Compare the version numbers of extra modules in Pythonista with PyPI.
Results:
- https://pyup.io/account/repos/github/cclauss/pythonista-module-versions/
- https://requires.io/github/cclauss/pythonista-module-versions/requirements/
Pythonista version 3.1.1 (311016) running Python 3.6.1 on iOS 10.3.3 on an iPad3,4.
=========================================================
| module | local | PyPI |
| name | version | version |
| ------------- | ----------- | ----------- |
| arrow | 0.10.0 | 0.10.0 |
| bottle | 0.12.5 | 0.12.13 | Upgrade?
| bs4 | 4.4.1 | 4.6.0 | Upgrade?
| certifi | 2016.02.28 | 2017.11.5 | Upgrade?
| Crypto | 2.6 | 2.6.1 | Upgrade?
| cycler | 0.9.0 | 0.10.0 | Upgrade?
| dateutil | 2.2 | 2.2 |
| dropbox | 6.4.0 | 8.4.1 | Upgrade?
| ecdsa | UNKNOWN | 0.13 | Upgrade?
| et_xmlfile | 1.0.1 | 1.0.1 |
| evernote | ????? | 1.25.2 | ?????
| faker | ????? | 0.8.6 | ?????
| feedparser | 5.2.1 | 5.2.1 |
| flask | 0.10.1 | 0.12.2 | Upgrade?
| google | ????? | 1.9.3 | ?????
| html2text | 2014.4.5 | 2017.10.4 | Upgrade?
| html5lib | 0.999 | 0.999999999 | Upgrade?
| httplib2 | 0.9.2 | 0.10.3 | Upgrade?
| images2gif | ????? | 1.0.1 | ?????
| itsdangerous | ????? | 0.24 | ?????
| jdcal | 1.3 | 1.3 |
| jedi | 0.9.0 | 0.11.0 | Upgrade?
| jinja2 | 2.7 | 2.10 | Upgrade?
| libmodernize | 0.5 | Found | Upgrade?
### hasattr(markdown, 'version')
| markdown | 2.6.2 | 2.6.9 | Upgrade?
| markdown2 | 2.2.1 | 2.3.5 | Upgrade?
| markupsafe | ????? | 1.0 | ?????
| matplotlib | 1.4.0 | 2.1.0 | Upgrade?
| mccabe | 0.4.0 | 0.6.1 | Upgrade?
| midiutil | ????? | 1.1.3 | ?????
| mpl_toolkits | ????? | Found | ?????
| mpmath | 0.18 | 1.0.0 | Upgrade?
| numpy | 1.8.0 | 1.13.3 | Upgrade?
| oauth2 | 1.9.0.post1 | 1.9.0.post1 |
| paramiko | 1.16.0 | 2.3.1 | Upgrade?
| parsedatetime | 1.5 | 2.4 | Upgrade?
### hasattr(PIL, 'PILLOW_VERSION')
| PIL | 2.9.0 | 4.3.0 | Upgrade?
| pycparser | 2.10 | 2.18 | Upgrade?
| pyflakes | 1.5.0 | 1.6.0 | Upgrade?
| pygments | 2.1 | 2.2.0 | Upgrade?
| pylab | ????? | Found | ?????
| pyparsing | 2.0.1 | 2.2.0 | Upgrade?
| PyPDF2 | 1.22 | 1.26.0 | Upgrade?
| pytest | 3.0.5 | 3.2.3 | Upgrade?
| pytz | 2015.7 | 2017.3 | Upgrade?
| qrcode | ????? | 5.3 | ?????
### hasattr(reportlab, 'Version')
| reportlab | 3.1.8 | 3.4.0 | Upgrade?
| requests | 2.9.1 | 2.18.4 | Upgrade?
| sgmllib | ????? | Found | ?????
| simpy | 3.0.8 | 3.0.10 | Upgrade?
| six | 1.6.1 | 1.11.0 | Upgrade?
| sqlalchemy | 0.9.7 | 1.2.0b3 | Upgrade?
