From 6883e959f307d17e8b8e85fd68bdbec3b908e020 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 23 Jan 2024 13:11:44 +0000 Subject: [PATCH 1/2] Create techstack.yml --- techstack.yml | 635 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 635 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 00000000..0f429dc4 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,635 @@ +repo_name: todaypp/python-engineio +report_id: e8c379810de1c56a3f2d5170e584ce35 +version: 0.1 +repo_type: Public +timestamp: '2024-01-23T13:11:41+00:00' +requested_by: miguelgrinberg +provider: github +branch: main +detected_tools_count: 38 +tools: +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/static/engine.io.js + detection_source: examples/server/aiohttp/static/engine.io.js + last_updated_by: Miguel Grinberg + last_updated_on: 2020-11-29 15:42:17.000000000 Z +- name: Jinja + description: Full featured template engine for Python + website_url: https://palletsprojects.com/p/jinja/ + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Templating Languages & Extensions + image_url: https://img.stackshare.io/service/2303/New_Project__20_.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2019-04-28 18:31:20.000000000 Z +- name: Python + description: A clear and powerful object-oriented programming language, comparable + to Perl, Ruby, Scheme, or Java. + website_url: https://www.python.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source_url: https://github.com/todaypp/python-engineio + detection_source: Repo Metadata +- name: ExpressJS + description: Sinatra inspired web development framework for node.js -- insanely + fast, flexible, and simple + website_url: http://expressjs.com/ + version: 4.17.1 + license: MIT + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Microframeworks (Backend) + image_url: https://img.stackshare.io/service/1163/hashtag.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/client/javascript/package-lock.json + detection_source: examples/client/javascript/package.json + last_updated_by: Miguel Grinberg + last_updated_on: 2020-11-29 11:29:01.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/todaypp/python-engineio + detection_source: Repo Metadata +- name: GitHub Actions + description: Automate your workflow from idea to production + website_url: https://github.com/features/actions + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/11563/actions.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/.github/workflows/tests.yml + detection_source: ".github/workflows/tests.yml" + last_updated_by: Miguel Grinberg + last_updated_on: 2020-11-18 19:54:24.000000000 Z +- name: PyPI + description: A repository of software for the Python programming language + website_url: https://pypi.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Hosted Package Repository + image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: Sanic + description: Python 3.5+ web server that's written to go fast + website_url: https://github.com/channelcat/sanic + version: 21.12.0 + license: MIT + open_source: true + hosted_saas: false + category: Application Hosting + sub_category: Web Servers + image_url: https://img.stackshare.io/no-img-open-source.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/sanic/requirements.txt + detection_source: examples/server/sanic/requirements.txt + last_updated_by: 13g10n + last_updated_on: 2022-01-03 21:27:08.000000000 Z +- name: npm + description: The package manager for JavaScript. + website_url: https://www.npmjs.com/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/client/javascript/package.json + detection_source: examples/client/javascript/package.json + last_updated_by: Miguel Grinberg + last_updated_on: 2020-11-29 11:29:01.000000000 Z +- name: Shell + description: A shell is a text-based terminal, used for manipulating programs and + files. Shell scripts typically manage program execution. + website_url: https://en.wikipedia.org/wiki/Shell_script + open_source: false + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png + detection_source_url: https://github.com/todaypp/python-engineio + detection_source: Repo Metadata +- name: Websockets + description: A technology that makes it possible to open a two-way interactive communication + website_url: https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API + version: '7.0' + open_source: false + hosted_saas: false + image_url: https://img.stackshare.io/service/4220/LNPwoiWi_400x400.jpg + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/asgi/requirements.txt + detection_source: examples/server/asgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2018-11-21 23:23:21.000000000 Z +- name: Flask + description: A simple framework for building complex web applications + package_url: https://pypi.org/project/Flask + version: 1.0.2 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19834/default_58dbe7b4d7ec447b62773209af0f9a31bbabf5bd.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2018-09-29 23:05:35.000000000 Z +- name: MarkupSafe + description: Safely add untrusted strings to HTML/XML markup + package_url: https://pypi.org/project/MarkupSafe + version: '0.23' + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19945/default_0b0a94e1bdf3e64deeccb23892ca2335bdc30e4f.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: Werkzeug + description: The comprehensive WSGI web application library + package_url: https://pypi.org/project/Werkzeug + version: 0.15.3 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19890/default_87fc2af3f2409064833512bb6fc5b04443a2e6aa.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: dependabot[bot] + last_updated_on: 2020-11-30 10:36:04.000000000 Z + vulnerabilities: + - name: High resource usage when parsing multipart form data with many fields + cve_id: CVE-2023-25577 + cve_url: https://github.com/advisories/GHSA-xg9f-g7g7-2323 + detected_date: Feb 16 + severity: high + first_patched: 2.2.3 + - name: Incorrect parsing of nameless cookies leads to __Host- cookies bypass + cve_id: CVE-2023-23934 + cve_url: https://github.com/advisories/GHSA-px8h-6qxv-m22q + detected_date: Feb 16 + severity: low + first_patched: 2.2.3 +- name: aiofiles + description: File support for asyncio + package_url: https://pypi.org/project/aiofiles + version: 0.8.0 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20183/default_3d320a0aa731f16ceb0e7b6999ca7f7cd784aee2.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/sanic/requirements.txt + detection_source: examples/server/sanic/requirements.txt + last_updated_by: 13g10n + last_updated_on: 2022-01-03 21:27:08.000000000 Z +- name: aiohttp + description: Async http client/server framework + package_url: https://pypi.org/project/aiohttp + version: 1.2.0 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19852/default_d748224707283d9d8a73c2323730c87bda6b313a.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z + vulnerabilities: + - name: aiohttp's ClientSession is vulnerable to CRLF injection via version + cve_id: CVE-2023-49081 + cve_url: https://github.com/advisories/GHSA-q3qx-c6g2-7pw2 + detected_date: Nov 28 + severity: high + first_patched: 3.9.0 + - name: aiohttp has vulnerable dependency that is vulnerable to request smuggling + cve_id: + cve_url: https://github.com/advisories/GHSA-pjjw-qhg8-p2p9 + detected_date: Nov 29 + severity: moderate + first_patched: 3.8.6 + - name: aiohttp's ClientSession is vulnerable to CRLF injection via method + cve_id: CVE-2023-49082 + cve_url: https://github.com/advisories/GHSA-qvrw-v9rv-5rjx + detected_date: Nov 28 + severity: moderate + first_patched: 3.9.0 + - name: AIOHTTP has problems in HTTP parser (the python one, not llhttp) + cve_id: CVE-2023-47627 + cve_url: https://github.com/advisories/GHSA-gfw2-4jvh-wgfg + detected_date: Nov 15 + severity: moderate + first_patched: 3.8.6 + - name: aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp + HTTP request parser + cve_id: CVE-2023-37276 + cve_url: https://github.com/advisories/GHSA-45c4-8wx5-qw6w + detected_date: Jul 21 + severity: moderate + first_patched: 3.8.5 + - name: 'Withdrawn: Denial of Service in aiohttp' + cve_id: CVE-2022-33124 + cve_url: https://github.com/advisories/GHSA-rwqr-c348-m5wr + detected_date: Jun 26 + severity: moderate + first_patched: + - name: "`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)" + cve_id: CVE-2021-21330 + cve_url: https://github.com/advisories/GHSA-v6wp-4m6f-gcjg + detected_date: Aug 22 + severity: low + first_patched: 3.7.4 + - name: Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` + differing in C and Python fallbacks + cve_id: CVE-2023-47641 + cve_url: https://github.com/advisories/GHSA-xx9p-xxvh-7g8j + detected_date: Nov 15 + severity: low + first_patched: 3.8.0 +- name: appdirs + description: A small Python module for determining appropriate platform-specific + dirs, e.g + package_url: https://pypi.org/project/appdirs + version: 1.4.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19878/default_2270bfab784e3d2c2d999d26b11ee478a9dad238.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-11 17:27:34.000000000 Z +- name: async-timeout + description: Timeout context manager for asyncio programs + package_url: https://pypi.org/project/async-timeout + version: 1.1.0 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20820/default_33e8d7fbba8bfff26ed0101b65f3a3af5fd63b4e.