Console Output

[tests-stage_2-merge_v15.0] Running shell script
+ runuser jenkins -c devops-stages/stage-test.sh
Checking syntax of Robot tests
Checking tabs in robot files. No tabs should be present
No tabs are present in robot files. Correct!
Checking param separation in robot files. Three spaces is the recommendation, instead of two
No presence of two spaces to separate params in robot files. Correct!
Checking param separation in robot files. Three spaces is the recommendation, instead of four or more
Only three spaces must be used between params in robot files. Correct!
Checking CRLF terminators in robot files. No CRLF should be found
No presence of CRLF terminators in robot files. Correct!
Checking spaces at the end of lines in robot files. No spaces at EOL should be found
No presence of spaces at EOL in robot files. Correct!
Launching tox
✔ OK black in 10.469 seconds
black create: /tmp/.tox/black
black installdeps: black
black installed: black==24.4.2,click==8.1.7,mypy-extensions==1.0.0,packaging==24.1,pathspec==0.12.1,platformdirs==4.2.2,tomli==2.0.1,typing_extensions==4.12.2
black run-test-pre: PYTHONHASHSEED='3958195852'
black run-test: commands[0] | black --check --diff robot-systest --fast
All done! ✨ 🍰 ✨
7 files would be left unchanged.

✔ OK flake8 in 13.258 seconds
flake8 create: /tmp/.tox/flake8
flake8 installdeps: flake8
flake8 develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v15.0
flake8 installed: flake8==7.1.0,mccabe==0.7.0,pycodestyle==2.12.0,pyflakes==3.2.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@b9ea77a47f7a746b4320534f5029d4622c35a72e#egg=tests
flake8 run-test-pre: PYTHONHASHSEED='1961410794'
flake8 run-test: commands[0] | flake8 robot-systest

✔ OK cover in 1 minute, 18.456 seconds
cover create: /tmp/.tox/cover
cover installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v15.0/requirements.txt
cover develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v15.0
cover installed: appdirs==1.4.4,argcomplete==3.1.2,attrs==23.1.0,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.15.1,charset-normalizer==3.2.0,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dogpile.cache==1.2.2,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.0.0,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,outcome==1.2.0,packaging==23.1,paramiko==3.3.1,pbr==5.11.1,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pyjsonselect==0.2.2,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-keystoneclient==5.2.0,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,scp==0.14.5,selenium==4.13.0,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@b9ea77a47f7a746b4320534f5029d4622c35a72e#egg=tests,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.6,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0
cover run-test-pre: PYTHONHASHSEED='2976576457'
cover run-test: commands[0] | sh -c 'echo No unit tests'
No unit tests

✔ OK pylint in 1 minute, 28.846 seconds
pylint create: /tmp/.tox/pylint
pylint installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v15.0/requirements.txt, -r/home/jenkins/workspace/tests-stage_2-merge_v15.0/requirements-dev.txt, pylint
pylint develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v15.0
pylint installed: appdirs==1.4.4,argcomplete==3.1.2,astroid==3.2.2,attrs==23.1.0,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.15.1,charset-normalizer==3.2.0,click==8.1.7,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dill==0.3.8,dogpile.cache==1.2.2,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.0.0,isort==5.13.2,Jinja2==3.1.2,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,MarkupSafe==2.1.3,mccabe==0.7.0,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,osmclient @ git+https://osm.etsi.org/gerrit/osm/osmclient.git@c9c8f15561064379419abd92e42017d2011dba26,outcome==1.2.0,packaging==23.1,paramiko==3.3.1,pbr==5.11.1,platformdirs==4.2.2,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pyjsonselect==0.2.2,pylint==3.2.3,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-keystoneclient==5.2.0,python-magic==0.4.27,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,scp==0.14.5,selenium==4.13.0,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@b9ea77a47f7a746b4320534f5029d4622c35a72e#egg=tests,tomli==2.0.1,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.6,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0
pylint run-test-pre: PYTHONHASHSEED='2621707225'
pylint run-test: commands[0] | pylint -E robot-systest