### hasattr(sqlite3, 'version')
| sqlite3 | 2.6.0 | 2.8.3 | Upgrade?
| sympy | 0.7.4.1 | 1.1.1 | Upgrade?
| thrift | ????? | 0.10.0 | ?????
| turtle | ????? | 0.0.2 | ?????
| twitter | ????? | 1.18.0 | ?????
| wavebender | 0.3 | Found | Upgrade?
| werkzeug | 0.9.4 | 0.12.2 | Upgrade?
| wsgiref | ????? | 0.1.2 | ?????
| xmltodict | 0.8.7 | 0.11.0 | Upgrade?
| yaml | 3.11 | 3.12 | Upgrade?
| yapf | 0.16.1 | 0.19.0 | Upgrade?
| ------------- | ----------- | ----------- |
Pythonista version 3.1.1 (311016) running Python 2.7.12 on iOS 10.3.3 on an iPad3,4.
=========================================================
| module | local | PyPI |
| name | version | version |
| ------------- | ----------- | ----------- |
| arrow | 0.10.0 | 0.10.0 |
| bottle | 0.12.5 | 0.12.13 | Upgrade?
| bs4 | 4.3.2 | 4.6.0 | Upgrade?
| Crypto | 2.6 | 2.6.1 | Upgrade?
| dateutil | 2.2 | 2.2 |
| dropbox | 6.4.0 | 8.4.1 | Upgrade?
| ecdsa | 0.11 | 0.13 | Upgrade?
| et_xmlfile | 1.0.1 | 1.0.1 |
| evernote | ????? | 1.25.2 | ?????
| faker | ????? | 0.8.6 | ?????
| feedparser | 5.1.3 | 5.2.1 | Upgrade?
| flask | 0.10.1 | 0.12.2 | Upgrade?
| google | ????? | 1.9.3 | ?????
| html2text | 2014.4.5 | 2017.10.4 | Upgrade?
| html5lib | 0.999 | 0.999999999 | Upgrade?
| httplib2 | 0.8 | 0.10.3 | Upgrade?
| images2gif | ????? | 1.0.1 | ?????
| itsdangerous | ????? | 0.24 | ?????
| jdcal | 1.3 | 1.3 |
| jedi | 0.9.0 | 0.11.0 | Upgrade?
| jinja2 | 2.7 | 2.10 | Upgrade?
### hasattr(markdown, 'version')
| markdown | 2.2.0 | 2.6.9 | Upgrade?
| markdown2 | 2.2.1 | 2.3.5 | Upgrade?
| markupsafe | ????? | 1.0 | ?????
| matplotlib | 1.4.0 | 2.1.0 | Upgrade?
| midiutil | ????? | 1.1.3 | ?????
| mpl_toolkits | ????? | Found | ?????
| mpmath | 0.18 | 1.0.0 | Upgrade?
| numpy | 1.8.0 | 1.13.3 | Upgrade?
| oauth2 | 1.5.211 | 1.9.0.post1 | Upgrade?
| paramiko | 1.16.0 | 2.3.1 | Upgrade?
| parsedatetime | 1.3 | 2.4 | Upgrade?
### hasattr(PIL, 'PILLOW_VERSION')
| PIL | 2.9.0 | 4.3.0 | Upgrade?
| pycparser | 2.10 | 2.18 | Upgrade?
| pyflakes | 1.5.0 | 1.6.0 | Upgrade?
| pygments | 1.6 | 2.2.0 | Upgrade?
| pylab | ????? | Found | ?????
| pyparsing | 2.0.1 | 2.2.0 | Upgrade?
| PyPDF2 | 1.22 | 1.26.0 | Upgrade?
| pytest | 3.0.5 | 3.2.3 | Upgrade?
| pytz | 2013b | 2017.3 | Upgrade?
| qrcode | ????? | 5.3 | ?????
### hasattr(reportlab, 'Version')
| reportlab | 3.1.8 | 3.4.0 | Upgrade?
| requests | 2.5.1 | 2.18.4 | Upgrade?
| sgmllib | ????? | Found | ?????
| simpy | 3.0.2 | 3.0.10 | Upgrade?
| six | 1.6.1 | 1.11.0 | Upgrade?
| sqlalchemy | 0.9.7 | 1.2.0b3 | Upgrade?
