PyPi: Cashocs

CVE-2023-45139

Transitive

Safety vulnerability ID: 64980

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 10, 2024 Updated at Dec 12, 2024
Scan your Python projects for vulnerabilities →

Advisory

Cashocs version 2.1.0 updates its fonttools dependency from version 4.38.0 to 4.43.0 to address the security issue identified as CVE-2023-45139.
https://github.com/sblauth/cashocs/pull/372/commits/c15b23e743b3046b8afae8b6a0967044f163c8ce

Affected package

cashocs

Latest version: 2.3.3

Computational Adjoint-Based Shape Optimization and Optimal Control Software

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Bump jupytext from 1.14.5 to 1.14.6 by dependabot in https://github.com/sblauth/cashocs/pull/243
* Fix a bug when computing the transfer matrix with remeshing by sblauth in https://github.com/sblauth/cashocs/pull/244
* Add configuration file parameter [LineSearch][fail_if_not_converged] by sblauth in https://github.com/sblauth/cashocs/pull/245
* Fix for computing the global deformation function by sblauth in https://github.com/sblauth/cashocs/pull/246
* Add keyword arguments pre_callback and post_callback to optimization problems by sblauth in https://github.com/sblauth/cashocs/pull/248
* Hotfix/2.0.4 - Add preconditioner forms to topology optimization by sblauth in https://github.com/sblauth/cashocs/pull/249
* Fix an issue with the fail_if_not_converged parameter by sblauth in https://github.com/sblauth/cashocs/pull/250
* Bump actions/checkout from 3.5.2 to 3.5.3 by dependabot in https://github.com/sblauth/cashocs/pull/251
* Fix a bug in the Newton solver with MPI by sblauth in https://github.com/sblauth/cashocs/pull/252
* Fix PETSc version to <= 3.17.4 as a temporary workaround by sblauth in https://github.com/sblauth/cashocs/pull/257
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/255
* Update from provision-with-micromamba to setup-micromamba by sblauth in https://github.com/sblauth/cashocs/pull/256
* Bump jupytext from 1.14.6 to 1.14.7 by dependabot in https://github.com/sblauth/cashocs/pull/260
* Hotfix/2.0.7 by sblauth in https://github.com/sblauth/cashocs/pull/261
* Change np.alltrue to np.all by sblauth in https://github.com/sblauth/cashocs/pull/262
* Bump myst-parser from 1.0.0 to 2.0.0 by dependabot in https://github.com/sblauth/cashocs/pull/254
* Use a different criterion for the BFGS curvature test by sblauth in https://github.com/sblauth/cashocs/pull/263
* Hotfix/2.0.8 by sblauth in https://github.com/sblauth/cashocs/pull/265
* Add configuration parameter "remesh_iter" to Section "MeshQuality" by sblauth in https://github.com/sblauth/cashocs/pull/267
* Hotfix/2.0.9 by sblauth in https://github.com/sblauth/cashocs/pull/269
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/270
* Bump sphinx-design from 0.4.1 to 0.5.0 by dependabot in https://github.com/sblauth/cashocs/pull/273
* Bump jupytext from 1.14.7 to 1.15.0 by dependabot in https://github.com/sblauth/cashocs/pull/272
* Bump sphinx from 6.2.1 to 7.1.1 by dependabot in https://github.com/sblauth/cashocs/pull/274
* Bump docutils from 0.19 to 0.20.1 by dependabot in https://github.com/sblauth/cashocs/pull/238
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/275
* Move to mambaorg/micromamba as docker base image for CI by sblauth in https://github.com/sblauth/cashocs/pull/276
* Add new function cashocs.io.extract_mesh_from_xdmf and corresponding CLI by sblauth in https://github.com/sblauth/cashocs/pull/277
* Fix extract_mesh_from_xdmf so that it can also be run in parallel by sblauth in https://github.com/sblauth/cashocs/pull/278
* Bump sphinx from 7.1.1 to 7.1.2 by dependabot in https://github.com/sblauth/cashocs/pull/279
* Add the option to extract more sophisticated meshes when using Gmsh by sblauth in https://github.com/sblauth/cashocs/pull/282