✔ OK rflint in 1 minute, 29.189 seconds
rflint create: /tmp/.tox/rflint
rflint installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v15.0/requirements.txt, -r/home/jenkins/workspace/tests-stage_2-merge_v15.0/requirements-dev.txt, robotframework-lint, robotframework-robocop==4.2.2
rflint develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v15.0
rflint installed: appdirs==1.4.4,argcomplete==3.1.2,attrs==23.1.0,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.15.1,charset-normalizer==3.2.0,click==8.1.7,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dogpile.cache==1.2.2,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.0.0,Jinja2==3.1.2,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,MarkupSafe==2.1.3,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,osmclient @ git+https://osm.etsi.org/gerrit/osm/osmclient.git@c9c8f15561064379419abd92e42017d2011dba26,outcome==1.2.0,packaging==23.1,paramiko==3.3.1,pathspec==0.11.2,pbr==5.11.1,platformdirs==4.1.0,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pyjsonselect==0.2.2,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-dateutil==2.9.0.post0,python-keystoneclient==5.2.0,python-magic==0.4.27,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-lint==1.1,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-robocop==4.2.2,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,scp==0.14.5,selenium==4.13.0,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@b9ea77a47f7a746b4320534f5029d4622c35a72e#egg=tests,tomli==2.0.1,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.6,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0
rflint run-test-pre: PYTHONHASHSEED='1336564503'
rflint run-test: commands[0] | rflint --ignore LineTooLong --ignore TooFewTestSteps --ignore TooManyTestCases --ignore TooManyTestSteps --ignore TooFewKeywordSteps testsuite lib resources
rflint run-test: commands[1] | robocop --configure return_status:quality_gate:E=0:W=0:I=0 --exclude '050*,0701,0923' .

✔ OK safety in 1 minute, 30.829 seconds
safety create: /tmp/.tox/safety
safety installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v15.0/requirements.txt, safety
safety develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v15.0
safety installed: annotated-types==0.7.0,appdirs==1.4.4,argcomplete==3.1.2,attrs==23.1.0,Authlib==1.3.1,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.15.1,charset-normalizer==3.2.0,click==8.1.7,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dogpile.cache==1.2.2,dparse==0.6.4b0,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.0.0,Jinja2==3.1.4,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,markdown-it-py==3.0.0,MarkupSafe==2.1.5,marshmallow==3.21.3,mdurl==0.1.2,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,outcome==1.2.0,packaging==23.1,paramiko==3.3.1,pbr==5.11.1,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pydantic==2.7.4,pydantic_core==2.18.4,Pygments==2.18.0,pyjsonselect==0.2.2,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-keystoneclient==5.2.0,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,rich==13.7.1,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,ruamel.yaml==0.18.6,ruamel.yaml.clib==0.2.8,safety==3.2.3,safety-schemas==0.0.2,scp==0.14.5,selenium==4.13.0,shellingham==1.5.4,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@b9ea77a47f7a746b4320534f5029d4622c35a72e#egg=tests,tomli==2.0.1,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typer==0.12.3,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.6,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0
safety run-test-pre: PYTHONHASHSEED='3985783498'
safety run-test: commands[0] | - safety check --full-report
+==============================================================================+

                               /$$$$$$            /$$
                              /$$__  $$          | $$
           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$
          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$
         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$
          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$
          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$
         |_______/  \_______/|__/     \_______/   \___/   \____  $$
                                                          /$$  | $$
                                                         |  $$$$$$/
  by safetycli.com                                        \______/

+==============================================================================+

 REPORT 

  Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited. 
  For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io

  Safety v3.2.3 is scanning for Vulnerabilities...
  Scanning dependencies in your environment:

  -> /usr/lib/python3.10/lib-dynload
  -> /tmp/.tox/safety/bin
  -> /tmp/.tox/safety/lib/python3.10/site-packages
  -> /home/jenkins/workspace/tests-stage_2-merge_v15.0
  -> /usr/lib/python3.10
  -> /usr/lib/python310.zip

  Using open-source vulnerability database
  Found and scanned 121 packages
  Timestamp 2024-06-17 10:18:00
  13 vulnerabilities reported
  0 vulnerabilities ignored

+==============================================================================+
 VULNERABILITIES REPORTED 
+==============================================================================+

