Skip to content

Update dependency future to v0.18.3 [SECURITY]#190

Open
renovate[bot] wants to merge 1 commit into
Rajkumarfrom
renovate/pypi-future-vulnerability
Open

Update dependency future to v0.18.3 [SECURITY]#190
renovate[bot] wants to merge 1 commit into
Rajkumarfrom
renovate/pypi-future-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Mar 16, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
future (source) ==0.18.2==0.18.3 age confidence

Python Charmers Future denial of service vulnerability

CVE-2022-40899 / GHSA-v3c5-jqr6-7qm8

More information

Details

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. This issue has been patched in version 0.18.3.

Severity

  • CVSS Score: 8.7 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

PythonCharmers/python-future (future)

v0.18.3

Compare Source

This is a minor bug-fix release containing a number of fixes:

  • Backport fix for bpo-38804 (c91d70b)
  • Fix bug in fix_print.py fixer (dffc579)
  • Fix bug in fix_raise.py fixer (3401099)
  • Fix newint bool in py3 (fe645ba)
  • Fix bug in super() with metaclasses (6e27aac)
  • docs: fix simple typo, reqest -> request (974eb1f)
  • Correct eq (c780bf5)
  • Pass if lint fails (2abe00d)
  • Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
  • fix order (f96a219)
  • Add flake8 to image (046ff18)
  • Make lint.sh executable (58cc984)
  • Add docker push to optimize CI (01e8440)
  • Build System (42b3025)
  • Add docs build status badge to README.md (3f40bd7)
  • Use same docs requirements in tox (18ecc5a)
  • Add docs/requirements.txt (5f9893f)
  • Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
  • fix 2.6 test, better comment (ddedcb9)
  • fix 2.6 test (3f1ff7e)
  • remove nan test (4dbded1)
  • include list test values (e3f1a12)
  • fix other python2 test issues (c051026)
  • fix missing subTest (f006cad)
  • import from old imp library on older python versions (fc84fa8)
  • replace fstrings with format for python 3.4,3.5 (4a687ea)
  • minor style/spelling fixes (8302d8c)
  • improve cmp function, add unittest (0d95a40)
  • Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
  • Fix various py26 unit test failures (9ca5a14)
  • Add initial contributing guide with docs build instruction (e55f915)
  • Add docs building to tox.ini (3ee9e7f)
  • Support NumPy's specialized int types in builtins.round (b4b54f0)
  • Added r""" to the docstring to avoid warnings in python3 (5f94572)
  • Add subclasscheck for past.types.basestring (c9bc0ff)
  • Correct example in README (681e78c)
  • Add simple documentation (6c6e3ae)
  • Add pre-commit hooks (a9c6a37)
  • Handling of next and next by future.utils.get_next was reversed (52b0ff9)
  • Add a test for our fix (461d77e)
  • Compare headers to correct definition of str (3eaa8fd)
  • #​322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
  • Add tkFileDialog to future.movers.tkinter (f6a6549)
  • Sort before comparing dicts in TestChainMap (6126997)
  • Fix typo (4dfa099)
  • Fix formatting in "What's new" (1663dfa)
  • Fix typo (4236061)
  • Avoid DeprecationWarning caused by invalid escape (e4b7fa1)
  • Fixup broken link to external django documentation re: porting to Python 3 and unicode_literals (d87713e)
  • Fixed newdict checking version every time (99030ec)
  • Add count from 2.7 to 2.6 (1b8ef51)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update dependency future to v0.18.3 [SECURITY] Update dependency future to v0.18.3 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/pypi-future-vulnerability branch March 27, 2026 02:09
@renovate renovate Bot changed the title Update dependency future to v0.18.3 [SECURITY] - autoclosed Update dependency future to v0.18.3 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/pypi-future-vulnerability branch 2 times, most recently from 7fda57e to 1b2a166 Compare March 30, 2026 20:59
@renovate renovate Bot changed the title Update dependency future to v0.18.3 [SECURITY] Update dependency future to v0.18.3 [SECURITY] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title Update dependency future to v0.18.3 [SECURITY] - autoclosed Update dependency future to v0.18.3 [SECURITY] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/pypi-future-vulnerability branch from 1b2a166 to f917e7f Compare April 27, 2026 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants