diff --git a/audits/ssh-mitm-requirements.audit.json b/audits/ssh-mitm-requirements.audit.json deleted file mode 100644 index 6f32c1b..0000000 --- a/audits/ssh-mitm-requirements.audit.json +++ /dev/null @@ -1,661 +0,0 @@ -[ - { - "package": { - "name": "paramiko", - "version": "3.3.1", - "ecosystem": "PyPI" - }, - "dependency_groups": [ - "ssh-mitm-requirements" - ], - "vulnerabilities": [ - { - "modified": "2024-06-22T00:13:14Z", - "published": "2023-12-18T19:22:09Z", - "schema_version": "1.6.0", - "id": "GHSA-45x7-px36-x8w8", - "aliases": [ - "CGA-f9g2-26qr-3m89", - "CVE-2023-48795", - "GO-2023-2402" - ], - "summary": "Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin", - "details": "### Summary\n\nTerrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.\n\n### Mitigations\n\nTo mitigate this protocol vulnerability, OpenSSH suggested a so-called \"strict kex\" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes.\n\n**Warning: To take effect, both the client and server must support this countermeasure.** \n\nAs a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available.\n\n### Details\n\nThe SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario.\n\nThe attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange.\n\nIn the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers.\n\nFor more details see [https://terrapin-attack.com](https://terrapin-attack.com). \n\n### Impact\n\nThis attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario.", - "affected": [ - { - "package": { - "ecosystem": "crates.io", - "name": "russh", - "purl": "pkg:cargo/russh" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "0.40.2" - } - ] - } - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-45x7-px36-x8w8/GHSA-45x7-px36-x8w8.json" - } - }, - { - "package": { - "ecosystem": "Go", - "name": "golang.org/x/crypto", - "purl": "pkg:golang/golang.org/x/crypto" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "0.17.0" - } - ] - } - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-45x7-px36-x8w8/GHSA-45x7-px36-x8w8.json" - } - }, - { - "package": { - "ecosystem": "PyPI", - "name": "paramiko", - "purl": "pkg:pypi/paramiko" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "2.5.0" - }, - { - "fixed": "3.4.0" - } - ] - } - ], - "versions": [ - "2.10.0", - "2.10.1", - "2.10.2", - "2.10.3", - "2.10.4", - "2.10.5", - "2.10.6", - "2.11.0", - "2.11.1", - "2.12.0", - "2.5.0", - "2.5.1", - "2.6.0", - "2.7.0", - "2.7.1", - "2.7.2", - "2.8.0", - "2.8.1", - "2.9.0", - "2.9.1", - "2.9.2", - "2.9.3", - "2.9.4", - "2.9.5", - "3.0.0", - "3.1.0", - "3.2.0", - "3.3.0", - "3.3.1" - ], - "database_specific": { - "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-45x7-px36-x8w8/GHSA-45x7-px36-x8w8.json" - } - } - ], - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" - } - ], - "references": [ - { - "type": "WEB", - "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" - }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" - }, - { - "type": "WEB", - "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" - }, - { - "type": "WEB", - "url": "https://github.com/janmojzis/tinyssh/issues/81" - }, - { - "type": "WEB", - "url": "https://github.com/proftpd/proftpd/issues/456" - }, - { - "type": "WEB", - "url": "https://github.com/hierynomus/sshj/issues/916" - }, - { - "type": "WEB", - "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" - }, - { - "type": "WEB", - "url": "https://github.com/paramiko/paramiko/issues/2337" - }, - { - "type": "WEB", - "url": "https://github.com/cyd01/KiTTY/issues/520" - }, - { - "type": "WEB", - "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" - }, - { - "type": "WEB", - "url": "https://github.com/mwiede/jsch/issues/457" - }, - { - "type": "WEB", - "url": "https://github.com/apache/mina-sshd/issues/445" - }, - { - "type": "WEB", - "url": "https://github.com/libssh2/libssh2/pull/1291" - }, - { - "type": "WEB", - "url": "https://github.com/mwiede/jsch/pull/461" - }, - { - "type": "WEB", - "url": "https://github.com/NixOS/nixpkgs/pull/275249" - }, - { - "type": "WEB", - "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" - }, - { - "type": "WEB", - "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" - }, - { - "type": "WEB", - "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" - }, - { - "type": "WEB", - "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" - }, - { - "type": "WEB", - "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" - }, - { - "type": "WEB", - "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" - }, - { - "type": "WEB", - "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" - }, - { - "type": "WEB", - "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" - }, - { - "type": "WEB", - "url": "https://roumenpetrov.info