Skip to content

Latest commit

 

History

History
326 lines (318 loc) · 28 KB

README.md

File metadata and controls

326 lines (318 loc) · 28 KB

pythonista-module-versions

alt text alt text

Compare the version numbers of extra modules in Pythonista with PyPI.

Results:

Pythonista version 3.1.1 (311016) running Python 3.6.1 on iOS 10.3.3 on an iPad3,4.
=========================================================
| module        | local       | PyPI        | 
| name          | version     | version     | 
| ------------- | ----------- | ----------- | 
| arrow         | 0.10.0      | 0.10.0      | 
| bottle        | 0.12.5      | 0.12.13     | Upgrade?
| bs4           | 4.4.1       | 4.6.0       | Upgrade?
| certifi       | 2016.02.28  | 2017.11.5   | Upgrade?
| Crypto        | 2.6         | 2.6.1       | Upgrade?
| cycler        | 0.9.0       | 0.10.0      | Upgrade?
| dateutil      | 2.2         | 2.2         | 
| dropbox       | 6.4.0       | 8.4.1       | Upgrade?
| ecdsa         | UNKNOWN     | 0.13        | Upgrade?
| et_xmlfile    | 1.0.1       | 1.0.1       | 
| evernote      | ?????       | 1.25.2      | ?????
| faker         | ?????       | 0.8.6       | ?????
| feedparser    | 5.2.1       | 5.2.1       | 
| flask         | 0.10.1      | 0.12.2      | Upgrade?
| google        | ?????       | 1.9.3       | ?????
| html2text     | 2014.4.5    | 2017.10.4   | Upgrade?
| html5lib      | 0.999       | 0.999999999 | Upgrade?
| httplib2      | 0.9.2       | 0.10.3      | Upgrade?
| images2gif    | ?????       | 1.0.1       | ?????
| itsdangerous  | ?????       | 0.24        | ?????
| jdcal         | 1.3         | 1.3         | 
| jedi          | 0.9.0       | 0.11.0      | Upgrade?
| jinja2        | 2.7         | 2.10        | Upgrade?
| libmodernize  | 0.5         | Found       | Upgrade?
### hasattr(markdown, 'version')
| markdown      | 2.6.2       | 2.6.9       | Upgrade?
| markdown2     | 2.2.1       | 2.3.5       | Upgrade?
| markupsafe    | ?????       | 1.0         | ?????
| matplotlib    | 1.4.0       | 2.1.0       | Upgrade?
| mccabe        | 0.4.0       | 0.6.1       | Upgrade?
| midiutil      | ?????       | 1.1.3       | ?????
| mpl_toolkits  | ?????       | Found       | ?????
| mpmath        | 0.18        | 1.0.0       | Upgrade?
| numpy         | 1.8.0       | 1.13.3      | Upgrade?
| oauth2        | 1.9.0.post1 | 1.9.0.post1 | 
| paramiko      | 1.16.0      | 2.3.1       | Upgrade?
| parsedatetime | 1.5         | 2.4         | Upgrade?
### hasattr(PIL, 'PILLOW_VERSION')
| PIL           | 2.9.0       | 4.3.0       | Upgrade?
| pycparser     | 2.10        | 2.18        | Upgrade?
| pyflakes      | 1.5.0       | 1.6.0       | Upgrade?
| pygments      | 2.1         | 2.2.0       | Upgrade?
| pylab         | ?????       | Found       | ?????
| pyparsing     | 2.0.1       | 2.2.0       | Upgrade?
| PyPDF2        | 1.22        | 1.26.0      | Upgrade?
| pytest        | 3.0.5       | 3.2.3       | Upgrade?
| pytz          | 2015.7      | 2017.3      | Upgrade?
| qrcode        | ?????       | 5.3         | ?????
### hasattr(reportlab, 'Version')
| reportlab     | 3.1.8       | 3.4.0       | Upgrade?
| requests      | 2.9.1       | 2.18.4      | Upgrade?
| sgmllib       | ?????       | Found       | ?????
| simpy         | 3.0.8       | 3.0.10      | Upgrade?
| six           | 1.6.1       | 1.11.0      | Upgrade?
| sqlalchemy    | 0.9.7       | 1.2.0b3     | Upgrade?
### hasattr(sqlite3, 'version')
| sqlite3       | 2.6.0       | 2.8.3       | Upgrade?
| sympy         | 0.7.4.1     | 1.1.1       | Upgrade?
| thrift        | ?????       | 0.10.0      | ?????
| turtle        | ?????       | 0.0.2       | ?????
| twitter       | ?????       | 1.18.0      | ?????
| wavebender    | 0.3         | Found       | Upgrade?
| werkzeug      | 0.9.4       | 0.12.2      | Upgrade?
| wsgiref       | ?????       | 0.1.2       | ?????
| xmltodict     | 0.8.7       | 0.11.0      | Upgrade?
| yaml          | 3.11        | 3.12        | Upgrade?
| yapf          | 0.16.1      | 0.19.0      | Upgrade?
| ------------- | ----------- | ----------- | 


