From bd94703c0e26c69d9ba6336e0b3bc75dae6f0fd7 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 9 Nov 2023 15:26:30 +0000 Subject: [PATCH 1/8] Create techstack.yml --- techstack.yml | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 346 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..b102a1a --- /dev/null +++ b/techstack.yml @@ -0,0 +1,346 @@ +repo_name: GamePad64/sparklehub-cli +report_id: a8cc37a708453a99fb681ab0fb8c07d7 +repo_type: Public +timestamp: '2023-11-09T15:26:27+00:00' +requested_by: GamePad64 +provider: github +branch: master +detected_tools_count: 19 +tools: +- name: Python + description: A clear and powerful object-oriented programming language, comparable + to Perl, Ruby, Scheme, or Java. + website_url: https://www.python.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source: Repo Metadata +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source: Repo Metadata +- name: GitHub Actions + description: Automate your workflow from idea to production + website_url: https://github.com/features/actions + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/11563/actions.png + detection_source: ".github/workflows/pythonpackage.yml" + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: PyPI + description: A repository of software for the Python programming language + website_url: https://pypi.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Hosted Package Repository + image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: black + description: The uncompromising code formatter + package_url: https://pypi.org/black + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20099/default_029b9bbfb6be2cd34bebeda5b8e1e80a1d22441c.png + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: certifi + description: Python package for providing Mozilla's CA Bundle + package_url: https://pypi.org/certifi + version: 2020.4.5 + license: MPL-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19849/default_75c38a39b9f0062814489e2ec2cbfca0ca15d9ba.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z + vulnerabilities: + - name: Removal of e-Tugra root certificate + cve_id: CVE-2023-37920 + cve_url: https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 + detected_date: Jul 26 + severity: high + first_patched: 2023.7.22 + - name: Certifi removing TrustCor root certificate + cve_id: CVE-2022-23491 + cve_url: https://github.com/advisories/GHSA-43fp-rhv2-5gv8 + detected_date: Dec 8 + severity: moderate + first_patched: 2022.12.07 +- name: click + description: Composable command line interface toolkit + package_url: https://pypi.org/click + version: 7.1.2 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19830/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: colorama + description: Cross-platform colored terminal text + package_url: https://pypi.org/colorama + version: 0.4.3 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19845/default_accee5d2b8ed75c2245f13504daf75b1cbc8cc9f.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: cryptography + description: Cryptography is a package which provides cryptographic recipes and + primitives to Python developers + package_url: https://pypi.org/cryptography + version: 2.9.2 + license: BSD-3-Clause,Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19850/default_db2ab2702f70e20c272f6ce65251108fb2b8f1ea.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z + vulnerabilities: + - name: Vulnerable OpenSSL included in cryptography wheels + cve_id: CVE-2023-0286 + cve_url: https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 + detected_date: Feb 9 + severity: high + first_patched: 39.0.1 + - name: RSA decryption vulnerable to Bleichenbacher timing vulnerability + cve_id: CVE-2020-25659 + cve_url: https://github.com/advisories/GHSA-hggm-jpg3-v476 + detected_date: Aug 22 + severity: moderate + first_patched: '3.2' + - name: Cipher.update_into can corrupt memory if passed an immutable python object + as the outbuf + cve_id: CVE-2023-23931 + cve_url: https://github.com/advisories/GHSA-w7pp-m8wf-vj6r + detected_date: Feb 8 + severity: moderate + first_patched: 39.0.1 + - name: