owasp-depscan 5.2.14__tar.gz → 5.3.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of owasp-depscan might be problematic. Click here for more details.

Files changed (87) hide show
  1. {owasp-depscan-5.2.14/owasp_depscan.egg-info → owasp-depscan-5.3.0}/PKG-INFO +2 -2
  2. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/analysis.py +1 -0
  3. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/pkg_query.py +5 -0
  4. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0/owasp_depscan.egg-info}/PKG-INFO +2 -2
  5. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/owasp_depscan.egg-info/requires.txt +1 -1
  6. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/pyproject.toml +2 -2
  7. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/LICENSE +0 -0
  8. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/MANIFEST.in +0 -0
  9. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/README.md +0 -0
  10. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/__init__.py +0 -0
  11. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/cli.py +0 -0
  12. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/__init__.py +0 -0
  13. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/audit.py +0 -0
  14. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/bom.py +0 -0
  15. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/config.py +0 -0
  16. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/csaf.py +0 -0
  17. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/explainer.py +0 -0
  18. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/github.py +0 -0
  19. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/license.py +0 -0
  20. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/logger.py +0 -0
  21. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/normalize.py +0 -0
  22. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/orasclient.py +0 -0
  23. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/utils.py +0 -0
  24. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/owasp_depscan.egg-info/SOURCES.txt +0 -0
  25. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/owasp_depscan.egg-info/dependency_links.txt +0 -0
  26. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/owasp_depscan.egg-info/entry_points.txt +0 -0
  27. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/owasp_depscan.egg-info/top_level.txt +0 -0
  28. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/setup.cfg +0 -0
  29. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_analysis.py +0 -0
  30. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_bom.py +0 -0
  31. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_csaf.py +0 -0
  32. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_explainer.py +0 -0
  33. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_github.py +0 -0
  34. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_license.py +0 -0
  35. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_norm.py +0 -0
  36. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_pkg_query.py +0 -0
  37. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/test/test_utils.py +0 -0
  38. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/__init__.py +0 -0
  39. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_data/fields.yml +0 -0
  40. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_data/meta.yml +0 -0
  41. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_data/rules.yml +0 -0
  42. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/0bsd.txt +0 -0
  43. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/afl-3.0.txt +0 -0
  44. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/agpl-3.0.txt +0 -0
  45. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/apache-2.0.txt +0 -0
  46. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/artistic-2.0.txt +0 -0
  47. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/bsd-2-clause.txt +0 -0
  48. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt +0 -0
  49. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/bsd-3-clause.txt +0 -0
  50. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/bsd-4-clause.txt +0 -0
  51. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/bsl-1.0.txt +0 -0
  52. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cc-by-4.0.txt +0 -0
  53. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cc-by-sa-4.0.txt +0 -0
  54. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cc0-1.0.txt +0 -0
  55. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cecill-2.1.txt +0 -0
  56. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cern-ohl-p-2.0.txt +0 -0
  57. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cern-ohl-s-2.0.txt +0 -0
  58. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/cern-ohl-w-2.0.txt +0 -0
  59. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/ecl-2.0.txt +0 -0
  60. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/epl-1.0.txt +0 -0
  61. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/epl-2.0.txt +0 -0
  62. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/eupl-1.1.txt +0 -0
  63. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/eupl-1.2.txt +0 -0
  64. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/gfdl-1.3.txt +0 -0
  65. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/gpl-2.0.txt +0 -0
  66. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/gpl-3.0.txt +0 -0
  67. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/isc.txt +0 -0
  68. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/lgpl-2.1.txt +0 -0
  69. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/lgpl-3.0.txt +0 -0
  70. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/lppl-1.3c.txt +0 -0
  71. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/mit-0.txt +0 -0
  72. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/mit.txt +0 -0
  73. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/mpl-2.0.txt +0 -0
  74. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/ms-pl.txt +0 -0
  75. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/ms-rl.txt +0 -0
  76. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt +0 -0
  77. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/ncsa.txt +0 -0
  78. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/odbl-1.0.txt +0 -0
  79. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/ofl-1.1.txt +0 -0
  80. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/osl-3.0.txt +0 -0
  81. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/postgresql.txt +0 -0
  82. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/unlicense.txt +0 -0
  83. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/upl-1.0.txt +0 -0
  84. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/vim.txt +0 -0
  85. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/wtfpl.txt +0 -0
  86. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/choosealicense.com/_licenses/zlib.txt +0 -0
  87. {owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/vendor/spdx/json/licenses.json +0 -0
{owasp-depscan-5.2.14/owasp_depscan.egg-info → owasp-depscan-5.3.0}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.2.14
3
+ Version: 5.3.0
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.6.4
23
+ Requires-Dist: appthreat-vulnerability-db==5.6.6
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras~=0.1.26
26
26
  Requires-Dist: PyYAML
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/analysis.py RENAMED
@@ -1224,6 +1224,7 @@ def analyse_pkg_risks(
1224
1224
  if risk_metrics.get("risk_score") and (
1225
1225
  risk_metrics.get("risk_score") > config.pkg_max_risk_score
1226
1226
  or risk_metrics.get("pkg_private_on_public_registry_risk")
1227
+ or risk_metrics.get("pkg_deprecated_risk")
1227
1228
  ):
1228
1229
  risk_score = f"""{round(risk_metrics.get("risk_score"), 2)}"""
1229
1230
  data = [
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/depscan/lib/pkg_query.py RENAMED
@@ -319,6 +319,11 @@ def pypi_pkg_risk(pkg_metadata, is_private_pkg, scope):
319
319
  versions_dict = pkg_metadata.get("releases", {})
320
320
  versions = [ver[0] for k, ver in versions_dict.items() if ver]
321
321
  is_deprecated = info.get("yanked") and info.get("yanked_reason")
322
+ # Some packages like pypi:azure only mention deprecated in the description
323
+ # without yanking the package
324
+ pkg_description = info.get("description", "").lower()
325
+ if not is_deprecated and ("is deprecated" in pkg_description or "no longer maintained" in pkg_description):
326
+ is_deprecated = True
322
327
  latest_deprecated = False
323
328
  first_version = None
324
329
  latest_version = None
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0/owasp_depscan.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.2.14
3
+ Version: 5.3.0
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.6.4
23
+ Requires-Dist: appthreat-vulnerability-db==5.6.6
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras~=0.1.26
26
26
  Requires-Dist: PyYAML
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/owasp_depscan.egg-info/requires.txt RENAMED
@@ -1,4 +1,4 @@
1
- appthreat-vulnerability-db==5.6.4
1
+ appthreat-vulnerability-db==5.6.6
2
2
  defusedxml
3
3
  oras~=0.1.26
4
4
  PyYAML
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/pyproject.toml RENAMED
@@ -1,12 +1,12 @@
1
1
  [project]
2
2
  name = "owasp-depscan"
3
- version = "5.2.14"
3
+ version = "5.3.0"
4
4
  description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
5
5
  authors = [
6
6
  {name = "Team AppThreat", email = "cloud@appthreat.com"},
7
7
  ]
8
8
  dependencies = [
9
- "appthreat-vulnerability-db==5.6.4",
9
+ "appthreat-vulnerability-db==5.6.6",
10
10
  "defusedxml",
11
11
  "oras~=0.1.26",
12
12
  "PyYAML",
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/LICENSE RENAMED
File without changes
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/README.md RENAMED
File without changes
{owasp-depscan-5.2.14 → owasp-depscan-5.3.0}/setup.cfg RENAMED
File without changes