Compare the version numbers of extra modules in Pythonista with PyPI.
Results:
- https://pyup.io/account/repos/github/cclauss/pythonista-module-versions/
- https://requires.io/github/cclauss/pythonista-module-versions/requirements/
Pythonista version 3.1.1 (311016) running Python 3.6.1 on iOS 10.3.3 on an iPad3,4.
=========================================================
| module | local | PyPI |
| name | version | version |
| ------------- | ----------- | ----------- |
| arrow | 0.10.0 | 0.10.0 |
| bottle | 0.12.5 | 0.12.13 | Upgrade?
| bs4 | 4.4.1 | 4.6.0 | Upgrade?
| certifi | 2016.02.28 | 2017.11.5 | Upgrade?
| Crypto | 2.6 | 2.6.1 | Upgrade?
| cycler | 0.9.0 | 0.10.0 | Upgrade?
| dateutil | 2.2 | 2.2 |
| dropbox | 6.4.0 | 8.4.1 | Upgrade?
| ecdsa | UNKNOWN | 0.13 | Upgrade?
| et_xmlfile | 1.0.1 | 1.0.1 |
| evernote | ????? | 1.25.2 | ?????
| faker | ????? | 0.8.6 | ?????
| feedparser | 5.2.1 | 5.2.1 |
| flask | 0.10.1 | 0.12.2 | Upgrade?
| google | ????? | 1.9.3 | ?????
| html2text | 2014.4.5 | 2017.10.4 | Upgrade?
| html5lib | 0.999 | 0.999999999 | Upgrade?
| httplib2 | 0.9.2 | 0.10.3 | Upgrade?
| images2gif | ????? | 1.0.1 | ?????
| itsdangerous | ????? | 0.24 | ?????
| jdcal | 1.3 | 1.3 |
| jedi | 0.9.0 | 0.11.0 | Upgrade?
| jinja2 | 2.7 | 2.10 | Upgrade?
| libmodernize | 0.5 | Found | Upgrade?
### hasattr(markdown, 'version')
| markdown | 2.6.2 | 2.6.9 | Upgrade?
| markdown2 | 2.2.1 | 2.3.5 | Upgrade?
| markupsafe | ????? | 1.0 | ?????
| matplotlib | 1.4.0 | 2.1.0 | Upgrade?
| mccabe | 0.4.0 | 0.6.1 | Upgrade?
| midiutil | ????? | 1.1.3 | ?????
| mpl_toolkits | ????? | Found | ?????
| mpmath | 0.18 | 1.0.0 | Upgrade?
| numpy | 1.8.0 | 1.13.3 | Upgrade?
| oauth2 | 1.9.0.post1 | 1.9.0.post1 |
| paramiko | 1.16.0 | 2.3.1 | Upgrade?
| parsedatetime | 1.5 | 2.4 | Upgrade?
### hasattr(PIL, 'PILLOW_VERSION')
| PIL | 2.9.0 | 4.3.0 | Upgrade?
| pycparser | 2.10 | 2.18 | Upgrade?
| pyflakes | 1.5.0 | 1.6.0 | Upgrade?
| pygments | 2.1 | 2.2.0 | Upgrade?
| pylab | ????? | Found | ?????
| pyparsing | 2.0.1 | 2.2.0 | Upgrade?
| PyPDF2 | 1.22 | 1.26.0 | Upgrade?
| pytest | 3.0.5 | 3.2.3 | Upgrade?
| pytz | 2015.7 | 2017.3 | Upgrade?
| qrcode | ????? | 5.3 | ?????
### hasattr(reportlab, 'Version')
| reportlab | 3.1.8 | 3.4.0 | Upgrade?
| requests | 2.9.1 | 2.18.4 | Upgrade?
| sgmllib | ????? | Found | ?????
| simpy | 3.0.8 | 3.0.10 | Upgrade?
| six | 1.6.1 | 1.11.0 | Upgrade?
| sqlalchemy | 0.9.7 | 1.2.0b3 | Upgrade?
