summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python
Commit message (Collapse)AuthorAgeFilesLines
* python3-waitress: add ptest supportGyorgy Sarvari5 days2-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It takes <10s to execute. Some (54) tests are not compatible with musl[1] - due to this the tests are on the problem-list. Sample output snippet: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-07T09:57 BEGIN: /usr/lib/python3-waitress/ptest PASS: tests.test_adjustments.TestAdjustments.test_bad_port PASS: tests.test_adjustments.TestAdjustments.test_badvar PASS: tests.test_adjustments.TestAdjustments.test_default_listen [...many lines...] PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_in_disconnected PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_not_in_disconnected PASS: tests.test_wasyncore.Test_write.test_gardenpath PASS: tests.test_wasyncore.Test_write.test_non_reraised PASS: tests.test_wasyncore.Test_write.test_reraised ============================================================================ Testsuite summary \# TOTAL: 783 \# PASS: 775 \# SKIP: 8 \# XFAIL: 0 \# FAIL: 0 \# XPASS: 0 \# ERROR: 0 DURATION: 7 END: /usr/lib/python3-waitress/ptest 2026-01-07T09:57 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-termcolor: Upgrade 3.2.0 -> 3.3.0Leon Anavi10 days1-1/+1
| | | | | | | | | | Upgrade to release 3.3.0: - Add support for italic - can_colorize: Expect fileno() to raise OSError, as documented Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-behave: Upgrade 1.3.2 -> 1.3.3Leon Anavi10 days1-2/+2
| | | | | | | | | Upgrade to release 1.3.3: - FIXED: Broke Python 2.7 support Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-astroid: Upgrade 4.0.2 -> 4.0.3Leon Anavi10 days1-1/+1
| | | | | | | | | | | | Upgrade to release 4.0.3: - Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing results in the face of inference ambiguity. - Fix base class inference for dataclasses using the PEP 695 typing syntax. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-anyio: Upgrade 4.12.0 -> 4.12.1Leon Anavi10 days1-1/+1
| | | | | | | | | | | | Upgrade to release 4.12.1: - Changed all functions currently raising the private NoCurrentAsyncBackend exception (since v4.12.0) to instead raise the public NoEventLoopError exception - Fixed anyio.functools.lru_cache not working with instance methods Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Upgrade 0.0.220.bb -> 0.0.221Leon Anavi10 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 0.0.221: - Cancel l2cap connection result future on abort - Implement extended advertising emulation - Rust: Fix cargo-all-features to 1.11.0 - L2CAP Enhanced Retransmission mode - Add some docs about Android and Hardware - bump pdl dependencies versions - android-netsim transport enhancements - Upgrade GitHub Actions for Node 24 compatibility - Upgrade GitHub Actions to latest versions - GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC - Remove unused imports - Fix missing type hints on Device.notify_subscribers() - L2CAP: Enhanced Credit-based Flow Control Mode - use ruff for linting and import sorting - hot fix: remove unused import - Ruff: Add and fix UP rules - add support for multiple concurrent broadcasts - Add EATT Support - Fix some typos and annotations Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi: Upgrade 0.124.4 -> 0.128.0Leon Anavi11 days1-1/+1
| | | | | | | | | | Upgrade to release 0.128.0: - Drop support for pydantic.v1 - Run performance tests only on Pydantic v2 Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-networkx: Upgrade 3.6 -> 3.6.1Leon Anavi11 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 3.6.1: API Changes - Add spectral bipartition community finding and greedy bipartition using node swaps Enhancements - Nodelists for from_biadjacency_matrix - Add spectral bipartition community finding and greedy bipartition using node swaps - Fix draw_networkx_nodes with list node_shape and add regression test Bug Fixes - Fix: allow graph subclasses to have additional arguments Documentation - DOC: Improve benchmarking readme - DOC: More details re: RC releases in the release process devdocs - DOC: clarify difference between G.nodes/G.nodes() and G.edges/G.edges() in tutorial - DOC: Add blurb to contributor guide about drawing tests - DOC: Fix underline lens in docstrings - Rolling back shortest paths links Maintenance - MAINT: Replace string literal with comment - Bump actions/checkout from 5 to 6 in the actions group - pin python 3.14 to be version 3.14.0 until dataclasses are fixed - Blocklist Python 3.14.1 Other - TST: add tests for unsupported graph types in MST algorithms - TST: clean up isomorphism tests Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-brotli: Upgrade 1.1.0 -> 1.2.0Leon Anavi11 days1-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 1.2.0: SECURITY - python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan) Added - decoder/encoder: added static initialization to reduce binary size - python: allow limiting decoder output (see SECURITY section) - CLI: brcat alias; allow decoding concatenated brotli streams - kt: pure Kotlin decoder - cgo: support "raw" dictionaries - build: Bazel modules Removed - java: dropped finalize() for native entities Fixed - java: in compress pass correct length to native encoder Improved - build: install man pages - build: updated / fixed / refined Bazel buildfiles - encoder: faster encoding - cgo: link via pkg-config - python: modernize extension / allow multi-phase module initialization Changed - decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-parse-type: Upgrade 0.6.3 -> 0.6.6Leon Anavi11 days1-1/+3
| | | | | | | | | Upgrade to release 0.6.6: - Disable setuptools-scm: Too many side-effects Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-cors: upgrade 4.0.0 -> 5.0.0Gyorgy Sarvari12 days2-117/+2