Pythonista version 3.1.1 (311016) running Python 2.7.12 on iOS 10.3.3 on an iPad3,4.
=========================================================
| module        | local       | PyPI        | 
| name          | version     | version     | 
| ------------- | ----------- | ----------- | 
| arrow         | 0.10.0      | 0.10.0      | 
| bottle        | 0.12.5      | 0.12.13     | Upgrade?
| bs4           | 4.3.2       | 4.6.0       | Upgrade?
| Crypto        | 2.6         | 2.6.1       | Upgrade?
| dateutil      | 2.2         | 2.2         | 
| dropbox       | 6.4.0       | 8.4.1       | Upgrade?
| ecdsa         | 0.11        | 0.13        | Upgrade?
| et_xmlfile    | 1.0.1       | 1.0.1       | 
| evernote      | ?????       | 1.25.2      | ?????
| faker         | ?????       | 0.8.6       | ?????
| feedparser    | 5.1.3       | 5.2.1       | Upgrade?
| flask         | 0.10.1      | 0.12.2      | Upgrade?
| google        | ?????       | 1.9.3       | ?????
| html2text     | 2014.4.5    | 2017.10.4   | Upgrade?
| html5lib      | 0.999       | 0.999999999 | Upgrade?
| httplib2      | 0.8         | 0.10.3      | Upgrade?
| images2gif    | ?????       | 1.0.1       | ?????
| itsdangerous  | ?????       | 0.24        | ?????
| jdcal         | 1.3         | 1.3         | 
| jedi          | 0.9.0       | 0.11.0      | Upgrade?
| jinja2        | 2.7         | 2.10        | Upgrade?
### hasattr(markdown, 'version')
| markdown      | 2.2.0       | 2.6.9       | Upgrade?
| markdown2     | 2.2.1       | 2.3.5       | Upgrade?
| markupsafe    | ?????       | 1.0         | ?????
| matplotlib    | 1.4.0       | 2.1.0       | Upgrade?
| midiutil      | ?????       | 1.1.3       | ?????
| mpl_toolkits  | ?????       | Found       | ?????
| mpmath        | 0.18        | 1.0.0       | Upgrade?
| numpy         | 1.8.0       | 1.13.3      | Upgrade?
| oauth2        | 1.5.211     | 1.9.0.post1 | Upgrade?
| paramiko      | 1.16.0      | 2.3.1       | Upgrade?
| parsedatetime | 1.3         | 2.4         | Upgrade?
### hasattr(PIL, 'PILLOW_VERSION')
| PIL           | 2.9.0       | 4.3.0       | Upgrade?
| pycparser     | 2.10        | 2.18        | Upgrade?
| pyflakes      | 1.5.0       | 1.6.0       | Upgrade?
| pygments      | 1.6         | 2.2.0       | Upgrade?
| pylab         | ?????       | Found       | ?????
| pyparsing     | 2.0.1       | 2.2.0       | Upgrade?
| PyPDF2        | 1.22        | 1.26.0      | Upgrade?
| pytest        | 3.0.5       | 3.2.3       | Upgrade?
| pytz          | 2013b       | 2017.3      | Upgrade?
| qrcode        | ?????       | 5.3         | ?????
### hasattr(reportlab, 'Version')
| reportlab     | 3.1.8       | 3.4.0       | Upgrade?
| requests      | 2.5.1       | 2.18.4      | Upgrade?
| sgmllib       | ?????       | Found       | ?????
| simpy         | 3.0.2       | 3.0.10      | Upgrade?
| six           | 1.6.1       | 1.11.0      | Upgrade?
| sqlalchemy    | 0.9.7       | 1.2.0b3     | Upgrade?
### hasattr(sqlite3, 'version')
| sqlite3       | 2.6.0       | 2.8.3       | Upgrade?
| sympy         | 0.7.4.1     | 1.1.1       | Upgrade?
| thrift        | ?????       | 0.10.0      | ?????
| turtle        | ?????       | 0.0.2       | ?????
| twitter       | ?????       | 1.18.0      | ?????
| wavebender    | 0.3         | Found       | Upgrade?
| werkzeug      | 0.9.4       | 0.12.2      | Upgrade?
| wsgiref       | ?????       | 0.1.2       | ?????
| xmltodict     | 0.8.7       | 0.11.0      | Upgrade?
| yaml          | 3.09        | 3.12        | Upgrade?
| yapf          | 0.16.1      | 0.19.0      | Upgrade?
| ------------- | ----------- | ----------- | 


