Closed renovate[bot] closed 5 months ago
Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
---|---|---|---|---|---|
❌ ACTION | actionlint | 2 | 1 | 0.09s | |
⚠️ BASH | bash-exec | 354 | 109 | 1.22s | |
❌ BASH | shellcheck | 354 | 4942 | 82.45s | |
⚠️ BASH | shfmt | 354 | 313 | 1 | 2.09s |
❌ COPYPASTE | jscpd | yes | 1 | 5402.6s | |
❌ CSS | stylelint | 6 | 6 | 1 | 3.58s |
❌ DOCKERFILE | hadolint | 12 | 1 | 0.97s | |
❌ HTML | djlint | 38 | 1 | 5.54s | |
❌ HTML | htmlhint | 38 | 2392 | 0.95s | |
❌ JAVASCRIPT | eslint | 6139 | 0 | 1 | 59.27s |
❌ JAVASCRIPT | standard | 6139 | 6115 | 1 | 619.81s |
❌ JSON | jsonlint | 232 | 1 | 0.4s | |
❌ JSON | npm-package-json-lint | yes | 1 | 1.71s | |
✅ JSON | prettier | 232 | 139 | 0 | 6.01s |
❌ JSON | v8r | 232 | 1 | 274.06s | |
⚠️ MARKDOWN | markdownlint | 269 | 227 | 1165 | 22.28s |
❌ MARKDOWN | markdown-link-check | 269 | 27 | 14.92s | |
✅ MARKDOWN | markdown-table-formatter | 269 | 229 | 0 | 2.01s |
❌ PROTOBUF | protolint | 162 | 103 | 3 | 153.26s |
❌ REPOSITORY | checkov | yes | 66 | 224.24s | |
❌ REPOSITORY | gitleaks | yes | 1231 | 704.83s | |
❌ REPOSITORY | git_diff | yes | 1 | 3.85s | |
❌ REPOSITORY | grype | yes | 1 | 16.73s | |
❌ REPOSITORY | secretlint | yes | 1 | 9571.4s | |
❌ REPOSITORY | trivy | yes | 1 | 15.39s | |
✅ REPOSITORY | trivy-sbom | yes | no | 1.8s | |
✅ REPOSITORY | trufflehog | yes | no | 65.89s | |
❌ SPELL | cspell | 40760 | 1122216 | 15811.05s | |
❌ SPELL | lychee | 5676 | 1 | 8.15s | |
✅ SQL | sql-lint | 1 | 0 | 0.51s | |
✅ XML | xmllint | 41 | 0 | 0 | 1.34s |
⚠️ YAML | prettier | 662 | 512 | 1 | 23.06s |
❌ YAML | v8r | 662 | 1 | 492.69s | |
❌ YAML | yamllint | 662 | 1 | 23.94s |
See detailed report in MegaLinter reports
This PR contains the following updates:
==2.4.2
->==2.6.1
GitHub Vulnerability Alerts
CVE-2023-29483
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
Release Notes
rthalley/dnspython (dnspython)
### [`v2.6.1`](https://togithub.com/rthalley/dnspython/releases/tag/v2.6.1): dnspython 2.6.1 [Compare Source](https://togithub.com/rthalley/dnspython/compare/v2.6.0...v2.6.1) See [What's New](https://dnspython.readthedocs.io/en/latest/whatsnew.html) for details. This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP. This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired. Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington. ### [`v2.6.0`](https://togithub.com/rthalley/dnspython/releases/tag/v2.6.0): dnspython 2.6.0 [Compare Source](https://togithub.com/rthalley/dnspython/compare/v2.5.0...v2.6.0) See [What's New](https://dnspython.readthedocs.io/en/latest/whatsnew.html) for details. This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired. Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington. ### [`v2.5.0`](https://togithub.com/rthalley/dnspython/releases/tag/v2.5.0): dnspython 2.5.0 [Compare Source](https://togithub.com/rthalley/dnspython/compare/v2.4.2...v2.5.0) See the [What's New](https://dnspython.readthedocs.io/en/stable/whatsnew.html) page for a summary of this release. Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.