Bump pwntools from 4.0.1 to 4.3.1

[dependabot[bot]]

Bumps pwntools from 4.0.1 to 4.3.1.

Release notes

Sourced from pwntools's releases.

Release 4.3.1

• #1732 Fix shellcraft SSTI vulnerability (first major pwntools vuln!)

Release 4.3.0

• Speed up ELF PLT loading (#1515)
• Take numbwritten bytes into account in FmtString (#1471)
• Support opening of new windows in WSL (#1503)
• #1576 Add executable= argument to ELF.search
• #1584 Add jmp_esp/jmp_rsp attribute to ROP
• #1592 Fix over-verbose logging of process() environment
• #1593 Colorize output of pwn template
• #1601 Add pwn version command line tool
• #1605 Add to fiddling.hexdump a way to suppress the total at the end
• #1613 Permit --password for pwn template
• #1564 Fix asm() and disasm() for PowerPC64, MIPS64, Sparc64
• #1621 Permit negative values in flat() and fit()
• many more

Release 4.3.0beta0

• Speed up ELF PLT loading (#1515)
• Take numbwritten bytes into account in FmtString (#1471)
• Support opening of new windows in WSL (#1503)
• #1576 Add executable= argument to ELF.search
• #1584 Add jmp_esp/jmp_rsp attribute to ROP
• #1592 Fix over-verbose logging of process() environment
• #1593 Colorize output of pwn template
• #1601 Add pwn version command line tool
• #1605 Add to fiddling.hexdump a way to suppress the total at the end
• #1613 Permit --password for pwn template
• #1564 Fix asm() and disasm() for PowerPC64, MIPS64, Sparc64
• #1621 Permit negative values in flat() and fit()

Release 4.2.2

Bugfix release over 4.2.1

Release 4.2.1

#1625 GDB now properly loads executables with QEMU

Release 4.2.0beta0

• #1436 Add ret2dlresolve automation
• fecf9f tubes.ssh.process() no longer requires python 2 installed on remote (still requires python, though)
• Miscellanous improvements to DynElf and fmtstr leaker (see examples/fmtstr/exploit2.py)
• #1454 Support for windows console colors

Release 4.1.1

• Fix PLT resolution by locking unicorn <1.0.2rc4 (#1538)
• Fix wrong ELF/context unpack handling (c4c11a37)
• Fix updating of ELF.functions addresses after changing ELF.address #1512 (#1513)

... (truncated)

Changelog

Sourced from pwntools's changelog.

4.3.1

• #17321732 Fix shellcraft SSTI vulnerability (first major pwntools vuln!)

4.3.0

• #15761576 Add executable= argument to ELF.search
• #15841584 Add jmp_esp/jmp_rsp attribute to ROP
• #15921592 Fix over-verbose logging of process() environment
• #15931593 Colorize output of pwn template
• #16011601 Add pwn version command line tool
• #16051605 Add to fiddling.hexdump a way to suppress the total at the end
• #16131613 Permit --password for pwn template
• #16161616 Fix cyclic cli for 64 bit integers
• #15641564 Fix asm() and disasm() for PowerPC64, MIPS64, Sparc64
• #16211621 Permit negative values in flat() and fit()

4.2.1

• #16251625 GDB now properly loads executables with QEMU
• #1663[1663] Change lookup algorithm of adb.which
• #16991699 Fix broken linux shellcraft templates

4.2.0

• #14361436 Add ret2dlresolve automation
• fecf9f tubes.ssh.process() no longer requires python 2 installed on remote (still requires python, though)
• Miscellanous improvements to DynElf and fmtstr leaker (see examples/fmtstr/exploit2.py)
• #14541454 Support for windows console colors

... (truncated)

Commits

• 957a5a5 Release 4.3.1
• 2efb5a0 Merge branch 'issue-1427' into stable
• 442fede Auto-generated files
• 138188e Fix pwntools shellcraft SSTI vulnerability
• 5dfcb53 Apparently python 2 does not have lru_cache.
• 5db149a Release 4.3.0
• ddb5798 Merge branch 'stable' into beta
• f1624dc Release 4.2.2
• a824e83 Only require changelog if major changes present
• dff2e80 Fix udp socket server AttributeError (#1706)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.