Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CycloneDX output does not carry the same vulnerability info #151

Closed
TomMD opened this issue Dec 1, 2021 · 2 comments · Fixed by #216
Closed

CycloneDX output does not carry the same vulnerability info #151

TomMD opened this issue Dec 1, 2021 · 2 comments · Fixed by #216
Labels
bug Something isn't working upstream Items that require upstream work or coordination

Comments

@TomMD
Copy link

TomMD commented Dec 1, 2021

Bug description

Running pip-audit with -f cylconedx-json gives fewer vulnerability warnings than using the default output or JSON output.

Reproduction steps

pip3 install pip-audit
git clone https://github.com/deepmind/tree
pip-audit --desc on
... see a scikit-learn and urllib3 issue ...
pip-audit -f json | jq
... same
pip-audit -f cyclonedx-json | jq
... nothing!

Expected behavior

We should have a cpe and/or swid JSON field (https://cyclonedx.org/use-cases/#known-vulnerabilities) telling us about the two issues discovered.

Screenshots and logs

Similarly, if applicable and possible, re-run the command with PIP_AUDIT_LOGLEVEL=debug exported,
and paste the logs in the code block below:

DEBUG:pip_audit._cli:parsed arguments: Namespace(cache_dir=None, desc=<VulnerabilityDescriptionChoice.Auto: 'auto'>, dry_run=False, format=<OutputFormatChoice.CycloneDxJson: 'cyclonedx-json'>, local=False, progress_spinner=<ProgressSpinnerChoice.On: 'on'>, requirements=None, strict=False, timeout=15, vulnerability_service=<VulnerabilityServiceChoice.Pypi: 'pypi'>)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/aniso8601/3.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/attrs/21.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/backcall/0.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/bandit/1.7.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/bashlex/0.16/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/bc-python-hcl2/0.3.24/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/beautifulsoup4/4.10.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/boto3/1.17.112/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/botocore/1.20.112/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cachecontrol/0.12.10/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/CacheControl/0.12.10/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 202
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 202
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cached-property/1.5.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 202
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 202
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cachetools/4.2.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 202
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 202
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/certifi/2019.11.28/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 202
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 202
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/chardet/3.0.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/checkov/2.0.536/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/click/8.0.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/click-log/0.3.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/click-option-group/0.5.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cloudsplaining/0.4.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/colorama/0.4.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/compiledb/0.10.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/configargparse/1.5.3/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ConfigArgParse/1.5.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/contextlib2/21.6.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/cyclonedx-python-lib/0.11.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/dataclasses/0.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/dataclasses-json/0.5.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 200
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 200
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/dbus-python/1.2.16/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/decorator/5.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep-merge/0.0.4/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/deep_merge/0.0.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/detect-secrets/1.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/docker/5.0.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/dockerfile-parse/1.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/dpath/1.5.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/fb-sapp/0.5.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/flask/2.0.2/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Flask/2.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/flask-cors/3.0.10/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Flask-Cors/3.0.10/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/flask-graphql/2.0.1/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Flask-GraphQL/2.0.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/gitdb/4.0.9/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/gitpython/3.1.24/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/GitPython/3.1.24/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/graphene/2.1.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/graphene-sqlalchemy/2.3.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/graphql-core/2.3.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/graphql-relay/0.5.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/graphql-server-core/1.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/html5lib/1.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/idna/2.8/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/importlib-metadata/4.8.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ipython/7.29.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 199
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 199
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/itsdangerous/2.0.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/jedi/0.18.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/jinja2/3.0.2/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Jinja2/3.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/jmespath/0.10.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/joblib/1.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/jsonschema/3.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/junit-xml/1.9/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/lark-parser/0.10.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/libcst/0.3.21/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/lockfile/0.12.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/markdown/3.3.4/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Markdown/3.3.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/markupsafe/2.0.1/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/MarkupSafe/2.0.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/marshmallow/3.14.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/marshmallow-enum/1.5.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/matplotlib-inline/0.1.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/msgpack/1.0.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/munch/2.5.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/mypy-extensions/0.4.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/networkx/2.6.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/numpy/1.21.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/packageurl-python/0.9.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/packaging/21.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pandas/1.0.5/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/parso/0.8.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pbr/5.6.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pexpect/4.8.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pickle-mixin/1.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pickleshare/0.7.5/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 198
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 198
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pip/21.3.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pip-api/0.0.23/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pip-audit/1.0.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/policy-sentry/0.11.18/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/policyuniverse/1.4.0.20210819/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/progress/1.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/promise/2.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/prompt-toolkit/3.0.21/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/psutil/5.8.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ptyprocess/0.7.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pygments/2.10.0/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Pygments/2.10.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pygobject/3.36.0/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/PyGObject/3.36.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pyparsing/2.4.7/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pyre-check/0.0.59/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pyre-extensions/0.0.23/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pyrsistent/0.18.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/python-apt/2.0.0+ubuntu0.20.4.6/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/python-apt/2.0.0+ubuntu0.20.4.6/json/" in the cache
DEBUG:cachecontrol.controller:No cache entry available
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): pypi.org:443
DEBUG:urllib3.connectionpool:https://pypi.org:443 "GET /pypi/python-apt/2.0.0+ubuntu0.20.4.6/json/ HTTP/1.1" 404 2154
DEBUG:cachecontrol.controller:Status code 404 not in (200, 203, 300, 301, 308)
DEBUG:pip_audit._service.pypi:Dependency not found on PyPI and could not be audited: python-apt (2.0.0+ubuntu0.20.4.6)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/python-dateutil/2.8.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pytz/2021.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pywatchman/1.4.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pyyaml/6.0/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/PyYAML/6.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/requests/2.22.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/requests-unixsocket/0.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/requirements-parser/0.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/resolvelib/0.8.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ruamel-yaml/0.17.17/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ruamel.yaml/0.17.17/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ruamel-yaml-clib/0.2.6/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ruamel.yaml.clib/0.2.6/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/rx/1.6.1/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Rx/1.6.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/s3transfer/0.4.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/schema/0.7.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/scikit-learn/0.23.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/scipy/1.7.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/semantic-version/2.8.5/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 197
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 197
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/semgrep/0.51.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/setuptools/50.3.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/shutilwhich/1.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/singledispatch/3.7.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/six/1.14.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/smmap/5.0.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/soupsieve/2.2.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/sqlalchemy/1.3.24/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/SQLAlchemy/1.3.24/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/stevedore/3.5.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/tabulate/0.8.9/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/termcolor/1.1.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/threadpoolctl/3.0.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/toml/0.10.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/tqdm/4.62.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/traitlets/5.1.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/types-setuptools/57.4.4/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/types-toml/0.10.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/typing-extensions/3.10.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/typing-inspect/0.7.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 196
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 196
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/ujson/4.2.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/update-checker/0.18.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/urllib3/1.25.8/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/wcwidth/0.2.5/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/webencodings/0.5.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/websocket-client/1.2.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/werkzeug/2.0.2/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Werkzeug/2.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/wheel/0.34.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/xxhash/2.0.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/zipp/3.6.0/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 195
Found 3 known vulnerabilities in 2 packages

