Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update requirements.txt #34

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update requirements.txt #34

wants to merge 1 commit into from

Conversation

ashishbijlani
Copy link
Contributor

No description provided.

@github-actions
Copy link

Packj Packj Audit Report

Failed to perform Packj audit! Refer to workflow run for details

Triggered by workflow run 37 on commit eefe668f9122e46a8fcf0e6c365fea3ca22451e7

@github-actions
Copy link

Packj Packj Audit Report

Packj audit found 9/9 risky dependencies.

Click here for details
Registry Package Version Risks
pypi six 1.11.0

undesirable

. Click for details
  • package is old or abandoned: 2036 days old
  • version release after a long gap: version released after 712 days
  • accesses files and dirs: reads files and dirs
    		•
    pypi tldextract 3.1.2

    undesirable

    . Click for details
  • package is old or abandoned: 591 days old
  • forks or exits OS processes: performs a process operation
  • accesses files and dirs: reads files and dirs
  • accesses files and dirs: writes to files and dirs
    		•
    pypi PyYAML 6.0

    undesirable

    . Click for details
  • package is old or abandoned: 549 days old
  • version release after a long gap: version released after 608 days
  • accesses files and dirs: writes to files and dirs
  • accesses obfuscated (hidden) code: reads hidden code
  • accesses files and dirs: reads files and dirs
    		•
    pypi requests 2.18.4

    undesirable

    . Click for details
  • package is old or abandoned: 2069 days old
  • forks or exits OS processes: performs a process operation
  • accesses files and dirs: reads files and dirs
  • communicates with external network: fetches data over the network
  • changes system/environment variables: modifies system settings or environment variables

    • vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2018-18074,CVE-2018-18074
    		•
    pypi python-magic 0.4.27

    undesirable

    . Click for details
  • accesses files and dirs: reads files and dirs
    		•
    pypi GitPython 3.1.31

    undesirable

    . Click for details
  • no or insufficient readme: insufficient readme
  • accesses files and dirs: reads files and dirs
  • accesses files and dirs: writes to files and dirs
  • forks or exits OS processes: performs a process operation
    		•
    pypi spykes 2.0.1

    undesirable

    . Click for details
  • fewer versions or releases: only 1 versions released
  • no or insufficient readme: no readme
  • fewer downloads: only 112 weekly downloads
  • noisy package: dummy/empty or troll package
    		•
    npm axios 0.27.2

    undesirable

    . Click for details
  • invalid or no author email: no email
  • accesses obfuscated (hidden) code: reads hidden code
    		•
    npm fastify 4.4.0

    vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2022-39288,CVE-2022-41919

    • undesirable

    . Click for details
  • too many dependencies: 14 found
  • communicates with external network: sends data over the network
  • accesses files and dirs: reads files and dirs
  • accesses obfuscated (hidden) code: reads hidden code
  • communicates with external network: fetches data over the network
    		•
    Triggered by workflow run 37 on commit eefe668f9122e46a8fcf0e6c365fea3ca22451e7

    @github-actions
    Copy link

    Packj Packj Audit Report

    Packj audit found 9/9 risky dependencies.

    Click here for details
    Registry Package Version Risks
    pypi six 1.11.0

    undesirable

    . Click for details
  • package is old or abandoned: 2036 days old
  • version release after a long gap: version released after 712 days
  • accesses files and dirs: reads files and dirs
    		•
    pypi tldextract 3.1.2

    undesirable

    . Click for details
  • package is old or abandoned: 591 days old
  • forks or exits OS processes: performs a process operation
  • accesses files and dirs: reads files and dirs
  • accesses files and dirs: writes to files and dirs
    		•
    pypi PyYAML 6.0

    undesirable

    . Click for details
  • package is old or abandoned: 549 days old
  • version release after a long gap: version released after 608 days
  • accesses files and dirs: writes to files and dirs
  • accesses obfuscated (hidden) code: reads hidden code
  • accesses files and dirs: reads files and dirs
    		•
    pypi requests 2.18.4

    undesirable

    . Click for details
  • package is old or abandoned: 2069 days old
  • forks or exits OS processes: performs a process operation
  • accesses files and dirs: reads files and dirs
  • communicates with external network: fetches data over the network
  • changes system/environment variables: modifies system settings or environment variables

    • vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2018-18074,CVE-2018-18074
    		•
    pypi python-magic 0.4.27

    undesirable

    . Click for details
  • accesses files and dirs: reads files and dirs
    		•
    pypi GitPython 3.1.31

    undesirable

    . Click for details
  • no or insufficient readme: insufficient readme
  • accesses files and dirs: reads files and dirs
  • accesses files and dirs: writes to files and dirs
  • forks or exits OS processes: performs a process operation
    		•
    pypi spykes 2.0.1

    undesirable

    . Click for details
  • fewer versions or releases: only 1 versions released
  • no or insufficient readme: no readme
  • fewer downloads: only 126 weekly downloads
  • noisy package: dummy/empty or troll package
    		•
    npm axios 0.27.2

    undesirable

    . Click for details
  • invalid or no author email: no email
  • accesses obfuscated (hidden) code: reads hidden code
    		•
    npm fastify 4.4.0

    vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2022-39288,CVE-2022-41919

    • undesirable

    . Click for details
  • too many dependencies: 14 found
  • communicates with external network: sends data over the network
  • accesses files and dirs: reads files and dirs
  • accesses obfuscated (hidden) code: reads hidden code
  • communicates with external network: fetches data over the network
    		•
    Triggered by workflow run 37 on commit eefe668f9122e46a8fcf0e6c365fea3ca22451e7

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    1 participant
    @ashishbijlani