diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..d19baf0 --- /dev/null +++ b/techstack.md @@ -0,0 +1,107 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [ahnsv/app-store-server-library-python](https://github.com/ahnsv/app-store-server-library-python)![](https://img.stackshare.io/public_badge.svg "public") +

+|11
Tools used|05/27/24
Report generated| +|------|------| +
+ +## Languages (1) + + + + +
+ Python +
+ Python +
+ +
+ +## DevOps (3) + + + + + + + + +
+ Git +
+ Git +
+ +		 + GitHub Actions +
+ GitHub Actions +
+ +		 + PyPI +
+ PyPI +
+ +
+ +## Other (1) + + + + +
+ Sphinx +
+ Sphinx +
+ +
+ + +## Open source packages (6) + +## PyPI (6) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[cryptography](https://pypi.org/project/cryptography)|v40.0.0|06/03/23|Alex Baker |BSD-3-Clause,Apache-2.0|[CVE-2024-26130](https://github.com/advisories/GHSA-6vqw-3v5j-54x4) (High)
[CVE-2023-38325](https://github.com/advisories/GHSA-cf7p-gm2m-833m) (High)
[CVE-2023-50782](https://github.com/advisories/GHSA-3ww4-gg4f-jr7f) (High)
[CVE-2023-49083](https://github.com/advisories/GHSA-jfhm-5ghh-2f97) (Moderate)
[CVE-2024-0727](https://github.com/advisories/GHSA-9v9h-cgj8-h64p) (Moderate)
[](https://github.com/advisories/GHSA-v8gr-m533-ghj9) (Low)
[](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) (Low)
[](https://github.com/advisories/GHSA-jm77-qphf-c4w8) (Low)| +|[requests](https://pypi.org/project/requests)|v2.28.0|06/03/23|Alex Baker |Apache-2.0|[CVE-2024-35195](https://github.com/advisories/GHSA-9wx4-h78v-vm56) (Moderate)
[CVE-2023-32681](https://github.com/advisories/GHSA-j8r2-6x86-q33q) (Moderate)| +|[PyJWT](https://pypi.org/project/PyJWT)|v2.6.0|06/03/23|Alex Baker |MIT|N/A| +|[attrs](https://pypi.org/project/attrs)|v21.3.0|06/23/23|Alex Baker |MIT|N/A| +|[cattrs](https://pypi.org/project/cattrs)|v23.1.2|06/23/23|Alex Baker |MIT|N/A| +|[pyOpenSSL](https://pypi.org/project/pyOpenSSL)|v23.1.1|06/03/23|Alex Baker |Apache-2.0|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..b491174 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,218 @@ +repo_name: ahnsv/app-store-server-library-python +report_id: bc8427d2cc3ce3ce5df384af2b8a6773 +version: 0.1 +repo_type: Public +timestamp: '2024-05-27T04:22:20+00:00' +requested_by: alexanderjordanbaker +provider: github +branch: main +detected_tools_count: 11 +tools: +- name: Python + description: A clear and powerful object-oriented programming language, comparable + to Perl, Ruby, Scheme, or Java. + website_url: https://www.python.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python + detection_source: Repo Metadata +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python + detection_source: Repo Metadata +- name: GitHub Actions + description: Automate your workflow from idea to production + website_url: https://github.com/features/actions + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/11563/actions.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/.github/workflows/ci-prb.yml + detection_source: ".github/workflows/ci-prb.yml" + last_updated_by: Alex Baker + last_updated_on: 2023-06-03 04:20:57.000000000 Z +- name: PyPI + description: A repository of software for the Python programming language + website_url: https://pypi.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Hosted Package Repository + image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-03 04:20:57.000000000 Z +- name: Sphinx + description: Open source full text search server, designed from the ground up with + performance, relevance (aka search quality), and integration simplicity in mind + website_url: http://sphinxsearch.com/ + open_source: false + hosted_saas: false + category: Application Utilities + sub_category: Search Engines + image_url: https://img.stackshare.io/service/1598/TtqoAo1V.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/docs/requirements.txt + detection_source: docs/requirements.txt + last_updated_by: dependabot[bot] + last_updated_on: 2023-08-18 02:44:04.000000000 Z +- name: cryptography + description: Cryptography is a package which provides cryptographic recipes and + primitives to Python developers + package_url: https://pypi.org/project/cryptography + version: 40.0.0 + license: BSD-3-Clause,Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19850/default_db2ab2702f70e20c272f6ce65251108fb2b8f1ea.