Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

py3-setuptools/71.1.0 package update #24377

Merged
merged 1 commit into from
Jul 24, 2024
Merged

py3-setuptools/71.1.0 package update #24377

merged 1 commit into from
Jul 24, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 21, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Jul 21, 2024
@github-actions GitHub Actions
Copy link
Contributor

Package py3-setuptools: Click to expand/collapse

Package py3-setuptools:
Unchanged

Package py3.10-setuptools: Click to expand/collapse

Package py3.10-setuptools:
Added: /usr/lib/python3.10/site-packages/pkg_resources/py.typed
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/INSTALLER
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/LICENSE
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/METADATA
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/RECORD
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/REQUESTED
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/WHEEL
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/direct_url.json
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/entry_points.txt
Added: /usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/top_level.txt
Modified: /usr/lib/python3.10/site-packages/pkg_resources/init.py
Modified: /usr/lib/python3.10/site-packages/pkg_resources/pycache/init.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/pycache/build_meta.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/pycache/sandbox.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/pycache/warnings.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_distutils/pycache/msvc9compiler.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_distutils/_vendor/packaging/pycache/_manylinux.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_distutils/_vendor/packaging/pycache/metadata.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_distutils/_vendor/packaging/pycache/tags.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/pycache/typing_extensions.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/backports/tarfile/pycache/init.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_resources/tests/pycache/test_contents.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_resources/tests/pycache/test_functional.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_resources/tests/pycache/test_reader.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_resources/tests/pycache/test_resource.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/inflect/pycache/init.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/pycache/_manylinux.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/pycache/metadata.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/pycache/tags.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/tomli/pycache/_parser.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/pycache/_checkers.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/pycache/bdist_wheel.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/pycache/_manylinux.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/pycache/tags.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/pycache/init.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/bdist_wheel.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/build.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/editable_wheel.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/egg_info.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/install.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/install_lib.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/pycache/upload_docs.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/command/bdist_wheel.py
Modified: /usr/lib/python3.10/site-packages/setuptools/command/editable_wheel.py
Modified: /usr/lib/python3.10/site-packages/setuptools/command/install.py
Modified: /usr/lib/python3.10/site-packages/setuptools/command/install_lib.py
Modified: /usr/lib/python3.10/site-packages/setuptools/command/upload_docs.py
Modified: /usr/lib/python3.10/site-packages/setuptools/config/pycache/_apply_pyprojecttoml.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/config/pycache/expand.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/config/pycache/pyprojecttoml.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/config/pycache/setupcfg.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/config/_validate_pyproject/pycache/error_reporting.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/config/expand.py
Modified: /usr/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py
Modified: /usr/lib/python3.10/site-packages/setuptools/config/setupcfg.py
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/pycache/test_bdist_wheel.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/pycache/test_build_meta.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/pycache/test_build_py.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/pycache/test_config_discovery.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/pycache/test_editable_install.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/pycache/test_wheel.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/config/pycache/test_expand.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/config/pycache/test_pyprojecttoml.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/config/pycache/test_setupcfg.cpython-310.pyc
Modified: /usr/lib/python3.10/site-packages/setuptools/tests/test_wheel.py
Modified: /usr/lib/python3.10/site-packages/setuptools/warnings.py
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/INSTALLER
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/LICENSE
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/METADATA
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/RECORD
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/REQUESTED
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/WHEEL
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/direct_url.json
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/entry_points.txt
Deleted: /usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/top_level.txt

Package py3.11-setuptools: Click to expand/collapse

Package py3.11-setuptools:
Added: /usr/lib/python3.11/site-packages/pkg_resources/py.typed
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/INSTALLER
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/LICENSE
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/METADATA
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/RECORD
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/REQUESTED
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/WHEEL
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/direct_url.json
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/entry_points.txt
Added: /usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/top_level.txt
Modified: /usr/lib/python3.11/site-packages/pkg_resources/init.py
Modified: /usr/lib/python3.11/site-packages/pkg_resources/pycache/init.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/pycache/warnings.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/command/pycache/bdist_wheel.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/command/pycache/editable_wheel.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/command/pycache/install.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/command/pycache/install_lib.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/command/pycache/upload_docs.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/command/bdist_wheel.py
Modified: /usr/lib/python3.11/site-packages/setuptools/command/editable_wheel.py
Modified: /usr/lib/python3.11/site-packages/setuptools/command/install.py
Modified: /usr/lib/python3.11/site-packages/setuptools/command/install_lib.py
Modified: /usr/lib/python3.11/site-packages/setuptools/command/upload_docs.py
Modified: /usr/lib/python3.11/site-packages/setuptools/config/pycache/expand.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/config/pycache/pyprojecttoml.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/config/pycache/setupcfg.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/config/expand.py
Modified: /usr/lib/python3.11/site-packages/setuptools/config/pyprojecttoml.py
Modified: /usr/lib/python3.11/site-packages/setuptools/config/setupcfg.py
Modified: /usr/lib/python3.11/site-packages/setuptools/tests/pycache/test_wheel.cpython-311.pyc
Modified: /usr/lib/python3.11/site-packages/setuptools/tests/test_wheel.py
Modified: /usr/lib/python3.11/site-packages/setuptools/warnings.py
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/INSTALLER
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/LICENSE
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/METADATA
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/RECORD
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/REQUESTED
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/WHEEL
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/direct_url.json
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/entry_points.txt
Deleted: /usr/lib/python3.11/site-packages/setuptools-71.0.4.post20240720.dist-info/top_level.txt