Starting GitHub Action for pyup Safety:safety command
Warning: unpinned requirement 'ecdsa' found in requirements.txt, unable to check.
Warning: unpinned requirement 'evernote' found in requirements.txt, unable to check.
Warning: unpinned requirement 'faker' found in requirements.txt, unable to check.
Warning: unpinned requirement 'google' found in requirements.txt, unable to check.
Warning: unpinned requirement 'images2gif' found in requirements.txt, unable to check.
Warning: unpinned requirement 'itsdangerous' found in requirements.txt, unable to check.
Warning: unpinned requirement 'markupsafe' found in requirements.txt, unable to check.
Warning: unpinned requirement 'midiutil' found in requirements.txt, unable to check.
Warning: unpinned requirement 'mpl_toolkits' found in requirements.txt, unable to check.
Warning: unpinned requirement 'pylab' found in requirements.txt, unable to check.
Warning: unpinned requirement 'qrcode' found in requirements.txt, unable to check.
Warning: unpinned requirement 'sgmllib' found in requirements.txt, unable to check.
Warning: unpinned requirement 'thrift' found in requirements.txt, unable to check.
Warning: unpinned requirement 'turtle' found in requirements.txt, unable to check.
Warning: unpinned requirement 'twitter' found in requirements.txt, unable to check.
Warning: unpinned requirement 'wsgiref' found in requirements.txt, unable to check.
╒══════════════════════════════════════════════════════════════════════════════╕
│                                                                              │
│                               /$$$$$$            /$$                         │
│                              /$$__  $$          | $$                         │
│           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           │
│          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           │
│         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           │
│          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           │
│          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           │
│         |_______/  \_______/|__/     \_______/   \___/   \____  $$           │
│                                                          /$$  | $$           │
│                                                         |  $$$$$$/           │
│  by pyup.io                                              \______/            │
│                                                                              │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT                                                                       │
│ checked 46 packages, using default DB                                        │
╞════════════════════════════╤═══════════╤══════════════════════════╤══════════╡
│ package                    │ installed │ affected                 │ ID       │
╞════════════════════════════╧═══════════╧══════════════════════════╧══════════╡
│ bottle                     │ 0.12.5    │ <0.12.10                 │ 25642    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence,  │
│ which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-     │
│ Cookie: name=salt") call.                                                    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ bottle                     │ 0.12.5    │ >=0.12,<0.12.6           │ 35548    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 │
│ does not properly limit content types, which allows remote attackers to      │
│ bypass intended access restrictions via an accepted Content-Type followed by │
│ a ; (semi-colon) and a Content-Type that would not be accepted, as           │
│ demonstrated in YouCompleteMe to execute arbitrary code.                     │
╞══════════════════════════════════════════════════════════════════════════════╡
│ flask                      │ 0.10.1    │ <0.12.3                  │ 36388    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ flask version Before 0.12.3 contains a CWE-20: Improper Input Validation     │
│ vulnerability in flask that can result in Large amount of memory usage       │
│ possibly leading to denial of service. This attack appear to be exploitable  │
│ via Attacker provides JSON data in incorrect encoding. This vulnerability    │
│ appears to have been fixed in 0.12.3.                                        │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib                   │ 0.999     │ <0.99999999              │ 35693    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The serializer in html5lib before 0.99999999 might allow remote attackers to │
│ conduct cross-site scripting (XSS) attacks by leveraging mishandling of the  │
│ < (less than) character in attribute values.                                 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib                   │ 0.999     │ <0.99999999              │ 35694    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The serializer in html5lib before 0.99999999 might allow remote attackers to │
│ conduct cross-site scripting (XSS) attacks by leveraging mishandling of      │
│ special characters in attribute values, a different vulnerability than       │
│ CVE-2016-9909.                                                               │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib                   │ 0.999     │ <0.99999999              │ 25846    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib before 0.99999999 is vulnerable to a XSS attack. Upgrading avoids   │
│ the XSS bug potentially caused by serializer allowing attribute values to be │
│ escaped out of in old browser versions, changing the quote_attr_values       │
│ option on serializer to take one of three values, "always" (the old True     │