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: chardet + description: Universal encoding detector for Python 2 and 3 + package_url: https://pypi.org/project/chardet + version: 2.3.0 + license: LGPL-2.1 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19856/default_4a8a8fdc10130068bf295812b98e9b72fb42fe70.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: click + description: Composable command line interface toolkit + package_url: https://pypi.org/project/click + version: '6.7' + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19830/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: enum34 + description: Python 3.4 Enum backported to 3.3 + package_url: https://pypi.org/project/enum34 + version: 1.1.6 + license: DSDP + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20115/default_cbefd90407cd90c9578011e83017a6949de2ead3.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-11 17:27:34.000000000 Z +- name: eventlet + description: Highly concurrent networking library + package_url: https://pypi.org/project/eventlet + version: 0.20.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20017/default_70556f9333e0a39c148cac0c36ca24235943f270.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-11 17:27:34.000000000 Z + vulnerabilities: + - name: Improper Handling of Highly Compressed Data (Data Amplification) and Memory + Allocation with Excessive Size Value in eventlet + cve_id: CVE-2021-21419 + cve_url: https://github.com/advisories/GHSA-9p9m-jm8w-94p2 + detected_date: Aug 22 + severity: moderate + first_patched: 0.31.0 +- name: greenlet + description: Lightweight in-process concurrent programming + package_url: https://pypi.org/project/greenlet + version: 0.4.12 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20137/default_e3ea003987b13e5c9b8c9000c748b25a9c0d9ecd.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-11 17:27:34.000000000 Z +- name: h11 + description: A pure-Python + package_url: https://pypi.org/project/h11 + version: 0.8.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/pypi/image.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/asgi/requirements.txt + detection_source: examples/server/asgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2018-11-21 23:23:21.000000000 Z +- name: httptools + description: A collection of framework independent HTTP protocol utils + package_url: https://pypi.org/project/httptools + version: 0.0.13 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/pypi/image.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/asgi/requirements.txt + detection_source: examples/server/asgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2019-04-28 18:34:22.000000000 Z +- name: itsdangerous + description: Various helpers to pass data to untrusted environments and back + package_url: https://pypi.org/project/itsdangerous + version: '0.24' + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19989/default_b1f1fc9c4c59a78443018e01395203ba8c61dcde.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: multidict + description: Multidict implementation + package_url: https://pypi.org/project/multidict + version: 2.1.4 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20160/default_8822b1755ae0c97a622ebcb1aa9cafa328004f81.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: packaging + description: Core utilities for Python packages + package_url: https://pypi.org/project/packaging + version: '16.8' + license: BSD-3-Clause,Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19894/default_f716e4bc541a9eb6e3f5b7a20d7c35355075b0b4.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-11 17:27:34.000000000 Z +- name: pyparsing + description: Python parsing module + package_url: https://pypi.org/project/pyparsing + version: 2.1.10 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19881/default_2270bfab784e3d2c2d999d26b11ee478a9dad238.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/wsgi/requirements.txt + detection_source: examples/server/wsgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-11 17:27:34.000000000 Z +- name: python-engineio + description: Engine.IO server + package_url: https://pypi.org/project/python-engineio + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/pypi/image.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: six + description: Python 2 and 3 compatibility utilities + package_url: https://pypi.org/project/six + version: 1.10.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19827/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: tornado + description: Tornado is a Python web framework and asynchronous networking library + package_url: https://pypi.org/project/tornado + version: 5.1.1 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19860/default_4a8a8fdc10130068bf295812b98e9b72fb42fe70.