-> Vulnerability found in wheel version 0.37.1
   Vulnerability ID: 51499
   Affected spec: <0.38.1
   ADVISORY: Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue
   discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier
   allows remote attackers to cause a denial of service via attacker
   controlled input to wheel cli.https://pyup.io/posts/pyup-discovers-redos-
   vulnerabilities-in-top-python-packages
   CVE-2022-40898
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/51499/97c
   To ignore this vulnerability, use PyUp vulnerability id 51499 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in urllib3 version 2.0.5
   Vulnerability ID: 61893
   Affected spec: >=2.0.0a1,<2.0.7
   ADVISORY: Urllib3 1.26.18 and 2.0.7 include a fix for
   CVE-2023-45803: Request body not stripped after redirect from 303 status
   changes request method to GET.https://github.com/urllib3/urllib3/security/
   advisories/GHSA-g4mx-q9vg-27p4
   CVE-2023-45803
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/61893/97c
   To ignore this vulnerability, use PyUp vulnerability id 61893 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in pip version 22.0.2
   Vulnerability ID: 62044
   Affected spec: <23.3
   ADVISORY: Affected versions of Pip are vulnerable to Command
   Injection. When installing a package from a Mercurial VCS URL (ie "pip
   install hg+...") with pip prior to v23.3, the specified Mercurial revision
   could be used to inject arbitrary configuration options to the "hg clone"
   call (ie "--config"). Controlling the Mercurial configuration can modify
   how and which repository is installed. This vulnerability does not affect
   users who aren't installing from Mercurial.
   CVE-2023-5752
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/62044/97c
   To ignore this vulnerability, use PyUp vulnerability id 62044 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in paramiko version 3.3.1
   Vulnerability ID: 65193
   Affected spec: <3.4.0
   ADVISORY: Paramiko's core implementation of the SSH transport
   protocol, including certain OpenSSH extensions used before OpenSSH 9.6, is
   vulnerable to a "Terrapin attack." This vulnerability allows remote
   attackers to manipulate packet integrity during the handshake phase,
   potentially leading to security downgrades or disabled features in SSH
   connections. Specific attacks target the use of ChaCha20-Poly1305 and CBC
   with Encrypt-then-MAC, where sequence numbers and integrity checks are
   improperly managed. This issue particularly affects the
   chacha20-poly1305@openssh.com and -etm@openssh.com MAC algorithms.
   CVE-2023-48795
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/65193/97c
   To ignore this vulnerability, use PyUp vulnerability id 65193 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in paramiko version 3.3.1
   Vulnerability ID: 63227
   Affected spec: <3.4.0
   ADVISORY: Paramiko 3.4.0 has been released to fix vulnerabilities
   affecting encrypt-then-MAC digest algorithms in tandem with CBC ciphers,
   and ChaCha20-poly1305. The fix requires cooperation from both ends of the
   connection, making it effective when the remote end is OpenSSH >= 9.6 and
   configured to use the new “strict kex” mode. For further details, refer to
   the official Paramiko documentation or GitHub
   repository.https://github.com/advisories/GHSA-45x7-px36-x8w8
   CVE-2023-48795
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/63227/97c
   To ignore this vulnerability, use PyUp vulnerability id 63227 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in jinja2 version 3.1.4
   Vulnerability ID: 70612
   Affected spec: >=0
   ADVISORY: In Jinja2, the from_string function is prone to Server
   Side Template Injection (SSTI) where it takes the "source" parameter as a
   template object, renders it, and then returns it. The attacker can exploit
   it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple
   third parties believe that this vulnerability isn't valid because users
   shouldn't use untrusted templates without sandboxing.
   CVE-2019-8341
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/70612/97c
   To ignore this vulnerability, use PyUp vulnerability id 70612 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in idna version 3.4
   Vulnerability ID: 67895
   Affected spec: <3.7
   ADVISORY: CVE-2024-3651 impacts the idna.encode() function, where
   a specially crafted argument could lead to significant resource
   consumption, causing a denial-of-service. In version 3.7, this function
   has been updated to reject such inputs efficiently, minimizing resource
   use. A practical workaround involves enforcing a maximum domain name
   length of 253 characters before encoding, as the vulnerability is
   triggered by unusually large inputs that normal operations wouldn't
   encounter.
   CVE-2024-3651
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/67895/97c
   To ignore this vulnerability, use PyUp vulnerability id 67895 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in cryptography version 41.0.4