Platform information

  • OS name and version: Linux (Ubuntu 20.04 in docker)
  • pip-audit version (pip-audit -V): pip-audit 1.0.0
  • Python version (python -V or python3 -V): Python 3.8.10
  • pip version (pip -V or pip3 -V): pip 21.3.1
@TomMD TomMD added the bug-candidate Might be a bug. label Dec 1, 2021
@woodruffw
Copy link
Member

Yep, this is a known issue with CycloneDX's JSON format, unfortunately: CycloneDX/cyclonedx-python-lib#62

The TL;DR is that their JSON format, as specified, doesn't include support for extensions the way that their XML format does. They don't have plans to change that, but there is a bright side for vulnerability information specifically: it's becoming a full part of the standard (in v.1.4) rather than just an extension, so their JSON models will include it then.

STL;DR: v1.4 of CycloneDX will fix this. In the mean time, we should make it clear that this is a known problem by documenting it in the README 🙂

@TomMD TomMD closed this as completed Dec 1, 2021
@woodruffw woodruffw mentioned this issue Jan 13, 2022
Merged
@woodruffw
Copy link
Member

cc @TomMD Thanks again for reporting this! Now that our dependency supports it, we should have support in pip-audit once #216 lands.

@woodruffw woodruffw reopened this Jan 13, 2022
@woodruffw woodruffw added upstream Items that require upstream work or coordination bug Something isn't working and removed bug-candidate Might be a bug. labels Jan 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working upstream Items that require upstream work or coordination
Projects
None yet
Milestone
No milestone
2 participants
@TomMD @woodruffw