summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python
Commit message (Collapse)AuthorAgeFilesLines
* python3-typer: Upgrade 0.21.0 -> 0.21.1Leon Anavi5 days1-1/+1
| | | | | | | | | Upgrade to release 0.21.1: - Fix escaping in help text when rich is installed but not used. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-twitter: mark CVE-2012-5825 patchedGyorgy Sarvari5 days1-0/+1
| | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825 The Debian bugtracker[1] indicated that the issue is tracked by upstream in github[2] (with a difference CVE ID, but same issue), where the vulnerability was confirmed. Later in the same github issue the solution is confirmed: the project switched to use the requests library, which doesn't suffer from this vulnerability. Due to this mark the CVE as patched. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444 [2]: https://github.com/tweepy/tweepy/issues/279 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-uvicorn: mark CVE-2020-7694 patchedGyorgy Sarvari5 days1-0/+1
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694 The vulnerability was reported to the project[1], and the commit[2] that resolved the issue has been part of the project since version 0.11.7. Mark the CVE as patched due to this. [1]: https://github.com/Kludex/uvicorn/issues/723 [2]: https://github.com/Kludex/uvicorn/commit/895807f94ea9a8e588605c12076b7d7517cda503 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-reportlab: mark CVE-2020-28463 patchedGyorgy Sarvari5 days1-0/+1
| | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2020-28463 According to Debian[1] it has been fixed since version 3.5.55[2] Mark is as patched. [1]: https://security-tracker.debian.org/tracker/CVE-2020-28463 [2]: https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-aiohttp: upgrade 3.13.2 -> 3.13.3Jiaying Song5 days1-1/+1
| | | | | | | Changelog:https://docs.aiohttp.org/en/stable/changes.html Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bleak: upgrade 2.0.0 -> 2.1.1Wang Mingyu5 days2-2/+8
| | | | | | | | | | | | | | | 1. Changelog: https://github.com/hbldh/bleak/blob/v2.1.1/CHANGELOG.rst 2. Skip integration tests in ptest After upgrade to 2.1.1, a new test set integration was added. https://github.com/hbldh/bleak/tree/v2.1.1/tests/integration According to the description, the tests need kernel module hci_vhci, but hci_vhci is disabled in yocto, so skip these tests. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-m2crypto: mark CVE-2020-25657 as patchedGyorgy Sarvari5 days1-0/+1
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657 The commit[1] that fixes the vulnerability has been part of the package since version 0.39.0 [1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-m2crypto: ignore CVE-2009-0127Gyorgy Sarvari5 days1-0/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127 The vulnerability is disputed[1] by upstream: "There is no vulnerability in M2Crypto. Nowhere in the functions are the return values of OpenSSL functions interpreted incorrectly. The functions provide an interface to their users that may be considered confusing, but is not incorrect, nor it is a vulnerability." [1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-types-psutil: upgrade 7.1.1.20251122 -> 7.2.1.20251231Wang Mingyu5 days1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pillow: upgrade 12.0.0 -> 12.1.0Wang Mingyu5 days1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-nocaselist: upgrade 2.1.0 -> 2.2.0Wang Mingyu5 days1-1/+1
| | | | | | | | Changelog: https://nocaselist.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-nocasedict: upgrade 2.1.0 -> 2.2.0Wang Mingyu5 days1-1/+1
| | | | | | | | Changelog: https://nocasedict.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-moteus: upgrade 0.3.96 -> 0.3.97Wang Mingyu5 days1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-marshmallow: upgrade 4.1.2 -> 4.2.0Wang Mingyu5 days1-1/+1
| | | | | | | | Changelog: many argument of Nested properly overrides schema instance value. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-waitress: add ptest supportGyorgy Sarvari5 days2-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It takes <10s to execute. Some (54) tests are not compatible with musl[1] - due to this the tests are on the problem-list. Sample output snippet: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-07T09:57 BEGIN: /usr/lib/python3-waitress/ptest PASS: tests.test_adjustments.TestAdjustments.test_bad_port PASS: tests.test_adjustments.TestAdjustments.test_badvar PASS: tests.test_adjustments.TestAdjustments.test_default_listen [...many lines...] PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_in_disconnected PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_not_in_disconnected PASS: tests.test_wasyncore.Test_write.test_gardenpath PASS: tests.test_wasyncore.Test_write.test_non_reraised PASS: tests.test_wasyncore.Test_write.test_reraised ============================================================================ Testsuite summary \# TOTAL: 783 \# PASS: 775 \# SKIP: 8 \# XFAIL: 0 \# FAIL: 0 \# XPASS: 0 \# ERROR: 0 DURATION: 7 END: /usr/lib/python3-waitress/ptest 2026-01-07T09:57 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-termcolor: Upgrade 3.2.0 -> 3.3.0Leon Anavi10 days1-1/+1
| | | | | | | | | | Upgrade to release 3.3.0: - Add support for italic - can_colorize: Expect fileno() to raise OSError, as documented Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-behave: Upgrade 1.3.2 -> 1.3.3Leon Anavi10 days1-2/+2
| | | | | | | | | Upgrade to release 1.3.3: - FIXED: Broke Python 2.7 support Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-astroid: Upgrade 4.0.2 -> 4.0.3Leon Anavi10 days1-1/+1
| | | | | | | | | | | | Upgrade to release 4.0.3: - Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing results in the face of inference ambiguity. - Fix base class inference for dataclasses using the PEP 695 typing syntax. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-anyio: Upgrade 4.12.0 -> 4.12.1Leon Anavi10 days1-1/+1
| | | | | | | | | | | | Upgrade to release 4.12.1: - Changed all functions currently raising the private NoCurrentAsyncBackend exception (since v4.12.0) to instead raise the public NoEventLoopError exception - Fixed anyio.functools.lru_cache not working with instance methods Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Upgrade 0.0.220.bb -> 0.0.221Leon Anavi10 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 0.0.221: - Cancel l2cap connection result future on abort - Implement extended advertising emulation - Rust: Fix cargo-all-features to 1.11.0 - L2CAP Enhanced Retransmission mode - Add some docs about Android and Hardware - bump pdl dependencies versions - android-netsim transport enhancements - Upgrade GitHub Actions for Node 24 compatibility - Upgrade GitHub Actions to latest versions - GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC - Remove unused imports - Fix missing type hints on Device.notify_subscribers() - L2CAP: Enhanced Credit-based Flow Control Mode - use ruff for linting and import sorting - hot fix: remove unused import - Ruff: Add and fix UP rules - add support for multiple concurrent broadcasts - Add EATT Support - Fix some typos and annotations Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi: Upgrade 0.124.4 -> 0.128.0Leon Anavi11 days1-1/+1
| | | | | | | | | | Upgrade to release 0.128.0: - Drop support for pydantic.v1 - Run performance tests only on Pydantic v2 Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-networkx: Upgrade 3.6 -> 3.6.1Leon Anavi11 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 3.6.1: API Changes - Add spectral bipartition community finding and greedy bipartition using node swaps Enhancements - Nodelists for from_biadjacency_matrix - Add spectral bipartition community finding and greedy bipartition using node swaps - Fix draw_networkx_nodes with list node_shape and add regression test Bug Fixes - Fix: allow graph subclasses to have additional arguments Documentation - DOC: Improve benchmarking readme - DOC: More details re: RC releases in the release process devdocs - DOC: clarify difference between G.nodes/G.nodes() and G.edges/G.edges() in tutorial - DOC: Add blurb to contributor guide about drawing tests - DOC: Fix underline lens in docstrings - Rolling back shortest paths links Maintenance - MAINT: Replace string literal with comment - Bump actions/checkout from 5 to 6 in the actions group - pin python 3.14 to be version 3.14.0 until dataclasses are fixed - Blocklist Python 3.14.1 Other - TST: add tests for unsupported graph types in MST algorithms - TST: clean up isomorphism tests Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-brotli: Upgrade 1.1.0 -> 1.2.0Leon Anavi11 days1-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 1.2.0: SECURITY - python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan) Added - decoder/encoder: added static initialization to reduce binary size - python: allow limiting decoder output (see SECURITY section) - CLI: brcat alias; allow decoding concatenated brotli streams - kt: pure Kotlin decoder - cgo: support "raw" dictionaries - build: Bazel modules Removed - java: dropped finalize() for native entities Fixed - java: in compress pass correct length to native encoder Improved - build: install man pages - build: updated / fixed / refined Bazel buildfiles - encoder: faster encoding - cgo: link via pkg-config - python: modernize extension / allow multi-phase module initialization Changed - decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-parse-type: Upgrade 0.6.3 -> 0.6.6Leon Anavi11 days1-1/+3
| | | | | | | | | Upgrade to release 0.6.6: - Disable setuptools-scm: Too many side-effects Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-cors: upgrade 4.0.0 -> 5.0.0Gyorgy Sarvari12 days2-117/+2
| | | | | | | Contains fix for CVE-2024-6221 and CVE-2024-1681 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: ignore CVE-2023-26112Gyorgy Sarvari12 days1-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 The fix[1] is already included in the recipe version (5.0.9), the CVE can be marked as patched. [1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cbor2: upgrade 5.7.1 -> 5.8.0Gyorgy Sarvari12 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fix for CVE-2025-68131 Changelog: - Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. - Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects - Reset shared reference state at the start of each top-level encode/decode operation Ptests passed: ... PASS: tests/test_tool.py:test_dtypes_from_file PASS: tests/test_tool.py:test_ignore_tag PASS: tests/test_types.py:test_frozendict ============================================================================ Testsuite summary DURATION: 4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-autobahn: Upgrade 25.11.1 -> 25.12.2Leon Anavi12 days1-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 25.12.2: Build & CI/CD: - Synchronize CI/CD, FlatBuffers vendoring, and wamp-ai/wamp-cicd submodules between autobahn-python and zlmdb - Switch manylinux container from 2_34 to 2_28 for x86_64 ISA compatibility (fixes auditwheel flatc bundling) - Increase ARM64 build timeout to 60 minutes for QEMU emulation - Add .github/workflows/README.md documenting CI/CD architecture - Consolidate download-github-release and download-release-artifacts recipes - Add checksum verification to artifact download workflow FlatBufers: - Simplify vendored FlatBuffers - use upstream as-is - Track vendored FlatBuffers in git (like zlmdb approach) - Add version() function to vendored FlatBuffers runtime - Add check_zlmdb_flatbuffers_version_in_sync() for cross-project compatibility - Generate .bfbs files for WAMP schemas during wheel build Other: - Rename install-flatc to install-flatc-system with prominent warning - Remove legacy readthedocs.yml to activate .readthedocs.yaml - Remove dev-latest optional dependency (PyPI rejects direct URLs) License-Update: Standardize LICENSE with SPDX header Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-filelock: Upgrade 3.20.1 -> 3.20.2Leon Anavi12 days1-1/+1
