Product Research Enterprise Plans Docs

PyPi: Rokuecp

CVE-2024-21503

Transitive

Safety vulnerability ID: 70878

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 19, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Rokuecp version 0.19.3 upgrades the dependency "black" from 24.2.0 to 24.3.0 in response to CVE-2024-21503, addressing a Regex-related denial of service vulnerability.

Affected package

rokuecp

Latest version: 0.19.4

Asynchronous Python client for Roku (ECP)

Affected versions

Fixed versions

Vulnerability changelog

What’s changed

Bug fixes

- Fix default datetime handling in state models ctalkington (703)

Enhancements

- Remove redundant defaults in models.py ctalkington (704)

Dependency updates

- chore(deps): update dependency coverage to v7.4.4 renovate (687)
- chore(deps): update dependency black to v24.3.0 [security] renovate (690)
- chore(deps): update dependency mypy to v1.10.0 renovate (686)
- fix(deps): update dependency awesomeversion to v24 renovate (675)
- chore(deps): lock file maintenance renovate (678)
- chore(deps): update dependency pre-commit to v3.7.0 renovate (691)
- chore(deps): update dependency pytest-asyncio to v0.23.6 renovate (689)
- chore(deps): update dependency pytest-cov to v5 renovate (692)
- chore(deps): update dependency safety to v3 renovate (659)
- chore(deps): lock file maintenance renovate (702)
- chore(deps): update actions/setup-python action to v5.1.0 renovate (698)
- chore(deps): update dependency coverage to v7.5.1 renovate (701)
- chore(deps): update codecov/codecov-action action to v4.3.1 renovate (699)
- chore(deps): update dependency black to v24.4.2 renovate (700)
- chore(deps): update actions/upload-artifact action to v4.3.3 renovate (697)
- chore(deps): update actions/download-artifact action to v4.1.7 renovate (696)
- chore(deps): update actions/checkout action to v4.1.4 renovate (695)
- chore(deps): update dependency ruff to v0.4.3 renovate (661)
- chore(deps): update dependency freezegun to v1.5.0 renovate (705)
- chore(deps): update dependency node to v18.20.2 renovate (706)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application