* Raises a warning if remeshing fails due to wrong Gmsh file by sblauth in https://github.com/sblauth/cashocs/pull/283
* Add the possibility for checkpointing by sblauth in https://github.com/sblauth/cashocs/pull/286
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/287
* Bump sphinx from 7.1.2 to 7.2.2 by dependabot in https://github.com/sblauth/cashocs/pull/289
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/291
* Bump sphinx from 7.2.2 to 7.2.3 by dependabot in https://github.com/sblauth/cashocs/pull/292
* Hotfix/2.0.10 by sblauth in https://github.com/sblauth/cashocs/pull/294
* Bump actions/checkout from 3.5.3 to 3.6.0 by dependabot in https://github.com/sblauth/cashocs/pull/295
* Bump sphinx from 7.2.3 to 7.2.4 by dependabot in https://github.com/sblauth/cashocs/pull/296
* Bump jupytext from 1.15.0 to 1.15.1 by dependabot in https://github.com/sblauth/cashocs/pull/297
* Bump sphinx from 7.2.4 to 7.2.5 by dependabot in https://github.com/sblauth/cashocs/pull/298
* Bump actions/checkout from 3.6.0 to 4.0.0 by dependabot in https://github.com/sblauth/cashocs/pull/300
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/302
* Bump docker/login-action from 2 to 3 by dependabot in https://github.com/sblauth/cashocs/pull/305
* Bump docker/build-push-action from 4 to 5 by dependabot in https://github.com/sblauth/cashocs/pull/304
* Bump docker/metadata-action from 4 to 5 by dependabot in https://github.com/sblauth/cashocs/pull/303
* Hotfix/2.0.11 by sblauth in https://github.com/sblauth/cashocs/pull/309
* Bump sphinx from 7.2.5 to 7.2.6 by dependabot in https://github.com/sblauth/cashocs/pull/310
* Bump pydata-sphinx-theme from 0.13.3 to 0.14.0 by dependabot in https://github.com/sblauth/cashocs/pull/313
* Bump jupytext from 1.15.1 to 1.15.2 by dependabot in https://github.com/sblauth/cashocs/pull/312
* Add version warning banners and (more) colors to the docs by sblauth in https://github.com/sblauth/cashocs/pull/314
* Bump pydata-sphinx-theme from 0.14.0 to 0.14.1 by dependabot in https://github.com/sblauth/cashocs/pull/315
* Bump actions/checkout from 4.0.0 to 4.1.0 by dependabot in https://github.com/sblauth/cashocs/pull/317
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/318
* FIX: Pin PETSc to <= 3.19. DOCS: Add tutorials for topology optimization problems by sblauth in https://github.com/sblauth/cashocs/pull/323
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/319
* CI: Remove occt pin, update pins for meshio and pytest by sblauth in https://github.com/sblauth/cashocs/pull/326
* FIX: Fix the bugs in the parallel demos by sblauth in https://github.com/sblauth/cashocs/pull/329
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/330
* Pin mpi4py to versions <= 3.1.4 by sblauth in https://github.com/sblauth/cashocs/pull/338
* Bump actions/checkout from 4.1.0 to 4.1.1 by dependabot in https://github.com/sblauth/cashocs/pull/332
* FEAT: Improve the visualization of the shape in topology optimization by sblauth in https://github.com/sblauth/cashocs/pull/339
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/335
* FEAT: Json output is now nicer to read for humans by sblauth in https://github.com/sblauth/cashocs/pull/331
* FEAT: Adds the possibility of passing an argument to callback functions by sblauth in https://github.com/sblauth/cashocs/pull/328
* FIX: Fixes a bug where the mesh files were not written properly by sblauth in https://github.com/sblauth/cashocs/pull/340
* Bump pydata-sphinx-theme from 0.14.1 to 0.14.2 by dependabot in https://github.com/sblauth/cashocs/pull/341
* Remove the pin on mpi4py by sblauth in https://github.com/sblauth/cashocs/pull/342
* [Snyk] Fix for 4 vulnerabilities by sblauth in https://github.com/sblauth/cashocs/pull/345