Vulnerable OpenSSL included in cryptography wheels + cve_id: + cve_url: https://github.com/advisories/GHSA-5cpq-8wj7-hf2v + detected_date: Jun 3 + severity: low + first_patched: 41.0.0 + - name: pyca/cryptography's wheels include vulnerable OpenSSL + cve_id: + cve_url: https://github.com/advisories/GHSA-jm77-qphf-c4w8 + detected_date: Aug 2 + severity: low + first_patched: 41.0.3 + - name: Vulnerable OpenSSL included in cryptography wheels + cve_id: + cve_url: https://github.com/advisories/GHSA-v8gr-m533-ghj9 + detected_date: Sep 22 + severity: low + first_patched: 41.0.4 +- name: flake8 + description: 'The modular source code checker: pep8, pyflakes and co' + package_url: https://pypi.org/flake8 + version: 3.8.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19920/default_c8be5290cb8d8a8b578535a2c6475d1057ff4ea4.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: dependabot-preview[bot] + last_updated_on: 2020-05-25 02:43:41.000000000 Z +- name: httpx + description: The next generation HTTP client + package_url: https://pypi.org/httpx + version: 0.13.3 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20315/default_5f4e928dbcb1c4db4050881fc2e0229785fc931c.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: dependabot-preview[bot] + last_updated_on: 2020-06-01 02:45:00.000000000 Z + vulnerabilities: + - name: Improper Input Validation in httpx + cve_id: CVE-2021-41945 + cve_url: https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 + detected_date: Apr 30 + severity: critical + first_patched: 0.23.0 +- name: ipython + description: 'IPython: Productive Interactive Computing' + package_url: https://pypi.org/ipython + version: 7.15.0 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19892/default_f716e4bc541a9eb6e3f5b7a20d7c35355075b0b4.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: dependabot-preview[bot] + last_updated_on: 2020-06-01 08:33:39.000000000 Z + vulnerabilities: + - name: Execution with Unnecessary Privileges in ipython + cve_id: CVE-2022-21699 + cve_url: https://github.com/advisories/GHSA-pq7m-3gw7-gq5x + detected_date: Jan 22 + severity: high + first_patched: 7.16.3 +- name: isort + description: A Python utility / library to sort Python imports + package_url: https://pypi.org/isort + version: 4.3.21 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20117/default_9cf91bfbbfb266fc12a914cdc09d9e4b55c773bb.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-13 16:01:40.000000000 Z +- name: pre-commit + description: A framework for managing and maintaining multi-language pre-commit + hooks + package_url: https://pypi.org/pre-commit + version: 2.1.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20560/default_d975dcf643a054134f39226d51d4a5fea9320efe.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-13 16:01:40.000000000 Z +- name: pytest + description: 'Pytest: simple powerful testing with Python' + package_url: https://pypi.org/pytest + version: 5.4.3 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19843/default_4604ff5dcb7f4d9c7b3833591c2142493951b19c.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: dependabot[bot] + last_updated_on: 2020-06-02 17:49:52.000000000 Z +- name: python-dateutil + description: Extensions to the standard Python datetime module + package_url: https://pypi.org/python-dateutil + version: 2.8.1 + license: NRL + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19833/default_58dbe7b4d7ec447b62773209af0f9a31bbabf5bd.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: dependabot-preview[bot] + last_updated_on: 2020-06-01 08:33:39.000000000 Z +- name: six + description: Python 2 and 3 compatibility utilities + package_url: https://pypi.org/six + version: 1.15.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19827/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: tqdm + description: Fast, Extensible Progress Meter + package_url: https://pypi.org/tqdm + version: 4.46.0 + license: MPL-2.0,MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19846/default_accee5d2b8ed75c2245f13504daf75b1cbc8cc9f.