profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/pyup-bot/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

agconti/cookiecutter-django-rest 1165

Build best practiced apis fast with Python3

ahawker/ulid 240

Universally Unique Lexicographically Sortable Identifier (ULID) in Python 3

ahawker/crython 198

Lightweight task scheduler using cron expressions

AceFire6/ordered-arrowverse 69

A listing of all shows in the Arrowverse in watch order to ensure continuity and sensible ordering for crossover episodes

abdesslem/CTF 50

Flask platform for Capture The Flag challenges

agconti/piedpiper-web 43

A sample scaffolded project from https://github.com/agconti/cookiecutter-django-rest

ahawker/scratchdir 18

Context manager to maintain your temporary directories/files.

adfinis-sygroup/timed-backend 17

Django API for the Timed application

actiniumio/allspark 8

Developer toolbox

adfinis-sygroup/document-merge-service 8

Merge Document Template Service

pull request commentpyupio/safety-db

Fix failing test, related to the introduced $meta

Thank you very much @yeisonvargasf, that's perfect 😄

SofyaTavrovskaya

comment created time in 5 days

issue commentpyupio/safety-db

Getting error as FAILED. Kindly help for the solution

@SofyaTavrovskaya thank you! your fix was merged, because of that I closed this issue.

hemantloni

comment created time in 5 days

issue closedpyupio/safety-db

Getting error as FAILED. Kindly help for the solution

FAIL: test_using_valid_specifier_sets_0000__meta (main.TestData)

Traceback (most recent call last): File "C:\Users\COMP\AppData\Local\Programs\Python\Python37\lib\site-packages\parameterized\parameterized.py", line 530, in standalone_func return func(*(a + p.args), **p.kwargs) File "D:\safety-db-master\tests.py", line 28, in test_using_valid_specifier_sets self.failUnless(specifier_set, msg=message) AssertionError: None is not true : Bad specifier for $meta: 'advisory'

====================================================================== FAIL: test_using_valid_specifier_sets_0001__meta (main.TestData)

Traceback (most recent call last): File "C:\Users\COMP\AppData\Local\Programs\Python\Python37\lib\site-packages\parameterized\parameterized.py", line 530, in standalone_func return func(*(a + p.args), **p.kwargs) File "D:\safety-db-master\tests.py", line 28, in test_using_valid_specifier_sets self.failUnless(specifier_set, msg=message) AssertionError: None is not true : Bad specifier for $meta: 'timestamp'


Ran 1903 tests in 7.515s

FAILED (failures=2)

closed time in 5 days

hemantloni

pull request commentpyupio/safety-db

Fix failing test, related to the introduced $meta

@SofyaTavrovskaya thanks for your PR, @pawamoy next version will be published on PyPi by the automatic deployment on July 1.

SofyaTavrovskaya

comment created time in 5 days

push eventpyupio/safety-db

stavrovska

commit sha 7ba251372528e0deda835e2e784e71c52e567736

Fix incorrect record for vulnerabilty CVE-2020-15118 in Wagtail package Fix CI tests after adding $meta in safety-db

view details

Yeison Vargas

commit sha 5599d8a7fe92500225072e5c2cb600b6d4c95773

Merge pull request #2325 from SofyaTavrovskaya/wagtail_incorrect Fix failing test, related to the introduced $meta

view details

push time in 6 days

pull request commentpyupio/safety-db

Fix failing test, related to the introduced $meta

@nicholasks any chance you could review this again? The Travis builds are still failing. Is there another maintainer I could maybe reach out to?

SofyaTavrovskaya

comment created time in 6 days

push eventpyupio/safety-db

pyup.io vuln bot

commit sha 3a42db6ac6b8e4e765cac56f7a674f01be416691

june update

view details

push time in 19 days

startedpyup-bot/faker

started time in 21 days

pull request commentpyupio/safety-db

Fix failing test, related to the introduced $meta

Hi maintainers, could you please merge this? This is preventing Travis builds from passing, resulting in no new releases on pypi since 8 months. Users installing safety-db with pip are therefore 8 months late regarding CVEs 😕

SofyaTavrovskaya

comment created time in 25 days

issue closedpyupio/safety-db

Automatic release each month

I'm using safety-db by actually installing the package using pip. The problem is that the monthly update seems to only push commits to master, not release a new version on pypi. Would it be possible to automate such releases on pypi each months?

closed time in 25 days

pawamoy

issue commentpyupio/safety-db

Automatic release each month

It's actually already the case, but tests are failing and therefore Travis does not publish the new releases. See #2324

pawamoy

comment created time in 25 days

issue closedpyupio/safety-db

Database false positive: Gunicorn request smuggling vulnerability

Hi,

Version 19.10 is being incorrectly flagged as insecure. How would I approach fixing this? I'm happy to patch the DB myself, but it looks like it is auto generated by a bot - so if I made the change, would the bot undo it from wherever it gets its sources from?