* Bump pydata-sphinx-theme from 0.14.2 to 0.14.3 by dependabot in https://github.com/sblauth/cashocs/pull/347
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/346
* Add a config file parameter "global_deformation" for the deformation by sblauth in https://github.com/sblauth/cashocs/pull/348
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/349
* Bump pydata-sphinx-theme from 0.14.3 to 0.14.4 by dependabot in https://github.com/sblauth/cashocs/pull/352
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/351
* Rename APosterioriTester to IntersectionTester and add a config parameter by sblauth in https://github.com/sblauth/cashocs/pull/355
* Bump jupytext from 1.15.2 to 1.16.0 by dependabot in https://github.com/sblauth/cashocs/pull/357
* Fix a bug when computing the mesh quality in parallel by sblauth in https://github.com/sblauth/cashocs/pull/360
* Bump actions/setup-python from 4 to 5 by dependabot in https://github.com/sblauth/cashocs/pull/362
* [Snyk] Security upgrade numpy from 1.21.3 to 1.22.2 by sblauth in https://github.com/sblauth/cashocs/pull/361
* CI: Improve and update GitHub actions workflows by sblauth in https://github.com/sblauth/cashocs/pull/363
* Add compatibility for ufl 2023 and ufl_legacy by sblauth in https://github.com/sblauth/cashocs/pull/364
* Fix two bugs regarding the remeshing in cashocs by sblauth in https://github.com/sblauth/cashocs/pull/365
* Fix the docs at demos/documented/misc/xdmf_io/demo_xdmf_io by sblauth in https://github.com/sblauth/cashocs/pull/366
* Add the parameter "inhomogeneous_exponent" to the Section ShapeGradient by sblauth in https://github.com/sblauth/cashocs/pull/367
* FIX: Change the way the temporary files are deleted when remeshing by sblauth in https://github.com/sblauth/cashocs/pull/368
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/369
* Bump github/codeql-action from 2 to 3 by dependabot in https://github.com/sblauth/cashocs/pull/370
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/371
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/373
* [Snyk] Security upgrade fonttools from 4.38.0 to 4.43.0 by sblauth in https://github.com/sblauth/cashocs/pull/372
* Fix broken autodoc handling of docs by sblauth in https://github.com/sblauth/cashocs/pull/374
* Bump pydata-sphinx-theme from 0.14.4 to 0.15.1 by dependabot in https://github.com/sblauth/cashocs/pull/375
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/376
* Bump jupytext from 1.16.0 to 1.16.1 by dependabot in https://github.com/sblauth/cashocs/pull/378
* Bump pydata-sphinx-theme from 0.15.1 to 0.15.2 by dependabot in https://github.com/sblauth/cashocs/pull/379
* FEAT: Add the kwargs `linear_solver` and `adjoint_linear_solver` by sblauth in https://github.com/sblauth/cashocs/pull/380
* Bump nowsprinting/check-version-format-action from 3 to 4 by dependabot in https://github.com/sblauth/cashocs/pull/382
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/381
* Bump meshio from 5.3.4 to 5.3.5 by dependabot in https://github.com/sblauth/cashocs/pull/383
* Hotfix/2.0.14 by sblauth in https://github.com/sblauth/cashocs/pull/386
* Prevent upload to codacy action blocking PRs from forks by sblauth in https://github.com/sblauth/cashocs/pull/387
* Add the kwarg `newton_linearization` to the optimization problems by sblauth in https://github.com/sblauth/cashocs/pull/390
* Add the possibility to specify the preconditioner form as bilinear form in Newton's method by sblauth in https://github.com/sblauth/cashocs/pull/392
* ENH: Newton's method now uses the user-specified relative tolerance by sblauth in https://github.com/sblauth/cashocs/pull/393


**Full Changelog**: https://github.com/sblauth/cashocs/compare/v2.0.14...v2.1.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
NONE
Availability Availability (A)
NONE