github/workflows (325) dependabot
* Bump gitpython from 3.1.40 to 3.1.41 (326) dependabot
* Bump poetry from 1.6.1 to 1.7.1 in /.github/workflows (313) dependabot
* Bump virtualenv from 20.24.5 to 20.24.7 in /.github/workflows (314) dependabot
* Bump gitpython from 3.1.37 to 3.1.40 (302) dependabot
* Bump release-drafter/release-drafter from 5.24.0 to 5.25.0 (301) dependabot
* Bump urllib3 from 2.0.6 to 2.0.7 (299) dependabot
* Bump pre-commit from 2.20.0 to 2.21.0 (297) dependabot
* Bump virtualenv from 20.4.7 to 20.16.2 (296) dependabot
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application