Workflow

PyPi: Qweb

CVE-2024-35195

Transitive

Safety vulnerability ID: 71675

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Qweb 3.3.2 updates its minimum allowed version of requests from 2.31.0 to 2.32.0 due to security concerns, including CVE-2024-35195.

Affected package

qweb

Latest version: 3.4.2

Keyword driven automation for the web

Affected versions

Fixed versions

Vulnerability changelog

Fixed
- Added support for non-breakable spaces when searching for text directly inside `<slot>`
- partial_match=False was not correctly handled as boolean in few places
- partial_match was not taken into account at all on ClickCheckbox even if it should have
- Improved **table** keywords documentation regarding the coordinate format

Changed
- Made **//last** argument in GetTableRow case insensitive
- Deps: Made numpy a direct dependency and locked version since opencv does not yet have a release with numpy 2.0 support
- Deps: Bumped minimum allowed version of requests due to security alert
- Deps: Allows more recent versions of pyobjc on Mac

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application