Package py3.12-setuptools: Click to expand/collapse

Package py3.12-setuptools:
Added: /usr/lib/python3.12/site-packages/pkg_resources/py.typed
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/INSTALLER
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/LICENSE
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/METADATA
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/RECORD
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/REQUESTED
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/WHEEL
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/direct_url.json
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/entry_points.txt
Added: /usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/top_level.txt
Modified: /usr/lib/python3.12/site-packages/pkg_resources/init.py
Modified: /usr/lib/python3.12/site-packages/pkg_resources/pycache/init.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/pycache/warnings.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/command/pycache/bdist_wheel.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/command/pycache/editable_wheel.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/command/pycache/install.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/command/pycache/install_lib.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/command/pycache/upload_docs.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/command/bdist_wheel.py
Modified: /usr/lib/python3.12/site-packages/setuptools/command/editable_wheel.py
Modified: /usr/lib/python3.12/site-packages/setuptools/command/install.py
Modified: /usr/lib/python3.12/site-packages/setuptools/command/install_lib.py
Modified: /usr/lib/python3.12/site-packages/setuptools/command/upload_docs.py
Modified: /usr/lib/python3.12/site-packages/setuptools/config/pycache/expand.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/config/pycache/pyprojecttoml.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/config/pycache/setupcfg.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/config/expand.py
Modified: /usr/lib/python3.12/site-packages/setuptools/config/pyprojecttoml.py
Modified: /usr/lib/python3.12/site-packages/setuptools/config/setupcfg.py
Modified: /usr/lib/python3.12/site-packages/setuptools/tests/pycache/test_wheel.cpython-312.pyc
Modified: /usr/lib/python3.12/site-packages/setuptools/tests/test_wheel.py
Modified: /usr/lib/python3.12/site-packages/setuptools/warnings.py
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/INSTALLER
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/LICENSE
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/METADATA
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/RECORD
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/REQUESTED
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/WHEEL
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/direct_url.json
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/entry_points.txt
Deleted: /usr/lib/python3.12/site-packages/setuptools-71.0.4.post20240720.dist-info/top_level.txt

Package py3-supported-setuptools: Click to expand/collapse

Package py3-supported-setuptools:
Unchanged

bincapz found differences: Click to expand/collapse

Changed: /tmp/wolfictl-apk-1506793615/py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools/tests/test_easy_install.py

Changed: /tmp/wolfictl-apk-1506793615/py3-setuptools/var/lib/db/sbom/py3-setuptools-71.1.0-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/download download files downloadLocation
+LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/2aa92d17b7c473bab4f49c28d9c5

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-LOW ref/path/file/url file url file:///home
-LOW ref/path/hidden possible hidden file path /home/build/.wheels

Changed: /tmp/wolfictl-apk-1506793615/py3.10-setuptools/var/lib/db/sbom/py3.10-setuptools-71.1.0-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/download download files downloadLocation
+LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/184c6236de535ca34dc96b4446af

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-LOW ref/path/file/url file url file:///home
-LOW ref/path/hidden possible hidden file path /home/build/.wheels

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/var/lib/db/sbom/py3.11-setuptools-71.1.0-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/download download files downloadLocation
+LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/74c49c78c9897f99e6fb1e65f362

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-LOW ref/path/file/url file url file:///home
-LOW ref/path/hidden possible hidden file path /home/build/.wheels

Changed: /tmp/wolfictl-apk-1506793615/py3-supported-setuptools/var/lib/db/sbom/py3-supported-setuptools-71.1.0-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/download download files downloadLocation
+LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/39d310c00be457795ead74cada76