│ value), "legacy" (the new option,  and the new default), and "spec" (the old │
│ False value, and the old default).                                           │
╞══════════════════════════════════════════════════════════════════════════════╡
│ httplib2                   │ 0.9.2     │ <=0.9.2                  │ 25848    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ httplib2 before and including 0.9.2 on "SSL certificate hostname mismatch"   │
│ it is checked only once: https://github.com/httplib2/httplib2/issues/5       │
╞══════════════════════════════════════════════════════════════════════════════╡
│ jinja2                     │ 2.7       │ <2.7.2                   │ 25865    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ jinja2 2.7.2 fixes a security issue: Changed the default folder for the      │
│ filesystem cache to be user specific and read and write protected on UNIX    │
│ systems.  See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 for    │
│ more information.                                                            │
╞══════════════════════════════════════════════════════════════════════════════╡
│ jinja2                     │ 2.7       │ <2.7.3                   │ 25866    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The default configuration for bccache.FileSystemBytecodeCache in Jinja2      │
│ before 2.7.2 does not properly create temporary files, which allows local    │
│ users to gain privileges via a crafted .cache file with a name starting with │
│ __jinja2_ in /tmp.                                                           │
╞══════════════════════════════════════════════════════════════════════════════╡
│ markdown2                  │ 2.2.1     │ <2.3.5                   │ 35760    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5.   │
│ The safe_mode feature, which is supposed to sanitize user input against XSS, │
│ is flawed and does not escape the input properly. With a crafted payload,    │
│ XSS can be triggered, as demonstrated by omitting the final '>' character    │
│ from an IMG tag.                                                             │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.1.1                   │ 33134    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Buffer overflow in the ImagingLibTiffDecode function in                      │
│ libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to    │
│ overwrite memory via a crafted TIFF file.                                    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.1.1                   │ 33135    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c   │
│ in Pillow before 3.1.1 allows remote attackers to cause a denial of service  │
│ (crash) via a crafted FLI file.                                              │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.1.1                   │ 33136    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow    │
│ before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows       │
│ remote attackers to cause a denial of service (crash) via a crafted PhotoCD  │
│ file.                                                                        │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.1.1                   │ 33137    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Integer overflow in the ImagingResampleHorizontal function in                │
│ libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have │
│ unspecified impact via negative values of the new size, which triggers a     │
│ heap-based buffer overflow.                                                  │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.1.2                   │ 25943    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow before 3.1.2 is vulnerable to an integer overflow in Jpeg2KEncode.c   │
│ causing a buffer overflow. CVE-2016-3076.                                    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.3.2                   │ 33138    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary  │
│ code by using the "crafted image file" approach, related to an "Insecure     │
│ Sign Extension" issue affecting the ImagingNew in Storage.c component.       │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow                     │ 2.9.0     │ <3.3.2                   │ 33139    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive   │
│ information by using the "crafted image file" approach, related to an        │
│ "Integer Overflow" issue affecting the Image.core.map_buffer in map.c        │
│ component.                                                                   │
╞══════════════════════════════════════════════════════════════════════════════╡
│ requests                   │ 2.9.1     │ <=2.19.1                 │ 36546    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The Requests package before 2.19.1 sends an HTTP Authorization header to an  │
│ http URI upon receiving a same-hostname https-to-http redirect, which makes  │
│ it easier for remote attackers to discover credentials by sniffing the       │
│ network.                                                                     │
╞══════════════════════════════════════════════════════════════════════════════╡
│ werkzeug                   │ 0.9.4     │ <0.11.11                 │ 35661    │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Cross-site scripting (XSS) vulnerability in the render_full function in      │
│ debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used │
│ in Pallets Flask and other products) allows remote attackers to inject       │
│ arbitrary web script or HTML via a field that contains an exception message. │
╘══════════════════════════════════════════════════════════════════════════════╛