-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
py3-pipenv/2024.0.1 package update #21767
Conversation
octo-sts
bot
commented
Jun 11, 2024
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
Package py3-pipenv: Click to expand/collapsePackage py3-pipenv:
Added: /usr/lib/python3.12/site-packages/pipenv/routines/pycache/sync.cpython-312.pyc bincapz found differences: Click to expand/collapseDeleted: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pipdeptree/_non_host.py [
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | exec/program | execute external program | subprocess |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_elffile.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca https://refspecs.linuxfoundation.org/elf/gabi4 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/importlib_metadata/_functools.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTP URLs | http://code.activestate.com/recipes/577452-a-memoize-decorator-for-insta |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/init.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/pypa/packaging |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/_async_pre_await.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | fd/write | writes to a file handle | _before.write(s) _buffer.write(s) |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/specifiers.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | python/mypy#13475 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/socket_pexpect.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | fd/write | writes to a file handle | self.write(s) |
+LOW | net/socket/receive | receive a message to a socket | recv socket |
+LOW | net/socket/send | send a message to a socket | send socket |
+LOW | ref/site/url | contains embedded HTTP URLs | http://opensource.org/licenses/isc-license.txt |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_manylinux.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | process/name/get | get the current process name | process_name |
+MEDIUM | ref/site/download | http dropper url | https://github.com/python/cpython/blob/fcf1d003bf4f0100c/Lib/platform.py |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/python/cpython/blob/fcf1d003bf4f0100c/Lib/platform.py https://sourceware.org/bugzilla/show_bug.cgi?id=24636 https://static.docs.arm.com/ihi0044/g/aaelf32.pdf |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/metadata.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | net/download | download files | core-metadata-download-url download_url |
+MEDIUM | process/name/get | get the current process name | process_name |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/markers.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | kernel/platform | system platform identification | sys.platform |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://peps.python.org/pep-0685/ |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_tokenizer.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/shell_command | execute a shell command | system |
+LOW | fd/read | reads from a file handle | self.read() |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_musllinux.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/program | execute external program | subprocess.PIPE, text subprocess.run([ld], stderr |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pipdeptree/_adapter.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | encoding/json/decode | Decodes JSON messages | JSONDecode |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/routines/sync.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/shell_command | execute a shell command | system |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/tags.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/program | execute external program | subprocess.PIPE, subprocess.run( |
+LOW | ref/site/url | contains embedded HTTPS URLs | pypa/pip#3383 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/_async_w_await.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | evasion/lib_alias | aliases core python library to an alternate name | from sys import version_info as py_version_info |
+LOW | fd/write | writes to a file handle | _before.write(s) _buffer.write(s) |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/zipp/init.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | archives/zip | Works with zip files | zip files |
+LOW | fd/read | reads from a file handle | strm.read() |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_parser.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(python |
+LOW | fd/read | reads from a file handle | Op(tokenizer.read() append(tokenizer.read() process_env_var(tokenizer.read() process_python_str(tokenizer.read() |
+LOW | ref/site/url | contains embedded HTTPS URLs | python/mypy#731 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/importlib_metadata/init.py [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | encoding/json/decode | Decodes JSON messages | json.loads |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://packaging.python.org/en/latest/specifications/core-metadata/ https://packaging.python.org/en/latest/specifications/entry-points/ https://packaging.python.org/en/latest/specifications/recording-installed https://packaging.python.org/specifications/entry-points/ |