### hasattr(sqlite3, 'version')
| sqlite3 | 2.6.0 | 2.8.3 | Upgrade?
| sympy | 0.7.4.1 | 1.1.1 | Upgrade?
| thrift | ????? | 0.10.0 | ?????
| turtle | ????? | 0.0.2 | ?????
| twitter | ????? | 1.18.0 | ?????
| wavebender | 0.3 | Found | Upgrade?
| werkzeug | 0.9.4 | 0.12.2 | Upgrade?
| wsgiref | ????? | 0.1.2 | ?????
| xmltodict | 0.8.7 | 0.11.0 | Upgrade?
| yaml | 3.11 | 3.12 | Upgrade?
| yapf | 0.16.1 | 0.19.0 | Upgrade?
| ------------- | ----------- | ----------- |
Pythonista version 3.1.1 (311016) running Python 2.7.12 on iOS 10.3.3 on an iPad3,4.
=========================================================
| module | local | PyPI |
| name | version | version |
| ------------- | ----------- | ----------- |
| arrow | 0.10.0 | 0.10.0 |
| bottle | 0.12.5 | 0.12.13 | Upgrade?
| bs4 | 4.3.2 | 4.6.0 | Upgrade?
| Crypto | 2.6 | 2.6.1 | Upgrade?
| dateutil | 2.2 | 2.2 |
| dropbox | 6.4.0 | 8.4.1 | Upgrade?
| ecdsa | 0.11 | 0.13 | Upgrade?
| et_xmlfile | 1.0.1 | 1.0.1 |
| evernote | ????? | 1.25.2 | ?????
| faker | ????? | 0.8.6 | ?????
| feedparser | 5.1.3 | 5.2.1 | Upgrade?
| flask | 0.10.1 | 0.12.2 | Upgrade?
| google | ????? | 1.9.3 | ?????
| html2text | 2014.4.5 | 2017.10.4 | Upgrade?
| html5lib | 0.999 | 0.999999999 | Upgrade?
| httplib2 | 0.8 | 0.10.3 | Upgrade?
| images2gif | ????? | 1.0.1 | ?????
| itsdangerous | ????? | 0.24 | ?????
| jdcal | 1.3 | 1.3 |
| jedi | 0.9.0 | 0.11.0 | Upgrade?
| jinja2 | 2.7 | 2.10 | Upgrade?
### hasattr(markdown, 'version')
| markdown | 2.2.0 | 2.6.9 | Upgrade?
| markdown2 | 2.2.1 | 2.3.5 | Upgrade?
| markupsafe | ????? | 1.0 | ?????
| matplotlib | 1.4.0 | 2.1.0 | Upgrade?
| midiutil | ????? | 1.1.3 | ?????
| mpl_toolkits | ????? | Found | ?????
| mpmath | 0.18 | 1.0.0 | Upgrade?
| numpy | 1.8.0 | 1.13.3 | Upgrade?
| oauth2 | 1.5.211 | 1.9.0.post1 | Upgrade?
| paramiko | 1.16.0 | 2.3.1 | Upgrade?
| parsedatetime | 1.3 | 2.4 | Upgrade?
### hasattr(PIL, 'PILLOW_VERSION')
| PIL | 2.9.0 | 4.3.0 | Upgrade?
| pycparser | 2.10 | 2.18 | Upgrade?
| pyflakes | 1.5.0 | 1.6.0 | Upgrade?
| pygments | 1.6 | 2.2.0 | Upgrade?
| pylab | ????? | Found | ?????
| pyparsing | 2.0.1 | 2.2.0 | Upgrade?
| PyPDF2 | 1.22 | 1.26.0 | Upgrade?
| pytest | 3.0.5 | 3.2.3 | Upgrade?
| pytz | 2013b | 2017.3 | Upgrade?
| qrcode | ????? | 5.3 | ?????
