-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 [BUG] - safety check
reports 4 vulnerabilities
#352
Comments
$ pip install pipdeptree
$ pipdeptree | grep -i gitpython -B 3
bandit==1.7.5
├── GitPython [required: >=1.0.1, installed: 3.1.31] So
Mostly by backends like Cloud Monitoring, Datadog, ElasticSearch, and also by
Run $ make install
[...]
Downloading GitPython-3.1.37-py3-none-any.whl (190 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 190.0/190.0 kB 9.8 MB/s eta 0:00:00
Building wheels for collected packages: slo-generator
Building editable for slo-generator (pyproject.toml) ... done
Created wheel for slo-generator: filename=slo_generator-2.4.0-0.editable-py2.py3-none-any.whl size=11498 sha256=71a4d4b61fe4fcfde73123f988aea7bf1776a89456781ce7489436e1556985f0
Stored in directory: /tmp/pip-ephem-wheel-cache-ublt7juf/wheels/cb/fa/70/8459fdf9ec77e5fc583a34349d29f2124c29ebe1389648c385
Successfully built slo-generator
Installing collected packages: slo-generator, GitPython
Attempting uninstall: slo-generator
Found existing installation: slo-generator 2.4.0
Uninstalling slo-generator-2.4.0:
Successfully uninstalled slo-generator-2.4.0
Attempting uninstall: GitPython
Found existing installation: GitPython 3.1.31
Uninstalling GitPython-3.1.31:
Successfully uninstalled GitPython-3.1.31
Successfully installed GitPython-3.1.37 slo-generator-2.4.0
$ safety check
+====================================================================================================================================+
/$$$$$$ /$$
/$$__ $$ | $$
/$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$
/$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$
| $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$
\____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$
/$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$
|_______/ \_______/|__/ \_______/ \___/ \____ $$
/$$ | $$
| $$$$$$/
by pyup.io \______/
+====================================================================================================================================+
REPORT
Safety is using PyUp's free open-source vulnerability database. This data is 30 days old and limited.
For real-time enhanced vulnerability data, fix recommendations, severity reporting, cybersecurity support, team and project
policy management and more sign up at https://pyup.io or email sales@pyup.io
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /home/user/workspace/github/google/slo-generator/venv3.9/lib/python3.9/site-packages
Using non-commercial database
Found and scanned 125 packages
Timestamp 2023-10-06 12:20:01
1 vulnerability found
0 vulnerabilities ignored
+====================================================================================================================================+
VULNERABILITIES FOUND
+====================================================================================================================================+
-> Vulnerability found in certifi version 2023.5.7
Vulnerability ID: 59956
Affected spec: >=2015.04.28,<2023.07.22
ADVISORY: Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra"
root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in...
CVE-2023-37920
For more information, please visit https://pyup.io/v/59956/f17
Scan was completed. 1 vulnerability was found.
+====================================================================================================================================+
REMEDIATIONS
1 vulnerability was found in 1 package. For detailed remediation & fix recommendations, upgrade to a commercial license.
+====================================================================================================================================+
Safety is using PyUp's free open-source vulnerability database. This data is 30 days old and limited.
For real-time enhanced vulnerability data, fix recommendations, severity reporting, cybersecurity support, team and project
policy management and more sign up at https://pyup.io or email sales@pyup.io
+====================================================================================================================================+ Let's fix
Then $ make install
Downloading certifi-2023.7.22-py3-none-any.whl (158 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 158.3/158.3 kB 9.1 MB/s eta 0:00:00
Building wheels for collected packages: slo-generator
Building editable for slo-generator (pyproject.toml) ... done
Created wheel for slo-generator: filename=slo_generator-2.4.0-0.editable-py2.py3-none-any.whl size=11513 sha256=b8248333e3597e7ef6faf74b4d0b79b354db724135ae8072077d69e0aa4b3381
Stored in directory: /tmp/pip-ephem-wheel-cache-16wvmu18/wheels/cb/fa/70/8459fdf9ec77e5fc583a34349d29f2124c29ebe1389648c385
Successfully built slo-generator
Installing collected packages: certifi, slo-generator
Attempting uninstall: certifi
Found existing installation: certifi 2023.5.7
Uninstalling certifi-2023.5.7:
Successfully uninstalled certifi-2023.5.7
Attempting uninstall: slo-generator
Found existing installation: slo-generator 2.4.0
Uninstalling slo-generator-2.4.0:
Successfully uninstalled slo-generator-2.4.0
Successfully installed certifi-2023.7.22 slo-generator-2.4.0
$ safety check
+====================================================================================================================================+
/$$$$$$ /$$
/$$__ $$ | $$
/$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$
/$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$
| $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$
\____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$
/$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$
|_______/ \_______/|__/ \_______/ \___/ \____ $$
/$$ | $$
| $$$$$$/
by pyup.io \______/
+====================================================================================================================================+
REPORT
Safety is using PyUp's free open-source vulnerability database. This data is 30 days old and limited.
For real-time enhanced vulnerability data, fix recommendations, severity reporting, cybersecurity support, team and project
policy management and more sign up at https://pyup.io or email sales@pyup.io
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /home/user/workspace/github/google/slo-generator/venv3.9/lib/python3.9/site-packages
Using non-commercial database
Found and scanned 125 packages
Timestamp 2023-10-06 12:30:04
0 vulnerabilities found
0 vulnerabilities ignored
+====================================================================================================================================+
No known security vulnerabilities found.
+====================================================================================================================================+
Safety is using PyUp's free open-source vulnerability database. This data is 30 days old and limited.
For real-time enhanced vulnerability data, fix recommendations, severity reporting, cybersecurity support, team and project
policy management and more sign up at https://pyup.io or email sales@pyup.io
+====================================================================================================================================+ |
SLO Generator Version
v2.4.0
Python Version
3.9
What happened?
safety check
reports 4 vulnerabilities at the last stage ofmake lint
.What did you expect?
No vulnerabilities found.
Screenshots
![DESCRIPTION](LINK.png)
Relevant log output
Code of Conduct
The text was updated successfully, but these errors were encountered: