summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python
Commit message (Collapse)AuthorAgeFilesLines
* python3-bleak: upgrade 2.0.0 -> 2.1.1Wang Mingyu5 days2-2/+8
| | | | | | | | | | | | | | | 1. Changelog: https://github.com/hbldh/bleak/blob/v2.1.1/CHANGELOG.rst 2. Skip integration tests in ptest After upgrade to 2.1.1, a new test set integration was added. https://github.com/hbldh/bleak/tree/v2.1.1/tests/integration According to the description, the tests need kernel module hci_vhci, but hci_vhci is disabled in yocto, so skip these tests. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-m2crypto: mark CVE-2020-25657 as patchedGyorgy Sarvari5 days1-0/+1
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657 The commit[1] that fixes the vulnerability has been part of the package since version 0.39.0 [1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-m2crypto: ignore CVE-2009-0127Gyorgy Sarvari5 days1-0/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127 The vulnerability is disputed[1] by upstream: "There is no vulnerability in M2Crypto. Nowhere in the functions are the return values of OpenSSL functions interpreted incorrectly. The functions provide an interface to their users that may be considered confusing, but is not incorrect, nor it is a vulnerability." [1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-types-psutil: upgrade 7.1.1.20251122 -> 7.2.1.20251231Wang Mingyu5 days1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pillow: upgrade 12.0.0 -> 12.1.0Wang Mingyu5 days1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-nocaselist: upgrade 2.1.0 -> 2.2.0Wang Mingyu5 days1-1/+1
| | | | | | | | Changelog: https://nocaselist.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-nocasedict: upgrade 2.1.0 -> 2.2.0Wang Mingyu5 days1-1/+1
| | | | | | | | Changelog: https://nocasedict.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-moteus: upgrade 0.3.96 -> 0.3.97Wang Mingyu5 days1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-marshmallow: upgrade 4.1.2 -> 4.2.0Wang Mingyu5 days1-1/+1
| | | | | | | | Changelog: many argument of Nested properly overrides schema instance value. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-waitress: add ptest supportGyorgy Sarvari5 days2-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It takes <10s to execute. Some (54) tests are not compatible with musl[1] - due to this the tests are on the problem-list. Sample output snippet: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-07T09:57 BEGIN: /usr/lib/python3-waitress/ptest PASS: tests.test_adjustments.TestAdjustments.test_bad_port PASS: tests.test_adjustments.TestAdjustments.test_badvar PASS: tests.test_adjustments.TestAdjustments.test_default_listen [...many lines...] PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_in_disconnected PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_not_in_disconnected PASS: tests.test_wasyncore.Test_write.test_gardenpath PASS: tests.test_wasyncore.Test_write.test_non_reraised PASS: tests.test_wasyncore.Test_write.test_reraised ============================================================================ Testsuite summary \# TOTAL: 783 \# PASS: 775 \# SKIP: 8 \# XFAIL: 0 \# FAIL: 0 \# XPASS: 0 \# ERROR: 0 DURATION: 7 END: /usr/lib/python3-waitress/ptest 2026-01-07T09:57 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-termcolor: Upgrade 3.2.0 -> 3.3.0Leon Anavi10 days1-1/+1
| | | | | | | | | | Upgrade to release 3.3.0: - Add support for italic - can_colorize: Expect fileno() to raise OSError, as documented Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-behave: Upgrade 1.3.2 -> 1.3.3Leon Anavi10 days1-2/+2
| | | | | | | | | Upgrade to release 1.3.3: - FIXED: Broke Python 2.7 support Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-astroid: Upgrade 4.0.2 -> 4.0.3Leon Anavi10 days1-1/+1
| | | | | | | | | | | | Upgrade to release 4.0.3: - Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing results in the face of inference ambiguity. - Fix base class inference for dataclasses using the PEP 695 typing syntax. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-anyio: Upgrade 4.12.0 -> 4.12.1Leon Anavi10 days1-1/+1
| | | | | | | | | | | | Upgrade to release 4.12.1: - Changed all functions currently raising the private NoCurrentAsyncBackend exception (since v4.12.0) to instead raise the public NoEventLoopError exception - Fixed anyio.functools.lru_cache not working with instance methods Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Upgrade 0.0.220.bb -> 0.0.221Leon Anavi10 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 0.0.221: - Cancel l2cap connection result future on abort - Implement extended advertising emulation - Rust: Fix cargo-all-features to 1.11.0 - L2CAP Enhanced Retransmission mode - Add some docs about Android and Hardware - bump pdl dependencies versions - android-netsim transport enhancements - Upgrade GitHub Actions for Node 24 compatibility - Upgrade GitHub Actions to latest versions - GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC - Remove unused imports - Fix missing type hints on Device.notify_subscribers() - L2CAP: Enhanced Credit-based Flow Control Mode - use ruff for linting and import sorting - hot fix: remove unused import - Ruff: Add and fix UP rules - add support for multiple concurrent broadcasts - Add EATT Support - Fix some typos and annotations Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi: Upgrade 0.124.4 -> 0.128.0Leon Anavi11 days1-1/+1