### hasattr(sqlite3, 'version')
| sqlite3 | 2.6.0 | 2.8.3 | Upgrade?
| sympy | 0.7.4.1 | 1.1.1 | Upgrade?
| thrift | ????? | 0.10.0 | ?????
| turtle | ????? | 0.0.2 | ?????
| twitter | ????? | 1.18.0 | ?????
| wavebender | 0.3 | Found | Upgrade?
| werkzeug | 0.9.4 | 0.12.2 | Upgrade?
| wsgiref | ????? | 0.1.2 | ?????
| xmltodict | 0.8.7 | 0.11.0 | Upgrade?
| yaml | 3.09 | 3.12 | Upgrade?
| yapf | 0.16.1 | 0.19.0 | Upgrade?
| ------------- | ----------- | ----------- |
Starting GitHub Action for pyup Safety:safety command
Warning: unpinned requirement 'ecdsa' found in requirements.txt, unable to check.
Warning: unpinned requirement 'evernote' found in requirements.txt, unable to check.
Warning: unpinned requirement 'faker' found in requirements.txt, unable to check.
Warning: unpinned requirement 'google' found in requirements.txt, unable to check.
Warning: unpinned requirement 'images2gif' found in requirements.txt, unable to check.
Warning: unpinned requirement 'itsdangerous' found in requirements.txt, unable to check.
Warning: unpinned requirement 'markupsafe' found in requirements.txt, unable to check.
Warning: unpinned requirement 'midiutil' found in requirements.txt, unable to check.
Warning: unpinned requirement 'mpl_toolkits' found in requirements.txt, unable to check.
Warning: unpinned requirement 'pylab' found in requirements.txt, unable to check.
Warning: unpinned requirement 'qrcode' found in requirements.txt, unable to check.
Warning: unpinned requirement 'sgmllib' found in requirements.txt, unable to check.
Warning: unpinned requirement 'thrift' found in requirements.txt, unable to check.
Warning: unpinned requirement 'turtle' found in requirements.txt, unable to check.
Warning: unpinned requirement 'twitter' found in requirements.txt, unable to check.
Warning: unpinned requirement 'wsgiref' found in requirements.txt, unable to check.
╒══════════════════════════════════════════════════════════════════════════════╕
│ │
│ /$$$$$$ /$$ │
│ /$$__ $$ | $$ │
│ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ │
│ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ │
│ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ │
│ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ │
│ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ │
│ |_______/ \_______/|__/ \_______/ \___/ \____ $$ │
│ /$$ | $$ │
│ | $$$$$$/ │
│ by pyup.io \______/ │
│ │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT │
│ checked 46 packages, using default DB │
╞════════════════════════════╤═══════════╤══════════════════════════╤══════════╡
│ package │ installed │ affected │ ID │
╞════════════════════════════╧═══════════╧══════════════════════════╧══════════╡
│ bottle │ 0.12.5 │ <0.12.10 │ 25642 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, │
│ which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet- │
│ Cookie: name=salt") call. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ bottle │ 0.12.5 │ >=0.12,<0.12.6 │ 35548 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 │
│ does not properly limit content types, which allows remote attackers to │
│ bypass intended access restrictions via an accepted Content-Type followed by │
│ a ; (semi-colon) and a Content-Type that would not be accepted, as │
│ demonstrated in YouCompleteMe to execute arbitrary code. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ flask │ 0.10.1 │ <0.12.3 │ 36388 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ flask version Before 0.12.3 contains a CWE-20: Improper Input Validation │
│ vulnerability in flask that can result in Large amount of memory usage │
│ possibly leading to denial of service. This attack appear to be exploitable │
│ via Attacker provides JSON data in incorrect encoding. This vulnerability │
│ appears to have been fixed in 0.12.3. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib │ 0.999 │ <0.99999999 │ 35693 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The serializer in html5lib before 0.99999999 might allow remote attackers to │
│ conduct cross-site scripting (XSS) attacks by leveraging mishandling of the │
│ < (less than) character in attribute values. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib │ 0.999 │ <0.99999999 │ 35694 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The serializer in html5lib before 0.99999999 might allow remote attackers to │
│ conduct cross-site scripting (XSS) attacks by leveraging mishandling of │
│ special characters in attribute values, a different vulnerability than │
│ CVE-2016-9909. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib │ 0.999 │ <0.99999999 │ 25846 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ html5lib before 0.99999999 is vulnerable to a XSS attack. Upgrading avoids │
