Skip to content

Commit 0cf0f59

Browse files
committed
Update vulnerable dependencies to secure versions
Updated the following dependencies to address security vulnerabilities identified by pip-audit: - urllib3: 2.2.1 → 2.6.0 (fixes GHSA-gm62-xv2j-4w53, GHSA-2xpw-w6gg-jr37) * Prevents unbounded HTTP encoding chain attacks (high CPU/memory usage) * Fixes streaming API decompression bomb vulnerability - scapy: 2.5.0 → 2.7.0 (fixes GHSA-cq46-m9x9-j8w2) * Removes unsafe pickle deserialization in session loading * Eliminates arbitrary code execution risk via malicious session files - scrapy: 2.12.0 → 2.14.0 (addresses PYSEC-2017-83) * Mitigates memory consumption DoS from large file handling These updates complement the security fixes already applied to the code examples and will resolve pip-audit failures in CI/CD pipelines. Note: filelock (→3.20.1) and fonttools (→4.61.0) updates are handled by dependabot PRs #29 and #27 respectively. pip (→25.3) will be updated by the GitHub Actions runner environment.
1 parent 7b06e04 commit 0cf0f59

File tree

2 files changed

+6
-8
lines changed

2 files changed

+6
-8
lines changed

pyproject.toml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,10 @@ dependencies = [
1717
"blockchain>=1.4.4",
1818
"websockify>=0.11.0",
1919
"shodan>=1.31.0",
20-
"urllib3>=2.2.1",
20+
"urllib3>=2.6.0",
2121
"fuzzywuzzy>=0.18.0",
22-
"scrapy>=2.12.0",
22+
"scrapy>=2.14.0",
2323
"pytest>=8.3.0",
24-
# Security note: pip 25.2 has known tarfile vulnerability (GHSA-4xh5-x5gv-qwph)
25-
# scrapy 2.13.3 has old DoS vulnerability (PYSEC-2017-83) - consider if needed
2624
"termcolor>=2.4.0",
2725
"pycld2>=0.41",
2826
"polyglot>=16.7.4",
@@ -36,7 +34,7 @@ dependencies = [
3634
"pypdf2>=3.0.1",
3735
"pinboard>=2.1.9",
3836
"webdriver-manager>=4.0.2",
39-
"scapy>=2.5.0",
37+
"scapy>=2.7.0",
4038
"matplotlib>=3.9.0",
4139
"iptcinfo3>=2.1.4",
4240
"requests>=2.31.0",

requirements.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@ exifread>=3.0.0
77
blockchain>=1.4.4
88
websockify>=0.11.0
99
shodan>=1.31.0
10-
urllib3>=2.2.1
10+
urllib3>=2.6.0
1111
fuzzywuzzy>=0.18.0
12-
scrapy>=2.12.0
12+
scrapy>=2.14.0
1313
pytest>=8.3.0
1414
termcolor>=2.4.0
1515
pycld2>=0.41
@@ -24,7 +24,7 @@ psycopg2-binary>=2.9.9
2424
pypdf2>=3.0.1
2525
pinboard>=2.1.9
2626
webdriver-manager>=4.0.2
27-
scapy>=2.5.0
27+
scapy>=2.7.0
2828
matplotlib>=3.9.0
2929
iptcinfo3>=2.1.4
3030
requests>=2.31.0

0 commit comments

Comments
 (0)