-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
py3-pydantic-core/2.18.4 package update #21198
py3-pydantic-core/2.18.4 package update #21198
Conversation
octo-sts
bot
commented
Jun 3, 2024
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
Signed-off-by: mauricio-dc-chainguard <156850521+mauricio-dc-chainguard@users.noreply.github.com>
Signed-off-by: mauricio-dc-chainguard <mauricio.diazcernas@chainguard.dev>
Package py3-pydantic-core: Click to expand/collapsePackage py3-pydantic-core:
Deleted: /usr/lib/python3.12/site-packages/pydantic_core/init.py bincapz found differences: Click to expand/collapseDeleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/init.py [
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | evasion/lib_alias | aliases core python library to an alternate name | from typing import Any as _Any from typing import NotRequired as _NotRequired from typing import TypedDict as _TypedDict |
-LOW | ref/words/password | references a 'password' | password |
Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/_pydantic_core.cpython-312-x86_64-linux-gnu.so [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | combo/recon/system_network | invasive recon val | ip_addr |
-MEDIUM | procfs/self/exe | gets executable associated to this process | /proc/self/exe |
-MEDIUM | ref/path/dev | path reference within /dev | /dev/random /dev/uraH /dev/urandomInvalid /dev/urandomfailed |
-LOW | dylib/iterate | iterate over list of shared objects | dl_iterate_phdr |
-LOW | encoding/base64 | Supports base64 encoded strings | base64 |
-LOW | fs/link/read | read value of a symbolic link | readlink |
-LOW | fs/symlink/resolve | resolves symbolic links | realpath |
-LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
-LOW | ref/path/hidden | possible hidden file path | /home/build/.cargo /usr/lib/debug/.build-id |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.rs/getrandom https://errors.pydantic.dev//v/ https://github.com/PyO3/pyo3/issues/576uncaught |
-LOW | ref/words/password | references a 'password' | in username or password |
Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/_pydantic_core.pyi [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | encoding/base64 | Supports base64 encoded strings | base64 |
-LOW | encoding/json/decode | Decodes JSON messages | json.loads |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://doc.rust-lang.org/std/option/enum.Option.html https://docs.rs/url/latest/url/ |
-LOW | ref/words/password | references a 'password' | The password part of the URL def password or omit for no password |
-LOW | time/tzinfo | Uses timezone information | tzinfo |
Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/core_schema.py [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | evasion/lib_alias | aliases core python library to an alternate name | from future import annotations as _annotations |
-MEDIUM | ref/words/ddos | References DDoS | DDoS |
-LOW | encoding/base64 | Supports base64 encoded strings | base64 |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.python.org/3/library/re.html https://docs.rs/regex https://example.com/ python/mypy#14034 |
-LOW | time/tzinfo | Uses timezone information | tzinfo |