jsjiang
commented
1 month ago Python package upgrade ticket #742 should resolve cryptography version related alert: Upgrade cryptography to version 43.0.1 or later.
git diff on poetry.lock:
[[package]]
name = "cryptography"
- version = "43.0.0"
+ version = "43.0.1"
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels #149 [Moderate]
149 opened 2 weeks ago • Detected in cryptography (pip) • poetry.lock - Upgrade cryptography to version 43.0.1 or later.
send vulnerable to template injection that can lead to XSS #152[Moderate]
152 opened last week • Detected in send (npm) • package-lock.json - Upgrade send to version 0.19.0 or later.
serve-static vulnerable to template injection that can lead to XSS #151 [Moderate]
151 opened last week • Detected in serve-static (npm) • package-lock.json - Upgrade serve-static to version 1.16.0 or later.
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS #150
150 opened 2 weeks ago • Detected in webpack (npm) • package-lock.json - Upgrade webpack to version 5.94.0 or later.