[SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

CVE-2023-41885 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...