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/tornado/requirements.txt + detection_source: examples/server/tornado/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2018-11-24 11:59:09.000000000 Z + vulnerabilities: + - name: Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` + fields and chunk lengths + cve_id: + cve_url: https://github.com/advisories/GHSA-qppv-j76h-2rpx + detected_date: Aug 15 + severity: moderate + first_patched: 6.3.3 + - name: Open redirect in Tornado + cve_id: CVE-2023-28370 + cve_url: https://github.com/advisories/GHSA-hj3f-6gcp-jg8j + detected_date: May 26 + severity: moderate + first_patched: 6.3.2 +- name: ujson + description: Ultra fast JSON encoder and decoder for Python + package_url: https://pypi.org/project/ujson + version: 5.2.0 + license: DSDP + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20357/default_1e2908ef2614eb1bb39298a5fc937d8c068f3a2c.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/sanic/requirements.txt + detection_source: examples/server/sanic/requirements.txt + last_updated_by: dependabot[bot] + last_updated_on: 2022-05-29 14:22:27.000000000 Z + vulnerabilities: + - name: Incorrect handling of invalid surrogate pair characters + cve_id: CVE-2022-31116 + cve_url: https://github.com/advisories/GHSA-wpqr-jcpx-745r + detected_date: Jul 6 + severity: high + first_patched: 5.4.0 + - name: Potential double free of buffer during string decoding + cve_id: CVE-2022-31117 + cve_url: https://github.com/advisories/GHSA-fm67-cv37-96ff + detected_date: Jul 6 + severity: moderate + first_patched: 5.4.0 +- name: uvicorn + description: The lightning-fast ASGI server + package_url: https://pypi.org/project/uvicorn + version: 0.11.7 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20431/default_f824837db22536768ec317b67275fa384fad7d47.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/asgi/requirements.txt + detection_source: examples/server/asgi/requirements.txt + last_updated_by: dependabot[bot] + last_updated_on: 2020-11-30 10:35:33.000000000 Z +- name: uvloop + description: Fast implementation of asyncio event loop on top of libuv + package_url: https://pypi.org/project/uvloop + version: 0.12.2 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20187/default_c5c395350b07388a35a5e9efffb0ea706d6e196d.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/asgi/requirements.txt + detection_source: examples/server/asgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2019-04-28 18:34:22.000000000 Z +- name: websockets + description: An implementation of the WebSocket Protocol + package_url: https://pypi.org/project/websockets + version: '7.0' + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19951/default_fbe690a687f1af7dc36ac3d526708be3294c4cc9.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/asgi/requirements.txt + detection_source: examples/server/asgi/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2018-11-21 23:23:21.000000000 Z + vulnerabilities: + - name: Observable Timing Discrepancy in aaugustin websockets library + cve_id: CVE-2021-33880 + cve_url: https://github.com/advisories/GHSA-8ch4-58qp-g3mp + detected_date: Aug 22 + severity: moderate + first_patched: '9.1' +- name: yarl + description: Yet another URL library + package_url: https://pypi.org/project/yarl + version: 0.8.1 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20083/default_d8789f2f1b5b4e9994bef68371453a20460b4d6e.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/server/aiohttp/requirements.txt + detection_source: examples/server/aiohttp/requirements.txt + last_updated_by: Miguel Grinberg + last_updated_on: 2017-02-06 03:14:52.000000000 Z +- name: express + description: Fast, unopinionated, minimalist web framework + package_url: https://www.npmjs.com/express + version: 4.17.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15818/default_db4a7791d2f1174547374b9b587bc10fec088a5a.png + detection_source_url: https://github.com/todaypp/python-engineio/blob/main/examples/client/javascript/package-lock.json + detection_source: examples/client/javascript/package.json + last_updated_by: Miguel Grinberg + last_updated_on: 2020-11-29 11:29:01.000000000 Z + vulnerabilities: + - name: qs vulnerable to Prototype Pollution + cve_id: CVE-2022-24999 + cve_url: https://github.com/advisories/GHSA-hrpp-h998-j3pp + detected_date: Dec 7 + severity: high + first_patched: 4.17.3 From bf6b6f11278e268638a520372aa5b75ad51135b6 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 23 Jan 2024 13:11:45 +0000 Subject: [PATCH 2/2] Create techstack.md --- techstack.md | 195 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 00000000..d0336e0e --- /dev/null +++ b/techstack.md @@ -0,0 +1,195 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [todaypp/python-engineio](https://github.com/todaypp/python-engineio)![](https://img.stackshare.io/public_badge.svg "public") +