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-03 04:20:57.000000000 Z + vulnerabilities: + - name: cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates + when called with a non-matching certificate and private key and an hmac_hash + override + cve_id: CVE-2024-26130 + cve_url: https://github.com/advisories/GHSA-6vqw-3v5j-54x4 + detected_date: Feb 22 + severity: high + first_patched: 42.0.4 + - name: cryptography mishandles SSH certificates + cve_id: CVE-2023-38325 + cve_url: https://github.com/advisories/GHSA-cf7p-gm2m-833m + detected_date: Jul 15 + severity: high + first_patched: 41.0.2 + - name: Python Cryptography package vulnerable to Bleichenbacher timing oracle attack + cve_id: CVE-2023-50782 + cve_url: https://github.com/advisories/GHSA-3ww4-gg4f-jr7f + detected_date: Feb 6 + severity: high + first_patched: 42.0.0 + - name: cryptography vulnerable to NULL-dereference when loading PKCS7 certificates + cve_id: CVE-2023-49083 + cve_url: https://github.com/advisories/GHSA-jfhm-5ghh-2f97 + detected_date: Nov 29 + severity: moderate + first_patched: 41.0.6 + - name: Null pointer dereference in PKCS12 parsing + cve_id: CVE-2024-0727 + cve_url: https://github.com/advisories/GHSA-9v9h-cgj8-h64p + detected_date: Feb 17 + severity: moderate + first_patched: 42.0.2 + - name: Vulnerable OpenSSL included in cryptography wheels + cve_id: + cve_url: https://github.com/advisories/GHSA-v8gr-m533-ghj9 + detected_date: Sep 22 + severity: low + first_patched: 41.0.4 + - name: Vulnerable OpenSSL included in cryptography wheels + cve_id: + cve_url: https://github.com/advisories/GHSA-5cpq-8wj7-hf2v + detected_date: Jun 3 + severity: low + first_patched: 41.0.0 + - name: pyca/cryptography's wheels include vulnerable OpenSSL + cve_id: + cve_url: https://github.com/advisories/GHSA-jm77-qphf-c4w8 + detected_date: Aug 2 + severity: low + first_patched: 41.0.3 +- name: requests + description: Python HTTP for Humans + package_url: https://pypi.org/project/requests + version: 2.28.0 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19826/default_d7c684bf2673f008a9f02ac93901229297a22d7e.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-03 04:20:57.000000000 Z + vulnerabilities: + - name: Requests `Session` object does not verify requests after making first request + with verify=False + cve_id: CVE-2024-35195 + cve_url: https://github.com/advisories/GHSA-9wx4-h78v-vm56 + detected_date: May 21 + severity: moderate + first_patched: 2.32.0 + - name: Unintended leak of Proxy-Authorization header in requests + cve_id: CVE-2023-32681 + cve_url: https://github.com/advisories/GHSA-j8r2-6x86-q33q + detected_date: May 23 + severity: moderate + first_patched: 2.31.0 +- name: PyJWT + description: JSON Web Token implementation in Python + package_url: https://pypi.org/project/PyJWT + version: 2.6.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19883/default_3863c7bb51d307217c188e059f67ca417c51efe3.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-03 04:20:57.000000000 Z +- name: attrs + description: Classes Without Boilerplate + package_url: https://pypi.org/project/attrs + version: 21.3.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19857/default_4a8a8fdc10130068bf295812b98e9b72fb42fe70.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-23 21:10:00.000000000 Z +- name: cattrs + description: Composable complex class support for attrs + package_url: https://pypi.org/project/cattrs + version: 23.1.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20384/default_7b61839e75a7cebc498b55310254338ecd1b0b7c.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-23 21:10:00.000000000 Z +- name: pyOpenSSL + description: Python wrapper module around the OpenSSL library + package_url: https://pypi.org/project/pyOpenSSL + version: 23.1.1 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19873/default_7ed3c4ccf2a3218ae3655165b980bd4a90a445dc.png + detection_source_url: https://github.com/ahnsv/app-store-server-library-python/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Alex Baker + last_updated_on: 2023-06-03 04:20:57.000000000 Z