│ the XSS bug potentially caused by serializer allowing attribute values to be │
│ escaped out of in old browser versions, changing the quote_attr_values │
│ option on serializer to take one of three values, "always" (the old True │
│ value), "legacy" (the new option, and the new default), and "spec" (the old │
│ False value, and the old default). │
╞══════════════════════════════════════════════════════════════════════════════╡
│ httplib2 │ 0.9.2 │ <=0.9.2 │ 25848 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ httplib2 before and including 0.9.2 on "SSL certificate hostname mismatch" │
│ it is checked only once: https://github.com/httplib2/httplib2/issues/5 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ jinja2 │ 2.7 │ <2.7.2 │ 25865 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ jinja2 2.7.2 fixes a security issue: Changed the default folder for the │
│ filesystem cache to be user specific and read and write protected on UNIX │
│ systems. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 for │
│ more information. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ jinja2 │ 2.7 │ <2.7.3 │ 25866 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The default configuration for bccache.FileSystemBytecodeCache in Jinja2 │
│ before 2.7.2 does not properly create temporary files, which allows local │
│ users to gain privileges via a crafted .cache file with a name starting with │
│ __jinja2_ in /tmp. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ markdown2 │ 2.2.1 │ <2.3.5 │ 35760 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. │
│ The safe_mode feature, which is supposed to sanitize user input against XSS, │
│ is flawed and does not escape the input properly. With a crafted payload, │
│ XSS can be triggered, as demonstrated by omitting the final '>' character │
│ from an IMG tag. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.1.1 │ 33134 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Buffer overflow in the ImagingLibTiffDecode function in │
│ libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to │
│ overwrite memory via a crafted TIFF file. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.1.1 │ 33135 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c │
│ in Pillow before 3.1.1 allows remote attackers to cause a denial of service │
│ (crash) via a crafted FLI file. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.1.1 │ 33136 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow │
│ before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows │
│ remote attackers to cause a denial of service (crash) via a crafted PhotoCD │
│ file. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.1.1 │ 33137 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Integer overflow in the ImagingResampleHorizontal function in │
│ libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have │
│ unspecified impact via negative values of the new size, which triggers a │
│ heap-based buffer overflow. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.1.2 │ 25943 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow before 3.1.2 is vulnerable to an integer overflow in Jpeg2KEncode.c │
│ causing a buffer overflow. CVE-2016-3076. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.3.2 │ 33138 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary │
│ code by using the "crafted image file" approach, related to an "Insecure │
│ Sign Extension" issue affecting the ImagingNew in Storage.c component. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ pillow │ 2.9.0 │ <3.3.2 │ 33139 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive │
│ information by using the "crafted image file" approach, related to an │
│ "Integer Overflow" issue affecting the Image.core.map_buffer in map.c │
│ component. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ requests │ 2.9.1 │ <=2.19.1 │ 36546 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The Requests package before 2.19.1 sends an HTTP Authorization header to an │
│ http URI upon receiving a same-hostname https-to-http redirect, which makes │
│ it easier for remote attackers to discover credentials by sniffing the │
│ network. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ werkzeug │ 0.9.4 │ <0.11.11 │ 35661 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Cross-site scripting (XSS) vulnerability in the render_full function in │
│ debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used │
│ in Pallets Flask and other products) allows remote attackers to inject │
│ arbitrary web script or HTML via a field that contains an exception message. │
╘══════════════════════════════════════════════════════════════════════════════╛
