py3-pipenv/2024.0.0 package update #21539
Conversation
![octo-sts[bot]](https://avatars.githubusercontent.com/in/801323?s=60&v=4){kind=small}
octo-sts
bot
commented
Jun 7, 2024
octo-sts
bot
commented
Signed-off-by: wolfi-bot <[email protected]>
octo-sts
bot
added
request-version-update
Package py3-pipenv: Click to expand/collapsePackage py3-pipenv:
Added: /usr/lib/python3.12/site-packages/pipenv/routines/pycache/sync.cpython-312.pyc bincapz found differences: Click to expand/collapseDeleted: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pipdeptree/_non_host.py [
|
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | exec/program | execute external program | subprocess |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/init.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/pypa/packaging |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_manylinux.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | process/name/get | get the current process name | process_name |
| +MEDIUM | ref/site/download | http dropper url | https://github.com/python/cpython/blob/fcf1d003bf4f0100c/Lib/platform.py |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/python/cpython/blob/fcf1d003bf4f0100c/Lib/platform.py https://sourceware.org/bugzilla/show_bug.cgi?id=24636 https://static.docs.arm.com/ihi0044/g/aaelf32.pdf |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/_async_w_await.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | evasion/lib_alias | aliases core python library to an alternate name | from sys import version_info as py_version_info |
| +LOW | fd/write | writes to a file handle | _before.write(s) _buffer.write(s) |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_parser.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(python |
| +LOW | fd/read | reads from a file handle | Op(tokenizer.read() append(tokenizer.read() process_env_var(tokenizer.read() process_python_str(tokenizer.read() |
| +LOW | ref/site/url | contains embedded HTTPS URLs | python/mypy#731 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/metadata.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/download | download files | core-metadata-download-url download_url |
| +MEDIUM | process/name/get | get the current process name | process_name |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_musllinux.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | exec/program | execute external program | subprocess.PIPE, text subprocess.run([ld], stderr |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/importlib_metadata/init.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | encoding/json/decode | Decodes JSON messages | json.loads |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://packaging.python.org/en/latest/specifications/core-metadata/ https://packaging.python.org/en/latest/specifications/entry-points/ https://packaging.python.org/en/latest/specifications/recording-installed https://packaging.python.org/specifications/entry-points/ |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/zipp/init.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | archives/zip | Works with zip files | zip files |
| +LOW | fd/read | reads from a file handle | strm.read() |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/specifiers.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | python/mypy#13475 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/routines/sync.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | exec/shell_command | execute a shell command | system |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/socket_pexpect.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | fd/write | writes to a file handle | self.write(s) |
| +LOW | net/socket/receive | receive a message to a socket | recv socket |
| +LOW | net/socket/send | send a message to a socket | send socket |
| +LOW | ref/site/url | contains embedded HTTP URLs | http://opensource.org/licenses/isc-license.txt |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/markers.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | kernel/platform | system platform identification | sys.platform |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://peps.python.org/pep-0685/ |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_elffile.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca https://refspecs.linuxfoundation.org/elf/gabi4 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pexpect/_async_pre_await.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | fd/write | writes to a file handle | _before.write(s) _buffer.write(s) |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/tags.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | exec/program | execute external program | subprocess.PIPE, subprocess.run( |
| +LOW | ref/site/url | contains embedded HTTPS URLs | pypa/pip#3383 |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/pipdeptree/_adapter.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | encoding/json/decode | Decodes JSON messages | JSONDecode |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/packaging/_tokenizer.py [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | exec/shell_command | execute a shell command | system |
| +LOW | fd/read | reads from a file handle | self.read() |
Added: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/vendor/importlib_metadata/_functools.py [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTP URLs | http://code.activestate.com/recipes/577452-a-memoize-decorator-for-insta |
Changed: py3-pipenv/usr/lib/python3.12/site-packages/pipenv/patched/pip/_internal/utils/setuptools_build.py
|
superseded by #21767 |