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z +- name: urllib3 + description: HTTP library with thread-safe connection pooling + package_url: https://pypi.org/urllib3 + version: 1.25.9 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19842/default_4604ff5dcb7f4d9c7b3833591c2142493951b19c.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: Alexander Shishenko + last_updated_on: 2020-05-04 22:59:52.000000000 Z + vulnerabilities: + - name: Catastrophic backtracking in URL authority parser when passed URL containing + many @ characters + cve_id: CVE-2021-33503 + cve_url: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg + detected_date: Aug 22 + severity: high + first_patched: 1.26.5 + - name: urllib3's request body not stripped after redirect from 303 status changes + request method to GET + cve_id: CVE-2023-45803 + cve_url: https://github.com/advisories/GHSA-g4mx-q9vg-27p4 + detected_date: Oct 18 + severity: moderate + first_patched: 1.26.18 + - name: "`Cookie` HTTP header isn't stripped on cross-origin redirects" + cve_id: CVE-2023-43804 + cve_url: https://github.com/advisories/GHSA-v845-jxx5-vc9f + detected_date: Oct 3 + severity: moderate + first_patched: 1.26.17 From 69c86ec1322e4a98244c4437d1734303f59f66d7 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 9 Nov 2023 15:26:32 +0000 Subject: [PATCH 2/8] Create techstack.md --- techstack.md | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..33242fe --- /dev/null +++ b/techstack.md @@ -0,0 +1,97 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [GamePad64/sparklehub-cli](https://github.com/GamePad64/sparklehub-cli)![](https://img.stackshare.io/public_badge.svg "public") +

+|19
Tools used|11/09/23
Report generated| +|------|------| +
+ +## Languages (1) + + + + +
+ Python +
+ Python +
+ +
+ +## DevOps (3) + + + + + + + + +
+ Git +
+ Git +
+ +		 + GitHub Actions +
+ GitHub Actions +
+ +		 + PyPI +
+ PyPI +
+ +
+ + +## Open source packages (15) + +## PyPI (15) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[black](https://pypi.org/black)|N/A|05/04/20|Alexander Shishenko |MIT|N/A| +|[certifi](https://pypi.org/certifi)|v2020.4.5|05/04/20|Alexander Shishenko |MPL-2.0|[CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7) (High)
[CVE-2022-23491](https://github.com/advisories/GHSA-43fp-rhv2-5gv8) (Moderate)| +|[click](https://pypi.org/click)|v7.1.2|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| +|[colorama](https://pypi.org/colorama)|v0.4.3|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| +|[cryptography](https://pypi.org/cryptography)|v2.9.2|05/04/20|Alexander Shishenko |BSD-3-Clause,Apache-2.0|[CVE-2023-0286](https://github.com/advisories/GHSA-x4qr-2fvf-3mr5) (High)
[CVE-2020-25659](https://github.com/advisories/GHSA-hggm-jpg3-v476) (Moderate)
[CVE-2023-23931](https://github.com/advisories/GHSA-w7pp-m8wf-vj6r) (Moderate)
[](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) (Low)
[](https://github.com/advisories/GHSA-jm77-qphf-c4w8) (Low)
[](https://github.com/advisories/GHSA-v8gr-m533-ghj9) (Low)| +|[flake8](https://pypi.org/flake8)|v3.8.2|05/25/20|dependabot-preview[bot] |MIT|N/A| +|[httpx](https://pypi.org/httpx)|v0.13.3|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2021-41945](https://github.com/advisories/GHSA-h8pj-cxx2-jfg2) (Critical)| +|[ipython](https://pypi.org/ipython)|v7.15.0|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2022-21699](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x) (High)| +|[isort](https://pypi.org/isort)|v4.3.21|05/13/20|Alexander Shishenko |MIT|N/A| +|[pre-commit](https://pypi.org/pre-commit)|v2.1.1|05/13/20|Alexander Shishenko |MIT|N/A| +|[pytest](https://pypi.org/pytest)|v5.4.3|06/02/20|dependabot[bot] |MIT|N/A| +|[python-dateutil](https://pypi.org/python-dateutil)|v2.8.1|06/01/20|dependabot-preview[bot] |NRL|N/A| +|[six](https://pypi.org/six)|v1.15.0|05/04/20|Alexander Shishenko |MIT|N/A| +|[tqdm](https://pypi.org/tqdm)|v4.46.0|05/04/20|Alexander Shishenko |MPL-2.0,MIT|N/A| +|[urllib3](https://pypi.org/urllib3)|v1.25.9|05/04/20|Alexander Shishenko |MIT|[CVE-2021-33503](https://github.com/advisories/GHSA-q2q7-5pp4-w6pg) (High)
[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)| + +
