Closed normoes closed 3 years ago
safety compares the pypi monero package with a different package, maybe with the monero project (https://github.com/monero-project/monero) itself?
safety
monero
The most recent release of the monero package installed: pip install monero==0.7.3 is in fact 0.7.3.
pip install monero==0.7.3
0.7.3
So, I assume, something might be wrong in the database.
I see the following:
+==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 68 packages, using local DB | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | monero | 0.7.3 | <0.10.0 | 37447 | +==============================================================================+ | Monero 0.10.0 includes a temporary patch (via a predefined user-agent) for | | the Cross-Site Request Forgery attack against monero-wallet-cli's RPC API. | +==============================================================================+ | monero | 0.7.3 | <0.12.0.0 | 37446 | +==============================================================================+ | Monero 0.12.0.0 includes tweaked PoW to block DoS attacks from ASICs, as | | well as a way to securely erase keys from memory, for most cases, when no | | longer in use. | +==============================================================================+ | monero | 0.7.3 | <0.9.1 | 37448 | +==============================================================================+ | Monero 0.9.1 includes a bug fix for the block 913193 attack, plus | | checkpoints. | +==============================================================================+
Using the provided safety database: git clone --single-branch --depth 1 https://github.com/pyupio/safety-db.git safety-db.git
git clone --single-branch --depth 1 https://github.com/pyupio/safety-db.git safety-db.git
Running safety like this: safety check --db=safety-db.git/data --full-report
safety check --db=safety-db.git/data --full-report
Closing this issue, because I created another one here: https://github.com/pyupio/safety-db/issues/2318
Description
safety
compares the pypimonero
package with a different package, maybe with themonero
project (https://github.com/monero-project/monero) itself?The most recent release of the
monero
package installed:pip install monero==0.7.3
is in fact0.7.3
.So, I assume, something might be wrong in the database.
I see the following:
What I Did
Using the provided
safety
database:git clone --single-branch --depth 1 https://github.com/pyupio/safety-db.git safety-db.git
Running
safety
like this:safety check --db=safety-db.git/data --full-report