   Vulnerability ID: 66704
   Affected spec: >=38.0.0,<42.0.4
   ADVISORY: cryptography is a package designed to expose
   cryptographic primitives and recipes to Python developers. Starting in
   version 38.0.0 and before version 42.0.4, if
   `pkcs12.serialize_key_and_certificates` is called with both a certificate
   whose public key did not match the provided private key and an
   `encryption_algorithm` with `hmac_hash` set (via
   `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL
   pointer dereference would occur, crashing the Python process. This has
   been resolved in version 42.0.4, the first version in which a `ValueError`
   is properly raised.
   CVE-2024-26130
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/66704/97c
   To ignore this vulnerability, use PyUp vulnerability id 66704 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in cryptography version 41.0.4
   Vulnerability ID: 65278
   Affected spec: <42.0.0
   ADVISORY: A flaw was found in the python-cryptography package.
   This issue may allow a remote attacker to decrypt captured messages in TLS
   servers that use RSA key exchanges, which may lead to exposure of
   confidential or sensitive data. See CVE-2023-50782.
   CVE-2023-50782
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/65278/97c
   To ignore this vulnerability, use PyUp vulnerability id 65278 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in cryptography version 41.0.4
   Vulnerability ID: 66777
   Affected spec: >=35.0.0,<42.0.2
   ADVISORY: CVE-2023-6237 addresses a vulnerability in RSA public
   key verification where checking a large, incorrect RSA key with
   EVP_PKEY_public_check() could take an excessive amount of time. This is
   due to no size limit on the RSA public key and an unnecessarily high
   number of Miller-Rabin rounds for modulus non-primality checks. The fix
   sets a maximum key size of 16384 bits and reduces Miller-Rabin rounds to
   5, enhancing security and performance by preventing the
   RSA_R_MODULUS_TOO_LARGE error.
   CVE-2023-6237
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/66777/97c
   To ignore this vulnerability, use PyUp vulnerability id 66777 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in cryptography version 41.0.4
   Vulnerability ID: 65212
   Affected spec: >=35.0.0,<42.0.2
   ADVISORY: Versions of Cryptograph starting from 35.0.0 are
   susceptible to a security flaw in the POLY1305 MAC algorithm on PowerPC
   CPUs, which allows an attacker to disrupt the application's state. This
   disruption might result in false calculations or cause a denial of
   service. The vulnerability's exploitation hinges on the attacker's ability
   to alter the algorithm's application and the dependency of the software on
   non-volatile XMM registers.https://github.com/pyca/cryptography/commit/89d
   0d56fb104ac4e0e6db63d78fc22b8c53d27e9
   CVE-2023-6129
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/65212/97c
   To ignore this vulnerability, use PyUp vulnerability id 65212 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in cryptography version 41.0.4
   Vulnerability ID: 62556
   Affected spec: >=3.1,<41.0.6
   ADVISORY: Cryptography 41.0.6 includes a fix for CVE-2023-49083:
   NULL-dereference when loading PKCS7
   certificates.https://github.com/advisories/GHSA-jfhm-5ghh-2f97
   CVE-2023-49083
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/62556/97c
   To ignore this vulnerability, use PyUp vulnerability id 62556 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in cryptography version 41.0.4
   Vulnerability ID: 65647
   Affected spec: <42.0.5
   ADVISORY: Cryptography version 42.0.5 introduces a limit on the
   number of name constraint checks during X.509 path validation to prevent
   denial of service attacks.https://github.com/pyca/cryptography/commit/4be5
   3bf20cc90cbac01f5f94c5d1aecc5289ba1f
   PVE-2024-65647
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/65647/97c
   To ignore this vulnerability, use PyUp vulnerability id 65647 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


+==============================================================================+
   REMEDIATIONS

  13 vulnerabilities were reported in 7 packages. For detailed remediation & 
  fix recommendations, upgrade to a commercial license. 

+==============================================================================+

 Scan was completed. 13 vulnerabilities were reported. 

+==============================================================================+

  Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited. 
  For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io

+==============================================================================+

___________________________________ summary ____________________________________
  black: commands succeeded
  cover: commands succeeded
  flake8: commands succeeded
  pylint: commands succeeded
  rflint: commands succeeded
  safety: commands succeeded
  congratulations :)