| | | | | | | Contains fix for CVE-2024-6221 and CVE-2024-1681 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: ignore CVE-2023-26112Gyorgy Sarvari12 days1-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 The fix[1] is already included in the recipe version (5.0.9), the CVE can be marked as patched. [1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cbor2: upgrade 5.7.1 -> 5.8.0Gyorgy Sarvari12 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fix for CVE-2025-68131 Changelog: - Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. - Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects - Reset shared reference state at the start of each top-level encode/decode operation Ptests passed: ... PASS: tests/test_tool.py:test_dtypes_from_file PASS: tests/test_tool.py:test_ignore_tag PASS: tests/test_types.py:test_frozendict ============================================================================ Testsuite summary DURATION: 4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-autobahn: Upgrade 25.11.1 -> 25.12.2Leon Anavi12 days1-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 25.12.2: Build & CI/CD: - Synchronize CI/CD, FlatBuffers vendoring, and wamp-ai/wamp-cicd submodules between autobahn-python and zlmdb - Switch manylinux container from 2_34 to 2_28 for x86_64 ISA compatibility (fixes auditwheel flatc bundling) - Increase ARM64 build timeout to 60 minutes for QEMU emulation - Add .github/workflows/README.md documenting CI/CD architecture - Consolidate download-github-release and download-release-artifacts recipes - Add checksum verification to artifact download workflow FlatBufers: - Simplify vendored FlatBuffers - use upstream as-is - Track vendored FlatBuffers in git (like zlmdb approach) - Add version() function to vendored FlatBuffers runtime - Add check_zlmdb_flatbuffers_version_in_sync() for cross-project compatibility - Generate .bfbs files for WAMP schemas during wheel build Other: - Rename install-flatc to install-flatc-system with prominent warning - Remove legacy readthedocs.yml to activate .readthedocs.yaml - Remove dev-latest optional dependency (PyPI rejects direct URLs) License-Update: Standardize LICENSE with SPDX header Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-filelock: Upgrade 3.20.1 -> 3.20.2Leon Anavi12 days1-1/+1
| | | | | | | | | | Upgrade to release 3.20.2: - Support Unix systems without O_NOFOLLOW - [pre-commit.ci] pre-commit autoupdate Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-wrapt: Upgrade to 2.0.1Khem Raj12 days1-7/+3
| | | | | | | | | | Switch to Pypi fetcher Switch to PEP-517 build backend Fixes WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cmd2: upgrade 3.0.0 -> 3.1.0Liu Yiding14 days1-1/+1
| | | | | | | | Changelog: https://github.com/python-cmd2/cmd2/releases/tag/3.1.0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: upgrade 1.0.0 -> 1.1.0Liu Yiding14 days1-1/+2
| | | | | | | | Changelog: https://py7zr.readthedocs.io/en/latest/Changelog.html Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pytest-aiohttp: add missing DEPENDSTom Geelen2026-01-021-3/+6
| | | | | Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-propcache: Update Cython to version 3.2.3Khem Raj2026-01-022-0/+34
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Add recipeKhem Raj2025-12-311-0/+38
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyee: Add recipeKhem Raj2025-12-311-0/+12
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pymongo: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The default python:pymongo CPE fails to match related CVE entries, because they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%pymongo%'; CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-orjson: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454|ijl|orjson|||3.9.15|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-python-multipart: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | | | The default python:python_multipart CPE doesn't match relevant CVE entries, because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE, and Mitre uses kludex:python-multipart for others. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%python%multipart%'; CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ecdsa: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't match relevant entries. The correct values were taken from the CVE db, by checking which CVEs are relevant. See CVE db query: sqlite> select * from products where product like '%ecdsa%'; CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|< CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=|| CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=|| CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=|| CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=|| CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|< CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|< CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|< CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-gevent: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | Relevant CVEs are tracked with gevent:gevent CPE, and the default python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%gevent%'; CVE-2023-41419|gevent|gevent|||23.9.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-dnspython: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | The related CVEs are tracked using dnspython:dnspython CPE, and the default python:dnspython CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%dnspython%'; CVE-2023-29483|dnspython|dnspython|||2.6.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-starlette: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The relevant CVE entries are tracked with encode:starlette CPE, and the default python:starlette CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%starlette%'; CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|< CVE-2023-30798|encode|starlette|||0.25.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-markdown-it-py: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The related CVE entries are tracked with executablebooks:markdown-it-py CPE value, and the default python:markdown-it-py CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%markdown-it-py%'; CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|< CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with configobj_peroject:configobj CPE in the database, and the default python:configobj CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%configobj%'; CVE-2023-26112|configobj_project|configobj|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with py7zr_project:py7zr CPE in the database, and the default python:py7zr CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%py7zr%'; CVE-2022-44900|py7zr_project|py7zr|||0.20.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-oauthlib: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using oathlib_project:oathlib CPE, and the default python:oauthlib CPE doesn't match relevant entries. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'oauthlib'; CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-joblib: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-eth-account: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The relevant CVEs are tracked with ethereum:eth-account CPE, and the default python:eth-account one doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%eth-account%'; CVE-2022-1930|ethereum|eth-account|||0.5.9|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-binwalk: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like '%binwalk%'; CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0 CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-httpx: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The relevant CVEs are tracked in the CVE db with encode:httpx CPE instead of the default python:httpx. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%httpx%'; CVE-2021-41945|encode|httpx|||0.23.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cvxopt: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | Set correct CVE_PRODUCT to be used instead of ${PN}. See CVE db query: sqlite> select * from products where product like '%cvxopt%'; CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-sqlparse: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | The relevant CVEs are tracked with sqlparse_project:sqlparse CPE, and the default python:sqlparse CPE doesn't match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%sqlparse%'; CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|< CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-restx: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using flask-restx_project:flask-restx CPE, which makes the default python:flask-restx CPE to not match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%flask-restx%'; CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | Set correct CVE_PRODUCT - the default (python:fastapi) is not the one that is used to track CVEs. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'fastapi'; CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0 CVE-2025-55526|n8n|fastapi|0.115.14|=|||0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-lief: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | | | | | | The correct CVE_PRODUCT is "lief" for this recipe instead of the default ${PN}, that doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like 'lief'; CVE-2021-32297|lief-project|lief|||0.11.4|<= CVE-2022-38306|lief-project|lief|||0.12.1|< CVE-2022-38307|lief-project|lief|||0.12.1|< CVE-2022-38495|lief-project|lief|||0.12.1|<= CVE-2022-38496|lief-project|lief|||0.12.1|<= CVE-2022-38497|lief-project|lief|||0.12.1|<= CVE-2022-40922|lief-project|lief|0.12.1|=|| CVE-2022-40923|lief-project|lief|0.12.1|=|| CVE-2022-43171|lief-project|lief|0.12.1|=|| CVE-2024-31636|lief-project|lief|0.14.1|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pydantic: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | | Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant CVEs. See CVE query (n8n vendor is not relevant): sqlite> select * from products where product like '%pydantic%'; CVE-2021-29510|pydantic|pydantic|||1.6.2|< CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|< CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|< CVE-2024-3772|pydantic|pydantic|||1.10.13|< CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|< CVE-2025-55526|n8n|pydantic|2.11.7|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pikepdf: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | The relevant CVEs are tracked with pikepdf_project:pikepdf CPE, and the default python:pikepdf doesn't match CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'pikepdf'; CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-mpmath: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | The CVE database tracks relevant CVEs with mpmath:mpmath CPE. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'mpmath'; CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-user: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | The relevant CVE is tracked using flask-user_project:flask-user CPE, so the default python:flask-user value doesn't match it. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'flask-user'; CVE-2021-23401|flask-user_project|flask-user|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-eventlet: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | The relevant CVEs are tracked using eventlet:eventlet CPE, and the default python:eventlet CPE doesn't match relevant CVEs. Set the correct CVE_PRODUCT. See CVE db query: sqlite> select * from products where product like 'eventlet'; CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|< CVE-2023-29483|eventlet|eventlet|||0.35.2|< CVE-2025-58068|eventlet|eventlet|||0.40.3|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-aiohttp: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The related CVEs are tracked using aiohttp:aiohttp CPE, so the default python:aiohttp CPE doesn't match relevant CVEs. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'aiohttp'; CVE-2021-21330|aiohttp|aiohttp|||3.7.4|< CVE-2022-33124|aiohttp|aiohttp|3.8.1|=|| CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<= CVE-2023-47627|aiohttp|aiohttp|||3.8.6|< CVE-2023-47641|aiohttp|aiohttp|||3.8.0|< CVE-2023-49081|aiohttp|aiohttp|||3.9.0|< CVE-2023-49082|aiohttp|aiohttp|||3.9.0|< CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|< CVE-2024-23829|aiohttp|aiohttp|||3.9.2|< CVE-2024-27306|aiohttp|aiohttp|||3.9.4|< CVE-2024-30251|aiohttp|aiohttp|||3.9.4|< CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|< CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|< CVE-2024-52304|aiohttp|aiohttp|||3.10.11|< CVE-2025-53643|aiohttp|aiohttp|||3.12.14|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-brotli: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+2
| | | | | | | | | | | | | | | There is one brotli repository for all language bindings, and the same CPE is used for all: google:brotli (instead of the expected default of python:brotli, in case of the Python package). Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'brotli'; CVE-2020-8927|google|brotli|||1.0.8|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-uvicorn: set CVE_PRODUCTGyorgy Sarvari2025-12-311-0/+1
| | | | | | | | | | | | | | The default python:uvicorn CPE is not correct, the CVEs are tracked under encode:uvicorn. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'uvicorn'; CVE-2020-7694|encode|uvicorn|-||| CVE-2020-7695|encode|uvicorn|||0.11.7|< CVE-2025-55526|n8n|uvicorn|0.35.0|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-17 21:41:44 +0000