+
+ +Generated via [Stack File](https://github.com/apps/stack-file) From 09022b4356e8caa40956080c009ef2cb52628e09 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 4 Jan 2024 16:11:04 +0000 Subject: [PATCH 3/8] Update techstack.yml --- techstack.yml | 78 +++++++++++++++++++++++++++------------------------ 1 file changed, 42 insertions(+), 36 deletions(-) diff --git a/techstack.yml b/techstack.yml index b102a1a..8734b60 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,7 +1,8 @@ repo_name: GamePad64/sparklehub-cli report_id: a8cc37a708453a99fb681ab0fb8c07d7 +version: 0.1 repo_type: Public -timestamp: '2023-11-09T15:26:27+00:00' +timestamp: '2024-01-04T14:58:56+00:00' requested_by: GamePad64 provider: github branch: master @@ -16,6 +17,7 @@ tools: category: Languages & Frameworks sub_category: Languages image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source_url: https://github.com/GamePad64/sparklehub-cli detection_source: Repo Metadata - name: Git description: Fast, scalable, distributed revision control system @@ -25,6 +27,7 @@ tools: category: Build, Test, Deploy sub_category: Version Control System image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/GamePad64/sparklehub-cli detection_source: Repo Metadata - name: GitHub Actions description: Automate your workflow from idea to production @@ -34,6 +37,7 @@ tools: category: Build, Test, Deploy sub_category: Continuous Integration image_url: https://img.stackshare.io/service/11563/actions.png + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/.github/workflows/pythonpackage.yml detection_source: ".github/workflows/pythonpackage.yml" last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z @@ -45,24 +49,26 @@ tools: category: Build, Test, Deploy sub_category: Hosted Package Repository image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/pyproject.toml detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z - name: black description: The uncompromising code formatter - package_url: https://pypi.org/black + package_url: https://pypi.org/project/black license: MIT open_source: true hosted_saas: false category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/20099/default_029b9bbfb6be2cd34bebeda5b8e1e80a1d22441c.png + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/pyproject.toml detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z - name: certifi description: Python package for providing Mozilla's CA Bundle - package_url: https://pypi.org/certifi + package_url: https://pypi.org/project/certifi version: 2020.4.5 license: MPL-2.0 open_source: true @@ -70,7 +76,7 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19849/default_75c38a39b9f0062814489e2ec2cbfca0ca15d9ba.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z @@ -89,7 +95,7 @@ tools: first_patched: 2022.12.07 - name: click description: Composable command line interface toolkit - package_url: https://pypi.org/click + package_url: https://pypi.org/project/click version: 7.1.2 license: BSD-3-Clause open_source: true @@ -97,13 +103,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19830/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z - name: colorama description: Cross-platform colored terminal text - package_url: https://pypi.org/colorama + package_url: https://pypi.org/project/colorama version: 0.4.3 license: BSD-3-Clause open_source: true @@ -111,14 +117,14 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19845/default_accee5d2b8ed75c2245f13504daf75b1cbc8cc9f.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z - name: cryptography description: Cryptography is a package which provides cryptographic recipes and primitives to Python developers - package_url: https://pypi.org/cryptography + package_url: https://pypi.org/project/cryptography version: 2.9.2 license: BSD-3-Clause,Apache-2.0 open_source: true @@ -126,7 +132,7 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19850/default_db2ab2702f70e20c272f6ce65251108fb2b8f1ea.