From 8bd57acecc849a472c0c2944a53cfa68620620cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 19:47:28 +0000 Subject: [PATCH] Bump the pip group across 5 directories with 13 updates Bumps the pip group with 11 updates in the /vulnerable_repos/PyGoat directory: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `39.0.1` | `44.0.1` | | [django](https://github.com/django/django) | `4.2` | `4.2.27` | | [django-allauth](https://github.com/sponsors/pennersr) | `0.52.0` | `65.13.0` | | [idna](https://github.com/kjd/idna) | `3.4` | `3.7` | | [pillow](https://github.com/python-pillow/Pillow) | `9.4.0` | `10.3.0` | | [requests](https://github.com/psf/requests) | `2.28.2` | `2.32.4` | | [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.3.1` | `0.5.0` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.9` | `2.6.0` | | [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.1.4` | | [zipp](https://github.com/jaraco/zipp) | `3.8.0` | `3.19.1` | Bumps the pip group with 1 update in the /vulnerable_repos/juice-shop/labs/lesson-03 directory: [black](https://github.com/psf/black). Bumps the pip group with 2 updates in the /vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure directory: [django](https://github.com/django/django) and [requests](https://github.com/psf/requests). Bumps the pip group with 1 update in the /vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab directory: [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 2 updates in the /vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab directory: [werkzeug](https://github.com/pallets/werkzeug) and [jinja2](https://github.com/pallets/jinja). Updates `certifi` from 2022.12.7 to 2024.7.4 - [Commits](https://github.com/certifi/python-certifi/compare/2022.12.07...2024.07.04) Updates `cryptography` from 39.0.1 to 44.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.1...44.0.1) Updates `django` from 4.2 to 4.2.27 - [Commits](https://github.com/django/django/compare/4.2...4.2.27) Updates `django-allauth` from 0.52.0 to 65.13.0 - [Commits](https://github.com/sponsors/pennersr/commits) Updates `idna` from 3.4 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7) Updates `pillow` from 9.4.0 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/9.4.0...10.3.0) Updates `requests` from 2.28.2 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.28.2...v2.32.4) Updates `sqlparse` from 0.3.1 to 0.5.0 - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](https://github.com/andialbrecht/sqlparse/compare/0.3.1...0.5.0) Updates `urllib3` from 1.26.9 to 2.6.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...2.6.0) Updates `werkzeug` from 2.1.2 to 3.1.4 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.1.2...3.1.4) Updates `zipp` from 3.8.0 to 3.19.1 - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.8.0...v3.19.1) Updates `black` from 23.11.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.11.0...24.3.0) Updates `django` from 3.2.18 to 4.2.27 - [Commits](https://github.com/django/django/compare/4.2...4.2.27) Updates `requests` from 2.28.1 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.28.2...v2.32.4) Updates `werkzeug` from 3.0.1 to 3.1.4 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.1.2...3.1.4) Updates `werkzeug` from 2.3.7 to 3.1.4 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.1.2...3.1.4) Updates `jinja2` from 3.1.2 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.6) --- updated-dependencies: - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-version: 44.0.1 dependency-type: direct:production dependency-group: pip - dependency-name: django dependency-version: 4.2.27 dependency-type: direct:production dependency-group: pip - dependency-name: django-allauth dependency-version: 65.13.0 dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-version: 10.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: sqlparse dependency-version: 0.5.0 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.6.0 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.4 dependency-type: direct:production dependency-group: pip - dependency-name: zipp dependency-version: 3.19.1 dependency-type: direct:production dependency-group: pip - dependency-name: black dependency-version: 24.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: django dependency-version: 4.2.27 dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.4 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.4 dependency-type: direct:production dependency-group: pip - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- .../broken_auth_lab/requirements.txt | 4 ++-- .../insec_des_lab/requirements.txt | 2 +- .../sensitive_data_exposure/requirements.txt | 4 ++-- vulnerable_repos/PyGoat/requirements.txt | 24 +++++++++---------- .../labs/lesson-03/requirements.txt | 2 +- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab/requirements.txt b/vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab/requirements.txt index 076012c..9223cc7 100644 --- a/vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab/requirements.txt +++ b/vulnerable_repos/PyGoat/dockerized_labs/broken_auth_lab/requirements.txt @@ -1,7 +1,7 @@ Flask==2.3.3 -Werkzeug==2.3.7 +Werkzeug==3.1.4 itsdangerous==2.1.2 click==8.1.7 blinker==1.6.2 -Jinja2==3.1.2 +Jinja2==3.1.6 MarkupSafe==2.1.3 \ No newline at end of file diff --git a/vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab/requirements.txt b/vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab/requirements.txt index 5beea3b..9fb8500 100644 --- a/vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab/requirements.txt +++ b/vulnerable_repos/PyGoat/dockerized_labs/insec_des_lab/requirements.txt @@ -1,2 +1,2 @@ Flask==3.0.0 -Werkzeug==3.0.1 \ No newline at end of file +Werkzeug==3.1.4 \ No newline at end of file diff --git a/vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure/requirements.txt b/vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure/requirements.txt index 42ccd5e..6f0f85b 100644 --- a/vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure/requirements.txt +++ b/vulnerable_repos/PyGoat/dockerized_labs/sensitive_data_exposure/requirements.txt @@ -1,6 +1,6 @@ -django==3.2.18 +django==4.2.27 django-crispy-forms==1.14.0 # added this one for some nice form styling -requests==2.28.1 +requests==2.32.4 # we may need this later for api stuff # TODO: check if we need more packages?? diff --git a/vulnerable_repos/PyGoat/requirements.txt b/vulnerable_repos/PyGoat/requirements.txt index 71a18c6..8b343e5 100644 --- a/vulnerable_repos/PyGoat/requirements.txt +++ b/vulnerable_repos/PyGoat/requirements.txt @@ -1,22 +1,22 @@ argon2-cffi==21.3.0 argon2-cffi-bindings==21.2.0 asgiref==3.6.0 -certifi==2022.12.7 +certifi==2024.7.4 cffi==1.15.1 charset-normalizer==3.0.1 -cryptography==39.0.1 +cryptography==44.0.1 crispy-bootstrap4==2022.1 defusedxml==0.7.1 dj-database-url==0.5.0 -Django==4.2 -django-allauth==0.52.0 +Django==4.2.27 +django-allauth==65.13.0 django-crispy-forms==2.3 django-heroku==0.3.1 gunicorn==23.0.0 -idna==3.4 +idna==3.7 mccabe==0.6.1 oauthlib==3.2.2 -Pillow==9.4.0 +Pillow==10.3.0 psycopg2==2.9.3 pycodestyle==2.7.0 pycparser==2.21 @@ -24,11 +24,11 @@ pyflakes==2.3.1 PyJWT==2.4.0 python3-openid==3.2.0 pytz==2020.1 -PyYAML==5.1 -requests==2.28.2 +PyYAML==6.0.3 +requests==2.32.4 requests-oauthlib==1.3.1 -sqlparse==0.3.1 -urllib3==1.26.9 -Werkzeug==2.1.2 +sqlparse==0.5.0 +urllib3==2.6.0 +Werkzeug==3.1.4 whitenoise==6.2.0 -zipp==3.8.0 +zipp==3.19.1 diff --git a/vulnerable_repos/juice-shop/labs/lesson-03/requirements.txt b/vulnerable_repos/juice-shop/labs/lesson-03/requirements.txt index d0ac2f0..40cb74d 100644 --- a/vulnerable_repos/juice-shop/labs/lesson-03/requirements.txt +++ b/vulnerable_repos/juice-shop/labs/lesson-03/requirements.txt @@ -20,7 +20,7 @@ pytest-timeout==2.2.0 mypy==1.7.1 # Code formatting (optional) -black==23.11.0 +black==24.3.0 flake8==6.1.0 # Security linting (optional)