False positive for numpy
See original GitHub issue- safety version: 1.10.3
- Python version: 3.8.12
- Operating System: Ubuntu 20.04.3 LTS
Description
Ran safety
against the latest update and got a report of a failure on numpy, despite being on 1.22.1.
In the free safety DB, the values for numpy are expressed as:
"numpy": [
"<1.13.2",
"<1.16.3",
"<1.21.0",
"<1.22.0",
"<1.8.1",
">0"
],
I’m not sure why >0
was added in the February release, but it seems to be causing this problem
What I Did
2022-02-01T15:10:46.7671452Z +==============================================================================+
2022-02-01T15:10:46.7677519Z | |
2022-02-01T15:10:46.7726508Z | /$$$$$$ /$$ |
2022-02-01T15:10:46.7726760Z | /$$__ $$ | $$ |
2022-02-01T15:10:46.7727062Z | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ |
2022-02-01T15:10:46.7727279Z | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ |
2022-02-01T15:10:46.7727504Z | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ |
2022-02-01T15:10:46.7727745Z | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ |
2022-02-01T15:10:46.7727979Z | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |
2022-02-01T15:10:46.7728200Z | |_______/ \_______/|__/ \_______/ \___/ \____ $$ |
2022-02-01T15:10:46.7728430Z | /$$ | $$ |
2022-02-01T15:10:46.7728651Z | | $$$$$$/ |
2022-02-01T15:10:46.7728876Z | by pyup.io \______/ |
2022-02-01T15:10:46.7729111Z | |
2022-02-01T15:10:46.7729338Z +==============================================================================+
2022-02-01T15:10:46.7729569Z | REPORT |
2022-02-01T15:10:46.7729828Z | checked 147 packages, using free DB (updated once a month) |
2022-02-01T15:10:46.7730086Z +============================+===========+==========================+==========+
2022-02-01T15:10:46.7730332Z | package | installed | affected | ID |
2022-02-01T15:10:46.7730578Z +============================+===========+==========================+==========+
2022-02-01T15:10:46.7730786Z | numpy | 1.22.1 | >0 | 44715 |
2022-02-01T15:10:46.7731010Z +==============================================================================+
Issue Analytics
- State:
- Created 2 years ago
- Reactions:8
- Comments:11 (1 by maintainers)
Top Results From Across the Web
Using numpy to test for false positives and false negatives
I am trying to figure out how to calculate false positives and false negatives using numpy. I am able to ...
Read more >how to compute true/false positives and true/false negatives in ...
Here's how to compute true positives, false positives, true negatives, and false negatives in Python using the Numpy library.
Read more >A Python method for calculating accuracy, true positives ...
"""A method to calculate the number of True/False Positive/Negative guesses.""" Return a dictionary of accuracy and true/false negative/positive guesses.
Read more >Numpy: false positive for '@' operator : PY-17373 - JetBrains YouTrack
Numpy : false positive for '@' operator. I'm using numpy1.10.1. This is an example from python.org. import numpy x = numpy.ones(3) m =...
Read more >numpy.all — NumPy v1.24 Manual
Test whether all array elements along a given axis evaluate to True. Parameters: aarray_like. Input array or object that can be converted to...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Good day! CVE-2021-41495 for NumPy hasn’t been fixed yet in any release. See here: https://github.com/numpy/numpy/issues/19038 Note that in the same thread, NumPy devs argue about the validity and correct severity of this issue. To be on the secure side, we chose to report this as a possible vulnerability so users of NumPy can make the best informed decision considering their use-cases.
@fredrikaverpil @vinayvaddiparthi our db has been already updated and now the specs for CVE-2021-41495 are <1.22.2. You will see this immediately in the safety db paid version, and in the next monthly update of the free db (in March).