| | | | | | | | | | Upgrade to release 0.128.0: - Drop support for pydantic.v1 - Run performance tests only on Pydantic v2 Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-networkx: Upgrade 3.6 -> 3.6.1Leon Anavi11 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 3.6.1: API Changes - Add spectral bipartition community finding and greedy bipartition using node swaps Enhancements - Nodelists for from_biadjacency_matrix - Add spectral bipartition community finding and greedy bipartition using node swaps - Fix draw_networkx_nodes with list node_shape and add regression test Bug Fixes - Fix: allow graph subclasses to have additional arguments Documentation - DOC: Improve benchmarking readme - DOC: More details re: RC releases in the release process devdocs - DOC: clarify difference between G.nodes/G.nodes() and G.edges/G.edges() in tutorial - DOC: Add blurb to contributor guide about drawing tests - DOC: Fix underline lens in docstrings - Rolling back shortest paths links Maintenance - MAINT: Replace string literal with comment - Bump actions/checkout from 5 to 6 in the actions group - pin python 3.14 to be version 3.14.0 until dataclasses are fixed - Blocklist Python 3.14.1 Other - TST: add tests for unsupported graph types in MST algorithms - TST: clean up isomorphism tests Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-brotli: Upgrade 1.1.0 -> 1.2.0Leon Anavi11 days1-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 1.2.0: SECURITY - python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan) Added - decoder/encoder: added static initialization to reduce binary size - python: allow limiting decoder output (see SECURITY section) - CLI: brcat alias; allow decoding concatenated brotli streams - kt: pure Kotlin decoder - cgo: support "raw" dictionaries - build: Bazel modules Removed - java: dropped finalize() for native entities Fixed - java: in compress pass correct length to native encoder Improved - build: install man pages - build: updated / fixed / refined Bazel buildfiles - encoder: faster encoding - cgo: link via pkg-config - python: modernize extension / allow multi-phase module initialization Changed - decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-parse-type: Upgrade 0.6.3 -> 0.6.6Leon Anavi11 days1-1/+3
| | | | | | | | | Upgrade to release 0.6.6: - Disable setuptools-scm: Too many side-effects Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-cors: upgrade 4.0.0 -> 5.0.0Gyorgy Sarvari11 days2-117/+2
| | | | | | | Contains fix for CVE-2024-6221 and CVE-2024-1681 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: ignore CVE-2023-26112Gyorgy Sarvari11 days1-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 The fix[1] is already included in the recipe version (5.0.9), the CVE can be marked as patched. [1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cbor2: upgrade 5.7.1 -> 5.8.0Gyorgy Sarvari11 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fix for CVE-2025-68131 Changelog: - Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. - Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects - Reset shared reference state at the start of each top-level encode/decode operation Ptests passed: ... PASS: tests/test_tool.py:test_dtypes_from_file PASS: tests/test_tool.py:test_ignore_tag PASS: tests/test_types.py:test_frozendict ============================================================================ Testsuite summary DURATION: 4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-autobahn: Upgrade 25.11.1 -> 25.12.2Leon Anavi11 days1-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 25.12.2: Build & CI/CD: - Synchronize CI/CD, FlatBuffers vendoring, and wamp-ai/wamp-cicd submodules between autobahn-python and zlmdb - Switch manylinux container from 2_34 to 2_28 for x86_64 ISA compatibility (fixes auditwheel flatc bundling) - Increase ARM64 build timeout to 60 minutes for QEMU emulation - Add .github/workflows/README.md documenting CI/CD architecture - Consolidate download-github-release and download-release-artifacts recipes - Add checksum verification to artifact download workflow FlatBufers: - Simplify vendored FlatBuffers - use upstream as-is - Track vendored FlatBuffers in git (like zlmdb approach) - Add version() function to vendored FlatBuffers runtime - Add check_zlmdb_flatbuffers_version_in_sync() for cross-project compatibility - Generate .bfbs files for WAMP schemas during wheel build Other: - Rename install-flatc to install-flatc-system with prominent warning - Remove legacy readthedocs.yml to activate .readthedocs.yaml - Remove dev-latest optional dependency (PyPI rejects direct URLs) License-Update: Standardize LICENSE with SPDX header Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-filelock: Upgrade 3.20.1 -> 3.20.2Leon Anavi11 days1-1/+1
| | | | | | | | | | Upgrade to release 3.20.2: - Support Unix systems without O_NOFOLLOW - [pre-commit.ci] pre-commit autoupdate Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-wrapt: Upgrade to 2.0.1Khem Raj11 days1-7/+3
| | | | | | | | | | Switch to Pypi fetcher Switch to PEP-517 build backend Fixes WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cmd2: upgrade 3.0.0 -> 3.1.0Liu Yiding13 days1-1/+1
| | | | | | | | Changelog: https://github.com/python-cmd2/cmd2/releases/tag/3.1.0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: upgrade 1.0.0 -> 1.1.0Liu Yiding13 days1-1/+2
| | | | | | | | Changelog: https://py7zr.readthedocs.io/en/latest/Changelog.html Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pytest-aiohttp: add missing DEPENDSTom Geelen2026-01-021-3/+6
| | | | | Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-propcache: Update Cython to version 3.2.3Khem Raj2026-01-022-0/+34
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Add recipeKhem Raj2025-12-311-0/+38
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyee: Add recipeKhem Raj2025-12-311-0/+12