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-LOW ref/path/file/url file url file:///home
-LOW ref/path/hidden possible hidden file path /home/build/.wheels

Changed: /tmp/wolfictl-apk-1506793615/py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools/tests/test_virtualenv.py

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/usr/lib/python3.11/site-packages/setuptools/command/bdist_egg.py

Changed: /tmp/wolfictl-apk-1506793615/py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools/command/bdist_egg.py

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/var/lib/db/sbom/py3.12-setuptools-71.1.0-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/download download files downloadLocation
+LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/b8bc4f406e62c0a6b3206b824d32

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-LOW ref/path/file/url file url file:///home
-LOW ref/path/hidden possible hidden file path /home/build/.wheels

Changed: /tmp/wolfictl-apk-1506793615/py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools/tests/test_develop.py

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/usr/lib/python3.11/site-packages/setuptools-71.1.0.post20240721.dist-info/direct_url.json [⚠️ MEDIUM → ✅ LOW]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+LOW ref/path/file/url file url file:///home
+LOW ref/path/hidden possible hidden file path /home/build/.wheels

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM net/download download files downloadLocation
-LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/ec834377d721cbcea2017bebc8cf

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/usr/lib/python3.11/site-packages/setuptools/tests/test_develop.py

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/usr/lib/python3.12/site-packages/setuptools/tests/test_wheel.py

1 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+LOW ref/site/url contains embedded HTTPS URLs python/mypy#9884

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/usr/lib/python3.11/site-packages/setuptools/tests/test_virtualenv.py

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/usr/lib/python3.11/site-packages/setuptools/tests/test_wheel.py

1 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+LOW ref/site/url contains embedded HTTPS URLs python/mypy#9884

Changed: /tmp/wolfictl-apk-1506793615/py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools/tests/test_wheel.py

1 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+LOW ref/site/url contains embedded HTTPS URLs python/mypy#9884

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/usr/lib/python3.12/site-packages/setuptools/command/bdist_egg.py

Changed: /tmp/wolfictl-apk-1506793615/py3.11-setuptools/usr/lib/python3.11/site-packages/setuptools/tests/test_easy_install.py

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/usr/lib/python3.12/site-packages/setuptools-71.1.0.post20240721.dist-info/direct_url.json [⚠️ MEDIUM → ✅ LOW]

2 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+LOW ref/path/file/url file url file:///home
+LOW ref/path/hidden possible hidden file path /home/build/.wheels

2 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM net/download download files downloadLocation
-LOW ref/site/url contains embedded HTTPS URLs https://spdx.org/spdxdocs/chainguard/melange/ec834377d721cbcea2017bebc8cf

Moved: py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools-71.0.4.post20240720.dist-info/direct_url.json -> /tmp/wolfictl-apk-1506793615/py3.10-setuptools/usr/lib/python3.10/site-packages/setuptools-71.1.0.post20240721.dist-info/direct_url.json (similarity: 0.98)

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/usr/lib/python3.12/site-packages/setuptools/tests/test_easy_install.py

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/usr/lib/python3.12/site-packages/setuptools/tests/test_virtualenv.py

Changed: /tmp/wolfictl-apk-1506793615/py3.12-setuptools/usr/lib/python3.12/site-packages/setuptools/tests/test_develop.py

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jul 21, 2024

bincapz detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/bincapz3591423599/packages/x86_64/py3.12-setuptools-71.1.0-r0.apk/usr/lib/python3.12/site-packages/setuptools/tests/test_editable_install.py [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
CRITICAL combo/backdoor/py_setuptools Python library installer that evaluates arbitrary code exec(finder

/tmp/bincapz3591423599/packages/x86_64/py3.12-setuptools-71.1.0-r0.apk/usr/lib/python3.12/site-packages/setuptools/tests/test_egg_info.py [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
CRITICAL combo/backdoor/py_setuptools Python library installer that evaluates arbitrary code eval(val)

egibs
egibs approved these changes Jul 22, 2024
View reviewed changes
Copy link
Member

@egibs egibs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bincapz findings are still false positives. We'll cut a release with the fixes this week.

@mamccorm mamccorm merged commit 6fb92f0 into main Jul 24, 2024
8 checks passed
@mamccorm mamccorm deleted the wolfictl-d4efe49c-af94-4893-b31a-e6578031365d branch July 24, 2024 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mamccorm mamccorm mamccorm approved these changes

@egibs egibs egibs approved these changes

Assignees
No one assigned
Labels
automated pr request-version-update request for a newer version of a package service:bincapz/blocking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@egibs @mamccorm @wolfi-bot