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z @@ -150,12 +156,6 @@ tools: detected_date: Feb 8 severity: moderate first_patched: 39.0.1 - - name: Vulnerable OpenSSL included in cryptography wheels - cve_id: - cve_url: https://github.com/advisories/GHSA-5cpq-8wj7-hf2v - detected_date: Jun 3 - severity: low - first_patched: 41.0.0 - name: pyca/cryptography's wheels include vulnerable OpenSSL cve_id: cve_url: https://github.com/advisories/GHSA-jm77-qphf-c4w8 @@ -168,9 +168,15 @@ tools: detected_date: Sep 22 severity: low first_patched: 41.0.4 + - name: Vulnerable OpenSSL included in cryptography wheels + cve_id: + cve_url: https://github.com/advisories/GHSA-5cpq-8wj7-hf2v + detected_date: Jun 3 + severity: low + first_patched: 41.0.0 - name: flake8 description: 'The modular source code checker: pep8, pyflakes and co' - package_url: https://pypi.org/flake8 + package_url: https://pypi.org/project/flake8 version: 3.8.2 license: MIT open_source: true @@ -178,13 +184,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19920/default_c8be5290cb8d8a8b578535a2c6475d1057ff4ea4.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: dependabot-preview[bot] last_updated_on: 2020-05-25 02:43:41.000000000 Z - name: httpx description: The next generation HTTP client - package_url: https://pypi.org/httpx + package_url: https://pypi.org/project/httpx version: 0.13.3 license: BSD-3-Clause open_source: true @@ -192,7 +198,7 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/20315/default_5f4e928dbcb1c4db4050881fc2e0229785fc931c.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: dependabot-preview[bot] last_updated_on: 2020-06-01 02:45:00.000000000 Z @@ -205,7 +211,7 @@ tools: first_patched: 0.23.0 - name: ipython description: 'IPython: Productive Interactive Computing' - package_url: https://pypi.org/ipython + package_url: https://pypi.org/project/ipython version: 7.15.0 license: BSD-3-Clause open_source: true @@ -213,7 +219,7 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19892/default_f716e4bc541a9eb6e3f5b7a20d7c35355075b0b4.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: dependabot-preview[bot] last_updated_on: 2020-06-01 08:33:39.000000000 Z @@ -226,7 +232,7 @@ tools: first_patched: 7.16.3 - name: isort description: A Python utility / library to sort Python imports - package_url: https://pypi.org/isort + package_url: https://pypi.org/project/isort version: 4.3.21 license: MIT open_source: true @@ -234,14 +240,14 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/20117/default_9cf91bfbbfb266fc12a914cdc09d9e4b55c773bb.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-13 16:01:40.000000000 Z - name: pre-commit description: A framework for managing and maintaining multi-language pre-commit hooks - package_url: https://pypi.org/pre-commit + package_url: https://pypi.org/project/pre-commit version: 2.1.1 license: MIT open_source: true @@ -249,13 +255,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/20560/default_d975dcf643a054134f39226d51d4a5fea9320efe.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-13 16:01:40.000000000 Z - name: pytest description: 'Pytest: simple powerful testing with Python' - package_url: https://pypi.org/pytest + package_url: https://pypi.org/project/pytest version: 5.4.3 license: MIT open_source: true @@ -263,13 +269,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19843/default_4604ff5dcb7f4d9c7b3833591c2142493951b19c.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: dependabot[bot] last_updated_on: 2020-06-02 17:49:52.000000000 Z - name: python-dateutil description: Extensions to the standard Python datetime module - package_url: https://pypi.org/python-dateutil + package_url: https://pypi.org/project/python-dateutil version: 2.8.1 license: NRL open_source: true @@ -277,13 +283,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19833/default_58dbe7b4d7ec447b62773209af0f9a31bbabf5bd.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: dependabot-preview[bot] last_updated_on: 2020-06-01 08:33:39.000000000 Z - name: six description: Python 2 and 3 compatibility utilities - package_url: https://pypi.org/six + package_url: https://pypi.org/project/six version: 1.15.0 license: MIT open_source: true @@ -291,13 +297,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19827/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z - name: tqdm description: Fast, Extensible Progress Meter - package_url: https://pypi.org/tqdm + package_url: https://pypi.org/project/tqdm version: 4.46.0 license: MPL-2.0,MIT open_source: true @@ -305,13 +311,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19846/default_accee5d2b8ed75c2245f13504daf75b1cbc8cc9f.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z - name: urllib3 description: HTTP library with thread-safe connection pooling - package_url: https://pypi.org/urllib3 + package_url: https://pypi.org/project/urllib3 version: 1.25.9 license: MIT open_source: true @@ -319,7 +325,7 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19842/default_4604ff5dcb7f4d9c7b3833591c2142493951b19c.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/GamePad64/sparklehub-cli/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: Alexander Shishenko last_updated_on: 2020-05-04 22:59:52.000000000 Z From 2fd4a674c57aef1e90ccb6014b42cc023eb665c7 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 4 Jan 2024 16:11:05 +0000 Subject: [PATCH 4/8] Update techstack.md --- techstack.md | 46 +++++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/techstack.md b/techstack.md index 33242fe..89e36ca 100644 --- a/techstack.md +++ b/techstack.md @@ -1,28 +1,32 @@
# Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [GamePad64/sparklehub-cli](https://github.com/GamePad64/sparklehub-cli)![](https://img.stackshare.io/public_badge.svg "public")

-|19
Tools used|11/09/23
Report generated| +|19
Tools used|01/04/24
Report generated| |------|------|
@@ -75,23 +79,23 @@ Full tech stack [here](/techstack.md) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| -|[black](https://pypi.org/black)|N/A|05/04/20|Alexander Shishenko |MIT|N/A| -|[certifi](https://pypi.org/certifi)|v2020.4.5|05/04/20|Alexander Shishenko |MPL-2.0|[CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7) (High)
[CVE-2022-23491](https://github.com/advisories/GHSA-43fp-rhv2-5gv8) (Moderate)| -|[click](https://pypi.org/click)|v7.1.2|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| -|[colorama](https://pypi.org/colorama)|v0.4.3|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| -|[cryptography](https://pypi.org/cryptography)|v2.9.2|05/04/20|Alexander Shishenko |BSD-3-Clause,Apache-2.0|[CVE-2023-0286](https://github.com/advisories/GHSA-x4qr-2fvf-3mr5) (High)
[CVE-2020-25659](https://github.com/advisories/GHSA-hggm-jpg3-v476) (Moderate)
[CVE-2023-23931](https://github.com/advisories/GHSA-w7pp-m8wf-vj6r) (Moderate)
[](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) (Low)
[](https://github.com/advisories/GHSA-jm77-qphf-c4w8) (Low)
[](https://github.com/advisories/GHSA-v8gr-m533-ghj9) (Low)| -|[flake8](https://pypi.org/flake8)|v3.8.2|05/25/20|dependabot-preview[bot] |MIT|N/A| -|[httpx](https://pypi.org/httpx)|v0.13.3|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2021-41945](https://github.com/advisories/GHSA-h8pj-cxx2-jfg2) (Critical)| -|[ipython](https://pypi.org/ipython)|v7.15.0|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2022-21699](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x) (High)| -|[isort](https://pypi.org/isort)|v4.3.21|05/13/20|Alexander Shishenko |MIT|N/A| -|[pre-commit](https://pypi.org/pre-commit)|v2.1.1|05/13/20|Alexander Shishenko |MIT|N/A| -|[pytest](https://pypi.org/pytest)|v5.4.3|06/02/20|dependabot[bot] |MIT|N/A| -|[python-dateutil](https://pypi.org/python-dateutil)|v2.8.1|06/01/20|dependabot-preview[bot] |NRL|N/A| -|[six](https://pypi.org/six)|v1.15.0|05/04/20|Alexander Shishenko |MIT|N/A| -|[tqdm](https://pypi.org/tqdm)|v4.46.0|05/04/20|Alexander Shishenko |MPL-2.0,MIT|N/A| -|[urllib3](https://pypi.org/urllib3)|v1.25.9|05/04/20|Alexander Shishenko |MIT|[CVE-2021-33503](https://github.com/advisories/GHSA-q2q7-5pp4-w6pg) (High)
[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)| +|[black](https://pypi.org/project/black)|N/A|05/04/20|Alexander Shishenko |MIT|N/A| +|[certifi](https://pypi.org/project/certifi)|v2020.4.5|05/04/20|Alexander Shishenko |MPL-2.0|[CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7) (High)
