Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

False positive for numpy

See original GitHub issue

safety version: 1.10.3
Python version: 3.8.12
Operating System: Ubuntu 20.04.3 LTS

Description

Ran safety against the latest update and got a report of a failure on numpy, despite being on 1.22.1.

In the free safety DB, the values for numpy are expressed as:

"numpy": [
        "<1.13.2",
        "<1.16.3",
        "<1.21.0",
        "<1.22.0",
        "<1.8.1",
        ">0"
    ],

I’m not sure why >0 was added in the February release, but it seems to be causing this problem

What I Did

2022-02-01T15:10:46.7671452Z +==============================================================================+
2022-02-01T15:10:46.7677519Z |                                                                              |
2022-02-01T15:10:46.7726508Z |                               /$$$$$$            /$$                         |
2022-02-01T15:10:46.7726760Z |                              /$$__  $$          | $$                         |
2022-02-01T15:10:46.7727062Z |           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
2022-02-01T15:10:46.7727279Z |          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
2022-02-01T15:10:46.7727504Z |         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
2022-02-01T15:10:46.7727745Z |          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
2022-02-01T15:10:46.7727979Z |          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
2022-02-01T15:10:46.7728200Z |         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
2022-02-01T15:10:46.7728430Z |                                                          /$$  | $$           |
2022-02-01T15:10:46.7728651Z |                                                         |  $$$$$$/           |
2022-02-01T15:10:46.7728876Z |  by pyup.io                                              \______/            |
2022-02-01T15:10:46.7729111Z |                                                                              |
2022-02-01T15:10:46.7729338Z +==============================================================================+
2022-02-01T15:10:46.7729569Z | REPORT                                                                       |
2022-02-01T15:10:46.7729828Z | checked 147 packages, using free DB (updated once a month)                   |
2022-02-01T15:10:46.7730086Z +============================+===========+==========================+==========+
2022-02-01T15:10:46.7730332Z | package                    | installed | affected                 | ID       |
2022-02-01T15:10:46.7730578Z +============================+===========+==========================+==========+
2022-02-01T15:10:46.7730786Z | numpy                      | 1.22.1    | >0                       | 44715    |
2022-02-01T15:10:46.7731010Z +==============================================================================+

Issue Analytics

State:
Created 2 years ago
Reactions:8
Comments:11 (1 by maintainers)

Top GitHub Comments

3reactions

SCH227commented, Feb 1, 2022

Good day! CVE-2021-41495 for NumPy hasn’t been fixed yet in any release. See here: https://github.com/numpy/numpy/issues/19038 Note that in the same thread, NumPy devs argue about the validity and correct severity of this issue. To be on the secure side, we chose to report this as a possible vulnerability so users of NumPy can make the best informed decision considering their use-cases.

2reactions

SCH227commented, Feb 5, 2022

@fredrikaverpil @vinayvaddiparthi our db has been already updated and now the specs for CVE-2021-41495 are <1.22.2. You will see this immediately in the safety db paid version, and in the next monthly update of the free db (in March).

Top Results From Across the Web

Using numpy to test for false positives and false negatives

I am trying to figure out how to calculate false positives and false negatives using numpy. I am able to ...

how to compute true/false positives and true/false negatives in ...

Here's how to compute true positives, false positives, true negatives, and false negatives in Python using the Numpy library.

A Python method for calculating accuracy, true positives ...

"""A method to calculate the number of True/False Positive/Negative guesses.""" Return a dictionary of accuracy and true/false negative/positive guesses.

Numpy: false positive for '@' operator : PY-17373 - JetBrains YouTrack

Numpy : false positive for '@' operator. I'm using numpy1.10.1. This is an example from python.org. import numpy x = numpy.ones(3) m =...

numpy.all — NumPy v1.24 Manual

Test whether all array elements along a given axis evaluate to True. Parameters: aarray_like. Input array or object that can be converted to...