Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update requirements.txt #25

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

ashishbijlani
Copy link
Contributor

No description provided.

@github-actions
Copy link

Packj Packj Audit Report

Packj audit found 6/6 risky dependencies.

Click here for details

Registry Package Version Risks
pypi six 1.11.0

undesirable

. Click for details
  • package is old or abandoned: 2035 days old
  • version release after a long gap: version released after 712 days
  • accesses files and dirs: reads files and dirs
  • pypi tldextract 3.1.2

    undesirable

    . Click for details
  • package is old or abandoned: 590 days old
  • forks or exits OS processes: performs a process operation
  • accesses files and dirs: reads files and dirs
  • accesses files and dirs: writes to files and dirs
  • pypi PyYAML 6.0

    undesirable

    . Click for details
  • package is old or abandoned: 548 days old
  • version release after a long gap: version released after 608 days
  • accesses files and dirs: writes to files and dirs
  • accesses obfuscated (hidden) code: reads hidden code
  • accesses files and dirs: reads files and dirs
  • pypi requests 2.18.4

    undesirable

    . Click for details
  • package is old or abandoned: 2069 days old
  • forks or exits OS processes: performs a process operation
  • accesses files and dirs: reads files and dirs
  • communicates with external network: fetches data over the network
  • changes system/environment variables: modifies system settings or environment variables
  • vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2018-18074,CVE-2018-18074
  • npm axios 0.27.2

    undesirable

    . Click for details
  • invalid or no author email: no email
  • accesses obfuscated (hidden) code: reads hidden code
  • npm fastify 4.4.0

    vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2022-39288,CVE-2022-41919
  • undesirable

    . Click for details
  • too many dependencies: 14 found
  • communicates with external network: sends data over the network
  • accesses files and dirs: reads files and dirs
  • accesses obfuscated (hidden) code: reads hidden code
  • communicates with external network: fetches data over the network
  • Triggered by workflow run 28 on commit deff141cd3bbb4f37adb06c5fb7c28b49c04497b

    @github-actions
    Copy link

    Packj Packj Audit Report

    Packj audit found 6/6 risky dependencies.

    Click here for details

    Registry Package Version Risks
    pypi six 1.11.0

    undesirable

    . Click for details
  • package is old or abandoned: 2035 days old
  • pypi tldextract 3.1.2

    undesirable

    . Click for details
  • package is old or abandoned: 590 days old
  • pypi PyYAML 6.0

    undesirable

    . Click for details
  • package is old or abandoned: 548 days old
  • accesses obfuscated (hidden) code: reads hidden code
  • pypi requests 2.18.4

    undesirable

    . Click for details
  • package is old or abandoned: 2069 days old
  • vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2018-18074,CVE-2018-18074
  • npm axios 0.27.2

    undesirable

    . Click for details
  • invalid or no author email: no email
  • accesses obfuscated (hidden) code: reads hidden code
  • npm fastify 4.4.0

    vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2022-39288,CVE-2022-41919
  • undesirable

    . Click for details
  • accesses obfuscated (hidden) code: reads hidden code
  • Triggered by workflow run 28 on commit deff141cd3bbb4f37adb06c5fb7c28b49c04497b

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    None yet
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    1 participant