safety check returns some vulnerability #64
Description
Python package safety returns some vulnerability:
+==============================================================================+
/$$$$$$ /$$
/$$__ $$ | $$
/$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$
/$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$
| $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$
\____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$
/$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$
|_______/ \_______/|__/ \_______/ \___/ \____ $$
/$$ | $$
| $$$$$$/
by pyup.io \______/
+==============================================================================+
REPORT
Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited.
For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /home/jmkerloch/dev/route-graph-generator/.venv/lib/python3.10/site-packages
-> /home/jmkerloch/dev/route-graph-generator
Using non-commercial database
Found and scanned 76 packages
Timestamp 2023-06-29 08:06:39
8 vulnerabilities found
0 vulnerabilities ignored
+==============================================================================+
VULNERABILITIES FOUND
+==============================================================================+
-> Vulnerability found in sqlparse version 0.4.2
Vulnerability ID: 55054
Affected spec: >=0.1.15,<0.4.4
ADVISORY: Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser
contains a regular expression that is vulnerable to ReDOS (Regular...
CVE-2023-30608
For more information, please visit https://pyup.io/v/55054/f17
-> Vulnerability found in setuptools version 45.2.0
Vulnerability ID: 52495
Affected spec: <65.5.1
ADVISORY: Python Packaging Authority (PyPA) setuptools before 65.5.1
allows remote attackers to cause a denial of service via HTML in a crafted...
CVE-2022-40897
For more information, please visit https://pyup.io/v/52495/f17
-> Vulnerability found in requests version 2.28.2
Vulnerability ID: 58755
Affected spec: >=2.3.0,<2.31.0
ADVISORY: Requests is a HTTP library. Since Requests 2.3.0, Requests
has been leaking Proxy-Authorization headers to destination servers when...
CVE-2023-32681
For more information, please visit https://pyup.io/v/58755/f17
-> Vulnerability found in markdown-it-py version 2.1.0
Vulnerability ID: 54650
Affected spec: >=0,<2.2.0
ADVISORY: Denial of service could be caused to markdown-it-py, before
v2.2.0, if an attacker was allowed to force null assertions with specially...
CVE-2023-26303
For more information, please visit https://pyup.io/v/54650/f17
-> Vulnerability found in markdown-it-py version 2.1.0
Vulnerability ID: 54651
Affected spec: >=0,<2.2.0
ADVISORY: Denial of service could be caused to the command line
interface of markdown-it-py, before v2.2.0, if an attacker was allowed to...
CVE-2023-26302
For more information, please visit https://pyup.io/v/54651/f17
-> Vulnerability found in lxml version 4.6.4
Vulnerability ID: 43366
Affected spec: <4.6.5
ADVISORY: Lxml 4.6.5 includes a fix for CVE-2021-43818: Prior to
version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script...
CVE-2021-43818
For more information, please visit https://pyup.io/v/43366/f17
-> Vulnerability found in lxml version 4.6.4
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 includes a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit https://pyup.io/v/50748/f17
-> Vulnerability found in cryptography version 39.0.0
Vulnerability ID: 53048
Affected spec: >=1.8,<39.0.1
ADVISORY: Cryptography 39.0.1 includes a fix for CVE-2023-23931: In
affected versions 'Cipher.update_into' would accept Python objects which...
CVE-2023-23931
For more information, please visit https://pyup.io/v/53048/f17
Scan was completed. 8 vulnerabilities were found.
+==============================================================================+
REMEDIATIONS
8 vulnerabilities were found in 6 packages. For detailed remediation & fix
recommendations, upgrade to a commercial license.
+==============================================================================+
Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited.
For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io
+==============================================================================+
We should try to update some requirements.