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pymongo: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The default python:pymongo CPE fails to match related CVE entries, because they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%pymongo%'; CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-orjson: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454|ijl|orjson|||3.9.15|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-python-multipart: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | | | The default python:python_multipart CPE doesn't match relevant CVE entries, because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE, and Mitre uses kludex:python-multipart for others. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%python%multipart%'; CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ecdsa: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't match relevant entries. The correct values were taken from the CVE db, by checking which CVEs are relevant. See CVE db query: sqlite> select * from products where product like '%ecdsa%'; CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|< CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=|| CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=|| CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=|| CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=|| CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|< CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|< CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|< CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-gevent: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | Relevant CVEs are tracked with gevent:gevent CPE, and the default python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%gevent%'; CVE-2023-41419|gevent|gevent|||23.9.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-dnspython: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | The related CVEs are tracked using dnspython:dnspython CPE, and the default python:dnspython CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%dnspython%'; CVE-2023-29483|dnspython|dnspython|||2.6.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-starlette: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The relevant CVE entries are tracked with encode:starlette CPE, and the default python:starlette CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%starlette%'; CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|< CVE-2023-30798|encode|starlette|||0.25.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-markdown-it-py: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The related CVE entries are tracked with executablebooks:markdown-it-py CPE value, and the default python:markdown-it-py CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%markdown-it-py%'; CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|< CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with configobj_peroject:configobj CPE in the database, and the default python:configobj CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%configobj%'; CVE-2023-26112|configobj_project|configobj|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with py7zr_project:py7zr CPE in the database, and the default python:py7zr CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%py7zr%'; CVE-2022-44900|py7zr_project|py7zr|||0.20.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-oauthlib: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using oathlib_project:oathlib CPE, and the default python:oauthlib CPE doesn't match relevant entries. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'oauthlib'; CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-joblib: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-eth-account: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The relevant CVEs are tracked with ethereum:eth-account CPE, and the default python:eth-account one doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%eth-account%'; CVE-2022-1930|ethereum|eth-account|||0.5.9|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-binwalk: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like '%binwalk%'; CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0 CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-httpx: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The relevant CVEs are tracked in the CVE db with encode:httpx CPE instead of the default python:httpx. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%httpx%'; CVE-2021-41945|encode|httpx|||0.23.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cvxopt: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | Set correct CVE_PRODUCT to be used instead of ${PN}. See CVE db query: sqlite> select * from products where product like '%cvxopt%'; CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-sqlparse: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | The relevant CVEs are tracked with sqlparse_project:sqlparse CPE, and the default python:sqlparse CPE doesn't match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%sqlparse%'; CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|< CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-restx: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using flask-restx_project:flask-restx CPE, which makes the default python:flask-restx CPE to not match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%flask-restx%'; CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | Set correct CVE_PRODUCT - the default (python:fastapi) is not the one that is used to track CVEs. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'fastapi'; CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0 CVE-2025-55526|n8n|fastapi|0.115.14|=|||0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-17 07:09:59 +0000