Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

py3-pydantic-core/2.18.4 package update #21198

Merged
merged 3 commits into from
Jun 11, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jun 3, 2024

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Jun 3, 2024
Signed-off-by: mauricio-dc-chainguard <156850521+mauricio-dc-chainguard@users.noreply.github.com>
@mauricio-dc-chainguard mauricio-dc-chainguard self-assigned this Jun 7, 2024
Signed-off-by: mauricio-dc-chainguard <mauricio.diazcernas@chainguard.dev>
Copy link
Contributor

Package py3-pydantic-core: Click to expand/collapse

Package py3-pydantic-core:

.PKGINFO metadata:

  (
  	"""
- 	# Generated by melange v0.16.14
+ 	# Generated by melange
  	pkgname = py3-pydantic-core
- 	pkgver = 2.18.3-r0
+ 	pkgver = 2.18.4-r0
  	arch = x86_64
- 	size = 4959136
+ 	size = 22299
  	origin = py3-pydantic-core
  	pkgdesc = 
  	url = 
- 	commit = b76c7057020abdb67fcaad7b3b03e20fc25e3b95
- 	builddate = 1716921695
+ 	commit = ad368f95d26757a9a0ba58cfd55947593bba6ef8
  	license = MIT
  	depend = py3-typing-extensions
  	depend = python3
- 	depend = so:ld-linux-x86-64.so.2
- 	depend = so:libc.so.6
- 	depend = so:libgcc_s.so.1
- 	depend = so:libm.so.6
- 	datahash = a25a35d15af3e29a700c5b8e27ca5583d4e9996952d7ae547e992cc1ce2da917
+ 	datahash = 623e33c4aa2a09c57285dfc884392c46b876bd8fd9a533d0d5d1c76df98001fd
  	"""
  )

Deleted: /usr/lib/python3.12/site-packages/pydantic_core/init.py
Deleted: /usr/lib/python3.12/site-packages/pydantic_core/_pydantic_core.cpython-312-x86_64-linux-gnu.so
Deleted: /usr/lib/python3.12/site-packages/pydantic_core/_pydantic_core.pyi
Deleted: /usr/lib/python3.12/site-packages/pydantic_core/core_schema.py
Deleted: /usr/lib/python3.12/site-packages/pydantic_core/py.typed
Deleted: /usr/lib/python3.12/site-packages/pydantic_core-2.18.3.dist-info/METADATA
Deleted: /usr/lib/python3.12/site-packages/pydantic_core-2.18.3.dist-info/RECORD
Deleted: /usr/lib/python3.12/site-packages/pydantic_core-2.18.3.dist-info/WHEEL
Deleted: /usr/lib/python3.12/site-packages/pydantic_core-2.18.3.dist-info/license_files/LICENSE

bincapz found differences: Click to expand/collapse

Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/init.py [⚠️ MEDIUM]

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM evasion/lib_alias aliases core python library to an alternate name from typing import Any as _Any
from typing import NotRequired as _NotRequired
from typing import TypedDict as _TypedDict
-LOW ref/words/password references a 'password' password

Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/_pydantic_core.cpython-312-x86_64-linux-gnu.so [⚠️ MEDIUM]

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM combo/recon/system_network invasive recon val ip_addr
-MEDIUM procfs/self/exe gets executable associated to this process /proc/self/exe
-MEDIUM ref/path/dev path reference within /dev /dev/random
/dev/uraH
/dev/urandomInvalid
/dev/urandomfailed
-LOW dylib/iterate iterate over list of shared objects dl_iterate_phdr
-LOW encoding/base64 Supports base64 encoded strings base64
-LOW fs/link/read read value of a symbolic link readlink
-LOW fs/symlink/resolve resolves symbolic links realpath
-LOW process/thread_local_storage Uses glibc thread local storage __tls_get_addr
-LOW ref/path/hidden possible hidden file path /home/build/.cargo
/usr/lib/debug/.build-id
-LOW ref/site/url contains embedded HTTPS URLs https://docs.rs/getrandom
https://errors.pydantic.dev//v/
https://github.com/PyO3/pyo3/issues/576uncaught
-LOW ref/words/password references a 'password' in username or password

Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/_pydantic_core.pyi [✅ LOW]

RISK KEY DESCRIPTION EVIDENCE
-LOW encoding/base64 Supports base64 encoded strings base64
-LOW encoding/json/decode Decodes JSON messages json.loads
-LOW ref/site/url contains embedded HTTPS URLs https://doc.rust-lang.org/std/option/enum.Option.html
https://docs.rs/url/latest/url/
-LOW ref/words/password references a 'password' The password part of the URL
def password
or omit for no password
-LOW time/tzinfo Uses timezone information tzinfo

Deleted: py3-pydantic-core/usr/lib/python3.12/site-packages/pydantic_core/core_schema.py [⚠️ MEDIUM]

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM evasion/lib_alias aliases core python library to an alternate name from future import annotations as _annotations
-MEDIUM ref/words/ddos References DDoS DDoS
-LOW encoding/base64 Supports base64 encoded strings base64
-LOW ref/site/url contains embedded HTTPS URLs https://docs.python.org/3/library/re.html
https://docs.rs/regex
https://example.com/
python/mypy#14034
-LOW time/tzinfo Uses timezone information tzinfo

@debasishbsws debasishbsws merged commit 0513797 into main Jun 11, 2024
8 checks passed
@debasishbsws debasishbsws deleted the wolfictl-bfff7fd8-3830-461f-9daa-a58ae37069de branch June 11, 2024 05:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
automated pr request-version-update request for a newer version of a package
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants