False "affected" for Python package: httpx-gssapi
adriantorrie opened this issue · 1 comments
adriantorrie commented
- safety version: 1.10.3
- Python version: 3.9.6
- Operating System: Debian Buster
Description
Running safety checks in CI provides a false "affected" for http-gssapi
of <0.6
. There is no such release for that package. It looks they have changed their SEMVER convention January 2021, and restarted at 0.1
, which is lower than the "affected".
What I Did
+==============================================================================+
| |
| /$$$$$$ /$$ |
| /$$__ $$ | $$ |
| /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ |
| /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ |
| | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ |
| \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ |
| /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |
| |_______/ \_______/|__/ \_______/ \___/ \____ $$ |
| /$$ | $$ |
| | $$$$$$/ |
| by pyup.io \______/ |
| |
+==============================================================================+
| REPORT |
| checked 73 packages, using free DB (updated once a month) |
+============================+===========+==========================+==========+
| package | installed | affected | ID |
+============================+===========+==========================+==========+
| httpx-gssapi | 0.1.2.pos | <0.6 | 39509 |
+==============================================================================+
| Httpx-gssapi 0.6 includes a security patch for CVE-2014-8650. |
+==============================================================================+
Screenshot of httpx-gssapi
tags from here
yeisonvargasf commented
Hi @adriantorrie , thanks for reporting this, I confirm you this was solved.