-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
py3-pipenv/2024.0.0 package update #21539
Conversation
octo-sts
bot
commented
Jun 7, 2024
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
Package py3-pipenv: Click to expand/collapsePackage py3-pipenv:
Added: /usr/lib/python3.12/site-packages/pipenv/routines/pycache/sync.cpython-312.pyc bincapz found differences: Click to expand/collapseDeleted: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pipdeptree/_non_host.py [
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | exec/program | execute external program | subprocess |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/init.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/pypa/packaging |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_manylinux.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | process/name/get | get the current process name | process_name |
+MEDIUM | ref/site/download | http dropper url | https://github.com/python/cpython/blob/fcf1d003bf4f0100c/Lib/platform.py |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/python/cpython/blob/fcf1d003bf4f0100c/Lib/platform.py https://sourceware.org/bugzilla/show_bug.cgi?id=24636 https://static.docs.arm.com/ihi0044/g/aaelf32.pdf |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/_async_w_await.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | evasion/lib_alias | aliases core python library to an alternate name | from sys import version_info as py_version_info |
+LOW | fd/write | writes to a file handle | _before.write(s) _buffer.write(s) |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_parser.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(python |
+LOW | fd/read | reads from a file handle | Op(tokenizer.read() append(tokenizer.read() process_env_var(tokenizer.read() process_python_str(tokenizer.read() |
+LOW | ref/site/url | contains embedded HTTPS URLs | python/mypy#731 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/metadata.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | net/download | download files | core-metadata-download-url download_url |
+MEDIUM | process/name/get | get the current process name | process_name |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_musllinux.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/program | execute external program | subprocess.PIPE, text subprocess.run([ld], stderr |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/importlib_metadata/init.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | encoding/json/decode | Decodes JSON messages | json.loads |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://packaging.python.org/en/latest/specifications/core-metadata/ https://packaging.python.org/en/latest/specifications/entry-points/ https://packaging.python.org/en/latest/specifications/recording-installed https://packaging.python.org/specifications/entry-points/ |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/zipp/init.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | archives/zip | Works with zip files | zip files |
+LOW | fd/read | reads from a file handle | strm.read() |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/specifiers.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | python/mypy#13475 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/routines/sync.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/shell_command | execute a shell command | system |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/socket_pexpect.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | fd/write | writes to a file handle | self.write(s) |
+LOW | net/socket/receive | receive a message to a socket | recv socket |
+LOW | net/socket/send | send a message to a socket | send socket |
+LOW | ref/site/url | contains embedded HTTP URLs | http://opensource.org/licenses/isc-license.txt |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/markers.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | kernel/platform | system platform identification | sys.platform |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://peps.python.org/pep-0685/ |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_elffile.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca https://refspecs.linuxfoundation.org/elf/gabi4 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/_async_pre_await.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | fd/write | writes to a file handle | _before.write(s) _buffer.write(s) |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/tags.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/program | execute external program | subprocess.PIPE, subprocess.run( |
+LOW | ref/site/url | contains embedded HTTPS URLs | pypa/pip#3383 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pipdeptree/_adapter.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | encoding/json/decode | Decodes JSON messages | JSONDecode |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_tokenizer.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/shell_command | execute a shell command | system |
+LOW | fd/read | reads from a file handle | self.read() |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/importlib_metadata/_functools.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTP URLs | http://code.activestate.com/recipes/577452-a-memoize-decorator-for-insta |
Changed: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/patched/pip/_internal/utils/setuptools_build.py
superseded by #21767 |