### hasattr(reportlab, 'Version')
| reportlab | 3.1.8 | 3.4.0 | Upgrade?
| requests | 2.5.1 | 2.18.4 | Upgrade?
| sgmllib | ????? | Found | ?????
| simpy | 3.0.2 | 3.0.10 | Upgrade?
| six | 1.6.1 | 1.11.0 | Upgrade?
| sqlalchemy | 0.9.7 | 1.2.0b3 | Upgrade?
### hasattr(sqlite3, 'version')
| sqlite3 | 2.6.0 | 2.8.3 | Upgrade?
| sympy | 0.7.4.1 | 1.1.1 | Upgrade?
| thrift | ????? | 0.10.0 | ?????
| turtle | ????? | 0.0.2 | ?????
| twitter | ????? | 1.18.0 | ?????
| wavebender | 0.3 | Found | Upgrade?
| werkzeug | 0.9.4 | 0.12.2 | Upgrade?
| wsgiref | ????? | 0.1.2 | ?????
| xmltodict | 0.8.7 | 0.11.0 | Upgrade?
| yaml | 3.09 | 3.12 | Upgrade?
| yapf | 0.16.1 | 0.19.0 | Upgrade?
| ------------- | ----------- | ----------- |
Starting GitHub Action for pyup Safety:safety command
Warning: unpinned requirement 'ecdsa' found in requirements.txt, unable to check.
Warning: unpinned requirement 'evernote' found in requirements.txt, unable to check.
Warning: unpinned requirement 'faker' found in requirements.txt, unable to check.
Warning: unpinned requirement 'google' found in requirements.txt, unable to check.
Warning: unpinned requirement 'images2gif' found in requirements.txt, unable to check.
Warning: unpinned requirement 'itsdangerous' found in requirements.txt, unable to check.
Warning: unpinned requirement 'markupsafe' found in requirements.txt, unable to check.
Warning: unpinned requirement 'midiutil' found in requirements.txt, unable to check.
Warning: unpinned requirement 'mpl_toolkits' found in requirements.txt, unable to check.
Warning: unpinned requirement 'pylab' found in requirements.txt, unable to check.
Warning: unpinned requirement 'qrcode' found in requirements.txt, unable to check.
Warning: unpinned requirement 'sgmllib' found in requirements.txt, unable to check.
Warning: unpinned requirement 'thrift' found in requirements.txt, unable to check.
Warning: unpinned requirement 'turtle' found in requirements.txt, unable to check.
Warning: unpinned requirement 'twitter' found in requirements.txt, unable to check.
Warning: unpinned requirement 'wsgiref' found in requirements.txt, unable to check.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β /$$$$$$ /$$ β
β /$$__ $$ | $$ β
β /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ β
β /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ β
β | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ β
β \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ β
β /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ β
β |_______/ \_______/|__/ \_______/ \___/ \____ $$ β
β /$$ | $$ β
β | $$$$$$/ β
β by pyup.io \______/ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β REPORT β
β checked 46 packages, using default DB β
ββββββββββββββββββββββββββββββ€ββββββββββββ€βββββββββββββββββββββββββββ€βββββββββββ‘
β package β installed β affected β ID β
ββββββββββββββββββββββββββββββ§ββββββββββββ§βββββββββββββββββββββββββββ§βββββββββββ‘
β bottle β 0.12.5 β <0.12.10 β 25642 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, β
β which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet- β
β Cookie: name=salt") call. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β bottle β 0.12.5 β >=0.12,<0.12.6 β 35548 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 β
β does not properly limit content types, which allows remote attackers to β
β bypass intended access restrictions via an accepted Content-Type followed by β
β a ; (semi-colon) and a Content-Type that would not be accepted, as β
β demonstrated in YouCompleteMe to execute arbitrary code. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β flask β 0.10.1 β <0.12.3 β 36388 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β flask version Before 0.12.3 contains a CWE-20: Improper Input Validation β
β vulnerability in flask that can result in Large amount of memory usage β
β possibly leading to denial of service. This attack appear to be exploitable β
β via Attacker provides JSON data in incorrect encoding. This vulnerability β
β appears to have been fixed in 0.12.3. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β html5lib β 0.999 β <0.99999999 β 35693 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β The serializer in html5lib before 0.99999999 might allow remote attackers to β
β conduct cross-site scripting (XSS) attacks by leveraging mishandling of the β
β < (less than) character in attribute values. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β html5lib β 0.999 β <0.99999999 β 35694 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β The serializer in html5lib before 0.99999999 might allow remote attackers to β
β conduct cross-site scripting (XSS) attacks by leveraging mishandling of β
β special characters in attribute values, a different vulnerability than β