/secsh/#news20231220" - }, - { - "type": "WEB", - "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" - }, - { - "type": "WEB", - "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" - }, - { - "type": "WEB", - "url": "https://security.gentoo.org/glsa/202312-16" - }, - { - "type": "WEB", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" - }, - { - "type": "WEB", - "url": "https://oryx-embedded.com/download/#changelog" - }, - { - "type": "WEB", - "url": "https://nova.app/releases/#v11.8" - }, - { - "type": "WEB", - "url": "https://news.ycombinator.com/item?id=38732005" - }, - { - "type": "WEB", - "url": "https://news.ycombinator.com/item?id=38685286" - }, - { - "type": "WEB", - "url": "https://news.ycombinator.com/item?id=38684904" - }, - { - "type": "WEB", - "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" - }, - { - "type": "WEB", - "url": "https://matt.ucc.asn.au/dropbear/CHANGES" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" - }, - { - "type": "WEB", - "url": "https://www.vandyke.com/products/securecrt/history.txt" - }, - { - "type": "WEB", - "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" - }, - { - "type": "WEB", - "url": "https://www.terrapin-attack.com" - }, - { - "type": "WEB", - "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" - }, - { - "type": "WEB", - "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" - }, - { - "type": "WEB", - "url": "https://www.paramiko.org/changelog.html" - }, - { - "type": "WEB", - "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" - }, - { - "type": "WEB", - "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" - }, - { - "type": "WEB", - "url": "https://www.openssh.com/txt/release-9.6" - }, - { - "type": "WEB", - "url": "https://www.openssh.com/openbsd.html" - }, - { - "type": "WEB", - "url": "https://www.netsarang.com/en/xshell-update-history" - }, - { - "type": "WEB", - "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" - }, - { - "type": "WEB", - "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2023/dsa-5588" - }, - { - "type": "WEB", - "url": "https://www.debian.org/security/2023/dsa-5586" - }, - { - "type": "WEB", - "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" - }, - { - "type": "WEB", - "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" - }, - { - "type": "WEB", - "url": "https://www.bitvise.com/ssh-server-version-history" - }, - { - "type": "WEB", - "url": "https://www.bitvise.com/ssh-client-version-history#933" - }, - { - "type": "WEB", - "url": "https://winscp.net/eng/docs/history#6.2.2" - }, - { - "type": "WEB", - "url": "https://ubuntu.com/security/CVE-2023-48795" - }, - { - "type": "WEB", - "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" - }, - { - "type": "WEB", - "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" - }, - { - "type": "WEB", - "url": "https://support.apple.com/kb/HT214084" - }, - { - "type": "WEB", - "url": "https://security.netapp.com/advisory/ntap-20240105-0004" - }, - { - "type": "WEB", - "url": "https://security.gentoo.org/glsa/202312-17" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" - }, - { - "type": "WEB", - "url": "https://github.com/rapier1/hpn-ssh/releases" - }, - { - "type": "WEB", - "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" - }, - { - "type": "WEB", - "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" - }, - { - "type": "WEB", - "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" - }, - { - "type": "WEB", - "url": "https://github.com/openssh/openssh-portable/commits/master" - }, - { - "type": "WEB", - "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" - }, - { - "type": "WEB", - "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" - }, - { - "type": "WEB", - "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" - }, - { - "type": "WEB", - "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" - }, - { - "type": "WEB", - "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" - }, - { - "type": "WEB", - "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" - }, - { - "type": "WEB", - "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" - }, - { - "type": "WEB", - "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" - }, - { - "type": "WEB", - "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" - }, - { - "type": "WEB", - "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" - }, - { - "type": "WEB", - "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" - }, - { - "type": "WEB", - "url": "https://filezilla-project.org/versions.php" - }, - { - "type": "WEB", - "url": "https://crates.io/crates/thrussh/versions" - }, - { - "type": "WEB", - "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" - }, - { - "type": "WEB", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