[CVE-2022-23491](https://github.com/advisories/GHSA-43fp-rhv2-5gv8) (Moderate)| +|[click](https://pypi.org/project/click)|v7.1.2|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| +|[colorama](https://pypi.org/project/colorama)|v0.4.3|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| +|[cryptography](https://pypi.org/project/cryptography)|v2.9.2|05/04/20|Alexander Shishenko |BSD-3-Clause,Apache-2.0|[CVE-2023-0286](https://github.com/advisories/GHSA-x4qr-2fvf-3mr5) (High)
[CVE-2020-25659](https://github.com/advisories/GHSA-hggm-jpg3-v476) (Moderate)
[CVE-2023-23931](https://github.com/advisories/GHSA-w7pp-m8wf-vj6r) (Moderate)
[](https://github.com/advisories/GHSA-jm77-qphf-c4w8) (Low)
[](https://github.com/advisories/GHSA-v8gr-m533-ghj9) (Low)
[](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) (Low)| +|[flake8](https://pypi.org/project/flake8)|v3.8.2|05/25/20|dependabot-preview[bot] |MIT|N/A| +|[httpx](https://pypi.org/project/httpx)|v0.13.3|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2021-41945](https://github.com/advisories/GHSA-h8pj-cxx2-jfg2) (Critical)| +|[ipython](https://pypi.org/project/ipython)|v7.15.0|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2022-21699](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x) (High)| +|[isort](https://pypi.org/project/isort)|v4.3.21|05/13/20|Alexander Shishenko |MIT|N/A| +|[pre-commit](https://pypi.org/project/pre-commit)|v2.1.1|05/13/20|Alexander Shishenko |MIT|N/A| +|[pytest](https://pypi.org/project/pytest)|v5.4.3|06/02/20|dependabot[bot] |MIT|N/A| +|[python-dateutil](https://pypi.org/project/python-dateutil)|v2.8.1|06/01/20|dependabot-preview[bot] |NRL|N/A| +|[six](https://pypi.org/project/six)|v1.15.0|05/04/20|Alexander Shishenko |MIT|N/A| +|[tqdm](https://pypi.org/project/tqdm)|v4.46.0|05/04/20|Alexander Shishenko |MPL-2.0,MIT|N/A| +|[urllib3](https://pypi.org/project/urllib3)|v1.25.9|05/04/20|Alexander Shishenko |MIT|[CVE-2021-33503](https://github.com/advisories/GHSA-q2q7-5pp4-w6pg) (High)
[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)|
-Generated via [Stack File](https://github.com/apps/stack-file) +Generated via [Stack File](https://github.com/marketplace/stack-file) From a6e67870deea323957e64582bd24d529013f87c4 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 5 Jan 2024 09:42:39 +0000 Subject: [PATCH 5/8] Update techstack.yml --- techstack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index 8734b60..bec9800 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: GamePad64/sparklehub-cli report_id: a8cc37a708453a99fb681ab0fb8c07d7 version: 0.1 repo_type: Public -timestamp: '2024-01-04T14:58:56+00:00' +timestamp: '2024-01-05T09:21:53+00:00' requested_by: GamePad64 provider: github branch: master From f6455caa45dfd57e681b8cf07b1cdc6c4fbe879a Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 5 Jan 2024 09:42:40 +0000 Subject: [PATCH 6/8] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index 89e36ca..ee10a6d 100644 --- a/techstack.md +++ b/techstack.md @@ -26,7 +26,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [GamePad64/sparklehub-cli](https://github.com/GamePad64/sparklehub-cli)![](https://img.stackshare.io/public_badge.svg "public")

-|19
Tools used|01/04/24
Report generated| +|19
Tools used|01/05/24
Report generated| |------|------|
From 9495d6a5dbc49624ef7cbb3752936635bb9c6776 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 29 Feb 2024 20:15:06 +0000 Subject: [PATCH 7/8] Update techstack.yml --- techstack.yml | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/techstack.yml b/techstack.yml index bec9800..53acdf9 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: GamePad64/sparklehub-cli report_id: a8cc37a708453a99fb681ab0fb8c07d7 version: 0.1 repo_type: Public -timestamp: '2024-01-05T09:21:53+00:00' +timestamp: '2024-02-29T18:06:50+00:00' requested_by: GamePad64 provider: github branch: master @@ -143,6 +143,12 @@ tools: detected_date: Feb 9 severity: high first_patched: 39.0.1 + - name: Python Cryptography package vulnerable to Bleichenbacher timing oracle attack + cve_id: CVE-2023-50782 + cve_url: https://github.com/advisories/GHSA-3ww4-gg4f-jr7f + detected_date: Feb 6 + severity: high + first_patched: 42.0.0 - name: RSA decryption vulnerable to Bleichenbacher timing vulnerability cve_id: CVE-2020-25659 cve_url: https://github.com/advisories/GHSA-hggm-jpg3-v476 @@ -156,12 +162,12 @@ tools: detected_date: Feb 8 severity: moderate first_patched: 39.0.1 - - name: pyca/cryptography's wheels include vulnerable OpenSSL - cve_id: - cve_url: https://github.com/advisories/GHSA-jm77-qphf-c4w8 - detected_date: Aug 2 - severity: low - first_patched: 41.0.3 + - name: Null pointer dereference in PKCS12 parsing + cve_id: CVE-2024-0727 + cve_url: https://github.com/advisories/GHSA-9v9h-cgj8-h64p + detected_date: Feb 17 + severity: moderate + first_patched: 42.0.2 - name: Vulnerable OpenSSL included in cryptography wheels cve_id: cve_url: https://github.com/advisories/GHSA-v8gr-m533-ghj9 @@ -174,6 +180,12 @@ tools: detected_date: Jun 3 severity: low first_patched: 41.0.0 + - name: pyca/cryptography's wheels include vulnerable OpenSSL + cve_id: + cve_url: https://github.com/advisories/GHSA-jm77-qphf-c4w8 + detected_date: Aug 2 + severity: low + first_patched: 41.0.3 - name: flake8 description: 'The modular source code checker: pep8, pyflakes and co' package_url: https://pypi.org/project/flake8 From 31732433e73ea6322f104e938a0454f1dd2a0946 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 29 Feb 2024 20:15:06 +0000 Subject: [PATCH 8/8] Update techstack.md --- techstack.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/techstack.md b/techstack.md index ee10a6d..5652005 100644 --- a/techstack.md +++ b/techstack.md @@ -26,7 +26,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [GamePad64/sparklehub-cli](https://github.com/GamePad64/sparklehub-cli)![](https://img.stackshare.io/public_badge.svg "public")

-|19
Tools used|01/05/24
Report generated| +|19
Tools used|02/29/24
Report generated| |------|------|
@@ -83,7 +83,7 @@ Full tech stack [here](/techstack.md) |[certifi](https://pypi.org/project/certifi)|v2020.4.5|05/04/20|Alexander Shishenko |MPL-2.0|[CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7) (High)
[CVE-2022-23491](https://github.com/advisories/GHSA-43fp-rhv2-5gv8) (Moderate)| |[click](https://pypi.org/project/click)|v7.1.2|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| |[colorama](https://pypi.org/project/colorama)|v0.4.3|05/04/20|Alexander Shishenko |BSD-3-Clause|N/A| -|[cryptography](https://pypi.org/project/cryptography)|v2.9.2|05/04/20|Alexander Shishenko |BSD-3-Clause,Apache-2.0|[CVE-2023-0286](https://github.com/advisories/GHSA-x4qr-2fvf-3mr5) (High)
[CVE-2020-25659](https://github.com/advisories/GHSA-hggm-jpg3-v476) (Moderate)
[CVE-2023-23931](https://github.com/advisories/GHSA-w7pp-m8wf-vj6r) (Moderate)
[](https://github.com/advisories/GHSA-jm77-qphf-c4w8) (Low)
[](https://github.com/advisories/GHSA-v8gr-m533-ghj9) (Low)
[](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) (Low)| +|[cryptography](https://pypi.org/project/cryptography)|v2.9.2|05/04/20|Alexander Shishenko |BSD-3-Clause,Apache-2.0|[CVE-2023-0286](https://github.com/advisories/GHSA-x4qr-2fvf-3mr5) (High)
[CVE-2023-50782](https://github.com/advisories/GHSA-3ww4-gg4f-jr7f) (High)
[CVE-2020-25659](https://github.com/advisories/GHSA-hggm-jpg3-v476) (Moderate)
[CVE-2023-23931](https://github.com/advisories/GHSA-w7pp-m8wf-vj6r) (Moderate)
[CVE-2024-0727](https://github.com/advisories/GHSA-9v9h-cgj8-h64p) (Moderate)
[](https://github.com/advisories/GHSA-v8gr-m533-ghj9) (Low)
[](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) (Low)
[](https://github.com/advisories/GHSA-jm77-qphf-c4w8) (Low)| |[flake8](https://pypi.org/project/flake8)|v3.8.2|05/25/20|dependabot-preview[bot] |MIT|N/A| |[httpx](https://pypi.org/project/httpx)|v0.13.3|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2021-41945](https://github.com/advisories/GHSA-h8pj-cxx2-jfg2) (Critical)| |[ipython](https://pypi.org/project/ipython)|v7.15.0|06/01/20|dependabot-preview[bot] |BSD-3-Clause|[CVE-2022-21699](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x) (High)|