Discussed in both Airflow and Gunicorn, and confirmed that 19.10 was patched:

https://github.com/apache/airflow/issues/15570 https://github.com/benoitc/gunicorn/issues/2572

The CVE also states that 19.10.0 and 20.0.1 both have the fix:

https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-541164

Database: https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json#L8507

Id: pyup.io-40105

closed time in a month

CoburnJoe

issue commentpyupio/safety-db

Database false positive: Gunicorn request smuggling vulnerability

Yes, you are correct. Thanks for letting us know. We have updated our database. Note that this will not reflect in our free database until June 1st, 2021.

CoburnJoe

comment created time in a month

issue openedpyupio/safety-db

Automatic release each month

I'm using safety-db by actually installing the package using pip. The problem is that the monthly update seems to only push commits to master, not release a new version on pypi. Would it be possible to automate such releases on pypi each months?

created time in a month

push eventpyupio/safety-db

pyup.io vuln bot

commit sha 0316ba5f00a364429f75c552e3516e12ee315a8b

may update

view details

push time in 2 months

push eventpyupio/safety-db

pyup.io vuln bot

commit sha cb48c2c42f00f6531d4a5d16f316d90b8a0e7a04

may update

view details

push time in 2 months

issue openedpyupio/safety-db

Database false positive: Gunicorn request smuggling vulnerability

Hi,

Version 19.10 is being incorrectly flagged as insecure. How would I approach fixing this? I'm happy to patch the DB myself, but it looks like it is auto generated by a bot - so if I made the change, would the bot undo it from wherever it gets its sources from?

Discussed in both Airflow and Gunicorn, and confirmed that 19.10 was patched:

https://github.com/apache/airflow/issues/15570 https://github.com/benoitc/gunicorn/issues/2572

The CVE also states that 19.10.0 and 20.0.1 both have the fix:

https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-541164

Database: https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json#L8507

Id: pyup.io-40105

created time in 2 months

PR closed pyupio/safety-db

add CVE-2021-25290

Signed-off-by: Christoph Görn goern@redhat.com

+12 -2

1 comment

2 changed files

goern

pr closed time in 2 months

pull request commentpyupio/safety-db

add CVE-2021-25290

CVE-2021-25290 has now been added for Pillow by means of our usual vulnerability advisory review process.

goern

comment created time in 2 months

PR opened pyupio/safety-db

add CVE-2021-25290

Signed-off-by: Christoph Görn goern@redhat.com

+12 -2

0 comment

2 changed files

pr created time in 2 months

push eventpyupio/safety-db

pyup.io vuln bot

commit sha 66e8591c372780f1cec263ade415140bbbf8dcbe

april update

view details

push time in 3 months

push eventpyupio/safety-db

pyup.io vuln bot

commit sha b506a31f25d23887934e1d765807902886023afa

april update

view details

push time in 3 months

issue closedpyupio/safety-db

Correction to pip package for pyup.io-39620 for CVE-2021-23338

Unsure if this is the best place to report this, but I was looking at CVE-2021-23338 and noticed from the included exploit link https://github.com/418sec/huntr/pull/1329 that it is a vulnerability for microsoft/qlib and that the corresponding pip package for that appears to be pyqlib rather than qlib

closed time in 3 months

westonsteimel

issue commentpyupio/safety-db

Correction to pip package for pyup.io-39620 for CVE-2021-23338

Thanks for your message, Weston.

We were unable to find a source that confirms that qlib is not vulnerable, so until then, we have marked both qlib and pyqlib as vulnerable. The latter has been assigned pyup.io-40060.

westonsteimel

comment created time in 3 months

issue closedpyupio/safety-db

lambda-warmer-py warning references a nonexistent version

lambda-warmer-py is marked as insecure before version 1.2.0, but it's only at version 0.6.

Was the name reused, or is this just a mistake?

closed time in 3 months

jeffcasavant

issue commentpyupio/safety-db

lambda-warmer-py warning references a nonexistent version

You are right. We had it associated with https://github.com/jeremydaly/lambda-warmer by accident. Thanks for the note.

Note that users who use our free software will not see this correction until April 1st, 2021.

jeffcasavant

comment created time in 3 months

issue commentpyupio/safety-db

JSON files not found on import

You're right! Would be nice if safety itself could detect it, or have an option to enable detection.

ajw-aws

comment created time in 3 months

issue commentpyupio/safety-db

JSON files not found on import

The files are included, they just aren't referenced properly. I installed safety-db into a virtualenv and the files are at:

./venv/lib/python3.6/site-packages/safety_db/insecure_full.json.

The code expects them in a data directly below your current working directory.

ajw-aws

comment created time in 3 months

issue openedpyupio/safety-db

lambda-warmer-py warning references a nonexistent version

lambda-warmer-py is marked as insecure before version 1.2.0, but lambda-warmer-py is only at version 0.6.

Was the name reused, or is this just a mistake?

created time in 3 months