β CVE-2016-9909. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β html5lib β 0.999 β <0.99999999 β 25846 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β html5lib before 0.99999999 is vulnerable to a XSS attack. Upgrading avoids β
β the XSS bug potentially caused by serializer allowing attribute values to be β
β escaped out of in old browser versions, changing the quote_attr_values β
β option on serializer to take one of three values, "always" (the old True β
β value), "legacy" (the new option, and the new default), and "spec" (the old β
β False value, and the old default). β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β httplib2 β 0.9.2 β <=0.9.2 β 25848 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β httplib2 before and including 0.9.2 on "SSL certificate hostname mismatch" β
β it is checked only once: https://github.com/httplib2/httplib2/issues/5 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β jinja2 β 2.7 β <2.7.2 β 25865 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β jinja2 2.7.2 fixes a security issue: Changed the default folder for the β
β filesystem cache to be user specific and read and write protected on UNIX β
β systems. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 for β
β more information. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β jinja2 β 2.7 β <2.7.3 β 25866 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β The default configuration for bccache.FileSystemBytecodeCache in Jinja2 β
β before 2.7.2 does not properly create temporary files, which allows local β
β users to gain privileges via a crafted .cache file with a name starting with β
β __jinja2_ in /tmp. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β markdown2 β 2.2.1 β <2.3.5 β 35760 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. β
β The safe_mode feature, which is supposed to sanitize user input against XSS, β
β is flawed and does not escape the input properly. With a crafted payload, β
β XSS can be triggered, as demonstrated by omitting the final '>' character β
β from an IMG tag. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.1.1 β 33134 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Buffer overflow in the ImagingLibTiffDecode function in β
β libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to β
β overwrite memory via a crafted TIFF file. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.1.1 β 33135 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c β
β in Pillow before 3.1.1 allows remote attackers to cause a denial of service β
β (crash) via a crafted FLI file. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.1.1 β 33136 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow β
β before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows β
β remote attackers to cause a denial of service (crash) via a crafted PhotoCD β
β file. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.1.1 β 33137 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Integer overflow in the ImagingResampleHorizontal function in β
β libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have β
β unspecified impact via negative values of the new size, which triggers a β
β heap-based buffer overflow. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.1.2 β 25943 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow before 3.1.2 is vulnerable to an integer overflow in Jpeg2KEncode.c β
β causing a buffer overflow. CVE-2016-3076. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.3.2 β 33138 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary β
β code by using the "crafted image file" approach, related to an "Insecure β
β Sign Extension" issue affecting the ImagingNew in Storage.c component. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β pillow β 2.9.0 β <3.3.2 β 33139 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive β
β information by using the "crafted image file" approach, related to an β
β "Integer Overflow" issue affecting the Image.core.map_buffer in map.c β
β component. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β requests β 2.9.1 β <=2.19.1 β 36546 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β The Requests package before 2.19.1 sends an HTTP Authorization header to an β
β http URI upon receiving a same-hostname https-to-http redirect, which makes β
β it easier for remote attackers to discover credentials by sniffing the β
β network. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β werkzeug β 0.9.4 β <0.11.11 β 35661 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β Cross-site scripting (XSS) vulnerability in the render_full function in β
β debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used β
β in Pallets Flask and other products) allows remote attackers to inject β
β arbitrary web script or HTML via a field that contains an exception message. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