" - }, - { - "type": "WEB", - "url": "https://bugs.gentoo.org/920280" - }, - { - "type": "WEB", - "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack" - }, - { - "type": "WEB", - "url": "https://access.redhat.com/security/cve/cve-2023-48795" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" - }, - { - "type": "WEB", - "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" - }, - { - "type": "WEB", - "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" - }, - { - "type": "WEB", - "url": "https://help.panic.com/releasenotes/transmit5" - }, - { - "type": "WEB", - "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" - }, - { - "type": "WEB", - "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" - }, - { - "type": "WEB", - "url": "https://go.dev/issue/64784" - }, - { - "type": "WEB", - "url": "https://go.dev/cl/550715" - }, - { - "type": "WEB", - "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" - }, - { - "type": "WEB", - "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" - }, - { - "type": "PACKAGE", - "url": "https://github.com/warp-tech/russh" - }, - { - "type": "WEB", - "url": "https://github.com/ronf/asyncssh/tags" - }, - { - "type": "WEB", - "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" - }, - { - "type": "WEB", - "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" - }, - { - "type": "WEB", - "url": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-345", - "CWE-354" - ], - "github_reviewed": true, - "github_reviewed_at": "2023-12-18T19:22:09Z", - "nvd_published_at": "2023-12-18T16:15:10Z", - "severity": "MODERATE" - } - } - ], - "groups": [ - { - "ids": [ - "GHSA-45x7-px36-x8w8" - ], - "aliases": [ - "CGA-f9g2-26qr-3m89", - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8", - "GO-2023-2402" - ], - "max_severity": "5.9" - } - ] - } -] \ No newline at end of file diff --git a/requirements/chkbit-requirements.txt b/requirements/chkbit-requirements.txt new file mode 100644 index 0000000..379ba6b --- /dev/null +++ b/requirements/chkbit-requirements.txt @@ -0,0 +1 @@ +blake3==0.4.1 diff --git a/requirements/graph-tool-requirements.txt b/requirements/graph-tool-requirements.txt index 1cf003d..cc2d430 100644 --- a/requirements/graph-tool-requirements.txt +++ b/requirements/graph-tool-requirements.txt @@ -6,6 +6,6 @@ matplotlib==3.9.0 packaging==24.1 pyparsing==3.1.2 python-dateutil==2.9.0.post0 -setuptools==70.0.0 +setuptools==70.1.1 six==1.16.0 zstandard==0.22.0 diff --git a/requirements/moto-requirements.txt b/requirements/moto-requirements.txt index 841b30d..ee7cd7e 100644 --- a/requirements/moto-requirements.txt +++ b/requirements/moto-requirements.txt @@ -4,9 +4,9 @@ attrs==23.2.0 aws-sam-translator==1.89.0 aws-xray-sdk==2.14.0 blinker==1.8.2 -boto3==1.34.128 -botocore==1.34.128 -cfn-lint==0.87.7 +boto3==1.34.136 +botocore==1.34.136 +cfn-lint==1.4.2 charset-normalizer==3.3.2 click==8.1.7 docker==7.1.0 @@ -18,25 +18,21 @@ itsdangerous==2.2.0 jinja2==3.1.4 jmespath==1.0.1 joserfc==0.12.0 -jschema-to-python==1.2.3 -jsondiff==2.0.0 +jsondiff==2.1.1 jsonpatch==1.33 jsonpath-ng==1.6.1 -jsonpickle==3.2.1 jsonpointer==3.0.0 jsonschema==4.22.0 -jsonschema-path==0.3.2 +jsonschema-path==0.3.3 jsonschema-specifications==2023.12.1 -junit-xml==1.9 lazy-object-proxy==1.10.0 markupsafe==2.1.5 mpmath==1.3.0 -multipart==0.2.4 +multipart==0.2.5 networkx==3.3 openapi-schema-validator==0.6.2 openapi-spec-validator==0.7.1 pathable==0.4.3 -pbr==6.0.0 ply==3.11 py-partiql-parser==0.5.5 pydantic==2.7.4 @@ -44,15 +40,14 @@ pydantic-core==2.18.4 pyparsing==3.1.2 python-dateutil==2.9.0.post0 pyyaml==6.0.1 -referencing==0.31.1 +referencing==0.35.1 regex==2024.5.15 requests==2.32.3 responses==0.25.3 rfc3339-validator==0.1.4 rpds-py==0.18.1 -s3transfer==0.10.1 -sarif-om==1.0.4 -setuptools==70.0.0 +s3transfer==0.10.2 +setuptools==70.1.1 six==1.16.0 sympy==1.12.1 typing-extensions==4.12.2 diff --git a/requirements/ssh-mitm-requirements.txt b/requirements/ssh-mitm-requirements.txt index e8d5bf8..52b9273 100644 --- a/requirements/ssh-mitm-requirements.txt +++ b/requirements/ssh-mitm-requirements.txt @@ -1,18 +1,18 @@ -argcomplete==3.2.3 -bcrypt==4.1.2 +appimage==1.0.0 +argcomplete==3.4.0 +bcrypt==4.1.3 colored==2.2.4 ecdsa==0.19.0 markdown-it-py==3.0.0 mdurl==0.1.2 -packaging==24.0 -paramiko==3.3.1 -pygments==2.17.2 +packaging==24.1 +paramiko==3.4.0 +pygments==2.18.0 pynacl==1.5.0 python-json-logger==2.0.7 pytz==2024.1 pyyaml==6.0.1 rich==13.7.1 -setuptools==69.2.0 six==1.16.0 sshpubkeys==3.3.1 wrapt==1.16.0 diff --git a/requirements/uhd-requirements.txt b/requirements/uhd-requirements.txt index ecb13d7..a0672e3 100644 --- a/requirements/uhd-requirements.txt +++ b/requirements/uhd-requirements.txt @@ -1,2 +1,2 @@ -mako==1.3.2 -markupsafe==2.1.3 +mako==1.3.5 +markupsafe==2.1.5