+|38
Tools used|01/23/24
Report generated| +|------|------| +
+ +## Languages (3) + + + + + + + + +
+ JavaScript +
+ JavaScript +
+ +		 + Jinja +
+ Jinja +
+ +		 + Python +
+ Python +
+ +
+ +## Frameworks (1) + + + + +
+ ExpressJS +
+ ExpressJS +
+ v4.17.1 +
+ +## DevOps (5) + + + + + + + + + + + + +
+ Git +
+ Git +
+ +		 + GitHub Actions +
+ GitHub Actions +
+ +		 + PyPI +
+ PyPI +
+ +		 + Sanic +
+ Sanic +
+ v21.12.0 +		 + npm +
+ npm +
+ +
+ +## Other (2) + + + + + + +
+ Shell +
+ Shell +
+ +		 + Websockets +
+ Websockets +
+ v7.0 +
+ + +## Open source packages (27) + +## PyPI (26) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[Flask](https://pypi.org/project/Flask)|v1.0.2|09/29/18|Miguel Grinberg |BSD-3-Clause|N/A| +|[MarkupSafe](https://pypi.org/project/MarkupSafe)|v0.23|02/06/17|Miguel Grinberg |BSD-3-Clause|N/A| +|[Werkzeug](https://pypi.org/project/Werkzeug)|v0.15.3|11/30/20|dependabot[bot] |BSD-3-Clause|[CVE-2023-25577](https://github.com/advisories/GHSA-xg9f-g7g7-2323) (High)
[CVE-2023-23934](https://github.com/advisories/GHSA-px8h-6qxv-m22q) (Low)| +|[aiofiles](https://pypi.org/project/aiofiles)|v0.8.0|01/03/22|13g10n |Apache-2.0|N/A| +|[aiohttp](https://pypi.org/project/aiohttp)|v1.2.0|02/06/17|Miguel Grinberg |Apache-2.0|[CVE-2023-49081](https://github.com/advisories/GHSA-q3qx-c6g2-7pw2) (High)
[](https://github.com/advisories/GHSA-pjjw-qhg8-p2p9) (Moderate)
[CVE-2023-49082](https://github.com/advisories/GHSA-qvrw-v9rv-5rjx) (Moderate)
[CVE-2023-47627](https://github.com/advisories/GHSA-gfw2-4jvh-wgfg) (Moderate)
[CVE-2023-37276](https://github.com/advisories/GHSA-45c4-8wx5-qw6w) (Moderate)
[CVE-2022-33124](https://github.com/advisories/GHSA-rwqr-c348-m5wr) (Moderate)
[CVE-2021-21330](https://github.com/advisories/GHSA-v6wp-4m6f-gcjg) (Low)
[CVE-2023-47641](https://github.com/advisories/GHSA-xx9p-xxvh-7g8j) (Low)| +|[appdirs](https://pypi.org/project/appdirs)|v1.4.0|02/11/17|Miguel Grinberg |MIT|N/A| +|[async-timeout](https://pypi.org/project/async-timeout)|v1.1.0|02/06/17|Miguel Grinberg |Apache-2.0|N/A| +|[chardet](https://pypi.org/project/chardet)|v2.3.0|02/06/17|Miguel Grinberg |LGPL-2.1|N/A| +|[click](https://pypi.org/project/click)|v6.7|02/06/17|Miguel Grinberg |BSD-3-Clause|N/A| +|[enum34](https://pypi.org/project/enum34)|v1.1.6|02/11/17|Miguel Grinberg |DSDP|N/A| +|[eventlet](https://pypi.org/project/eventlet)|v0.20.1|02/11/17|Miguel Grinberg |MIT|[CVE-2021-21419](https://github.com/advisories/GHSA-9p9m-jm8w-94p2) (Moderate)| +|[greenlet](https://pypi.org/project/greenlet)|v0.4.12|02/11/17|Miguel Grinberg |MIT|N/A| +|[h11](https://pypi.org/project/h11)|v0.8.1|11/21/18|Miguel Grinberg |MIT|N/A| +|[httptools](https://pypi.org/project/httptools)|v0.0.13|04/28/19|Miguel Grinberg |MIT|N/A| +|[itsdangerous](https://pypi.org/project/itsdangerous)|v0.24|02/06/17|Miguel Grinberg |BSD-3-Clause|N/A| +|[multidict](https://pypi.org/project/multidict)|v2.1.4|02/06/17|Miguel Grinberg |Apache-2.0|N/A| +|[packaging](https://pypi.org/project/packaging)|v16.8|02/11/17|Miguel Grinberg |BSD-3-Clause,Apache-2.0|N/A| +|[pyparsing](https://pypi.org/project/pyparsing)|v2.1.10|02/11/17|Miguel Grinberg |MIT|N/A| +|[python-engineio](https://pypi.org/project/python-engineio)|N/A|02/06/17|Miguel Grinberg |MIT|N/A| +|[six](https://pypi.org/project/six)|v1.10.0|02/06/17|Miguel Grinberg |MIT|N/A| +|[tornado](https://pypi.org/project/tornado)|v5.1.1|11/24/18|Miguel Grinberg |Apache-2.0|[](https://github.com/advisories/GHSA-qppv-j76h-2rpx) (Moderate)
[CVE-2023-28370](https://github.com/advisories/GHSA-hj3f-6gcp-jg8j) (Moderate)| +|[ujson](https://pypi.org/project/ujson)|v5.2.0|05/29/22|dependabot[bot] |DSDP|[CVE-2022-31116](https://github.com/advisories/GHSA-wpqr-jcpx-745r) (High)
[CVE-2022-31117](https://github.com/advisories/GHSA-fm67-cv37-96ff) (Moderate)| +|[uvicorn](https://pypi.org/project/uvicorn)|v0.11.7|11/30/20|dependabot[bot] |BSD-3-Clause|N/A| +|[uvloop](https://pypi.org/project/uvloop)|v0.12.2|04/28/19|Miguel Grinberg |Apache-2.0|N/A| +|[websockets](https://pypi.org/project/websockets)|v7.0|11/21/18|Miguel Grinberg |BSD-3-Clause|[CVE-2021-33880](https://github.com/advisories/GHSA-8ch4-58qp-g3mp) (Moderate)| +|[yarl](https://pypi.org/project/yarl)|v0.8.1|02/06/17|Miguel Grinberg |Apache-2.0|N/A| + + +## npm (1) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[express](https://www.npmjs.com/express)|v4.17.1|11/29/20|Miguel Grinberg |MIT|[CVE-2022-24999](https://github.com/advisories/GHSA-hrpp-h998-j3pp) (High)| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file)