| | | | | | | | | | Upgrade to release 3.20.2: - Support Unix systems without O_NOFOLLOW - [pre-commit.ci] pre-commit autoupdate Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-wrapt: Upgrade to 2.0.1Khem Raj12 days1-7/+3
| | | | | | | | | | Switch to Pypi fetcher Switch to PEP-517 build backend Fixes WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cmd2: upgrade 3.0.0 -> 3.1.0Liu Yiding14 days1-1/+1
| | | | | | | | Changelog: https://github.com/python-cmd2/cmd2/releases/tag/3.1.0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: upgrade 1.0.0 -> 1.1.0Liu Yiding14 days1-1/+2
| | | | | | | | Changelog: https://py7zr.readthedocs.io/en/latest/Changelog.html Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pytest-aiohttp: add missing DEPENDSTom Geelen2026-01-021-3/+6
| | | | | Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-propcache: Update Cython to version 3.2.3Khem Raj2026-01-022-0/+34
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Add recipeKhem Raj2025-12-311-0/+38
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyee: Add recipeKhem Raj2025-12-311-0/+12
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pymongo: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The default python:pymongo CPE fails to match related CVE entries, because they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%pymongo%'; CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-orjson: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454|ijl|orjson|||3.9.15|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-python-multipart: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | | | The default python:python_multipart CPE doesn't match relevant CVE entries, because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE, and Mitre uses kludex:python-multipart for others. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%python%multipart%'; CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ecdsa: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't match relevant entries. The correct values were taken from the CVE db, by checking which CVEs are relevant. See CVE db query: sqlite> select * from products where product like '%ecdsa%'; CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|< CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=|| CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=|| CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=|| CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=|| CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|< CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|< CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|< CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-gevent: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | Relevant CVEs are tracked with gevent:gevent CPE, and the default python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%gevent%'; CVE-2023-41419|gevent|gevent|||23.9.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-dnspython: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | The related CVEs are tracked using dnspython:dnspython CPE, and the default python:dnspython CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%dnspython%'; CVE-2023-29483|dnspython|dnspython|||2.6.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-starlette: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The relevant CVE entries are tracked with encode:starlette CPE, and the default python:starlette CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%starlette%'; CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|< CVE-2023-30798|encode|starlette|||0.25.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-markdown-it-py: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The related CVE entries are tracked with executablebooks:markdown-it-py CPE value, and the default python:markdown-it-py CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%markdown-it-py%'; CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|< CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with configobj_peroject:configobj CPE in the database, and the default python:configobj CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%configobj%'; CVE-2023-26112|configobj_project|configobj|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with py7zr_project:py7zr CPE in the database, and the default python:py7zr CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%py7zr%'; CVE-2022-44900|py7zr_project|py7zr|||0.20.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-oauthlib: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using oathlib_project:oathlib CPE, and the default python:oauthlib CPE doesn't match relevant entries. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'oauthlib'; CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-joblib: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-eth-account: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The relevant CVEs are tracked with ethereum:eth-account CPE, and the default python:eth-account one doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%eth-account%'; CVE-2022-1930|ethereum|eth-account|||0.5.9|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-binwalk: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like '%binwalk%'; CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0 CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-17 18:06:13 +0000