🔀 Merge pull request #284 from EDM115/tech-stack-file

stack-file[bot] · stacksharebot · EDM115 · web-flow · commit 264992687ff8 · 2024-03-01T09:19:46.000+01:00
* Update techstack.yml

* Update techstack.md

---------

Co-authored-by: stacksharebot &lt;team@stackshare.io&gt;
Co-authored-by: EDM115 &lt;dev@edm115.eu.org&gt;
diff --git a/techstack.md b/techstack.md
@@ -3,9 +3,11 @@
 ## Tech Stack
 EDM115/unzip-bot is built on the following main stack:
 
-- [Heroku](https://www.heroku.com) – Platform as a Service
 - [Python](https://www.python.org) – Languages
 - [MongoDB](http://www.mongodb.com/) – Databases
+- [Docker](https://www.docker.com/) – Virtual Machine Platforms & Containers
+- [GitHub Actions](https://github.com/features/actions) – Continuous Integration
+- [Heroku](https://www.heroku.com) – Platform as a Service
 - [Pillow](https://python-pillow.github.io/) – Image Processing and Management
 - [Shell](https://en.wikipedia.org/wiki/Shell_script) – Shells
 - [GitHub Actions](https://github.com/features/actions) – Continuous Integration
@@ -19,9 +21,11 @@ Full tech stack [here](/techstack.md)
 ## Tech Stack
 EDM115/unzip-bot is built on the following main stack:
 
-- <img width='25' height='25' src='https://img.stackshare.io/service/133/3wgIDj3j.png' alt='Heroku'/> [Heroku](https://www.heroku.com) – Platform as a Service
 - <img width='25' height='25' src='https://img.stackshare.io/service/993/pUBY5pVj.png' alt='Python'/> [Python](https://www.python.org) – Languages
 - <img width='25' height='25' src='https://img.stackshare.io/service/1030/leaf-360x360.png' alt='MongoDB'/> [MongoDB](http://www.mongodb.com/) – Databases
+- <img width='25' height='25' src='https://img.stackshare.io/service/586/n4u37v9t_400x400.png' alt='Docker'/> [Docker](https://www.docker.com/) – Virtual Machine Platforms & Containers
+- <img width='25' height='25' src='https://img.stackshare.io/service/11563/actions.png' alt='GitHub Actions'/> [GitHub Actions](https://github.com/features/actions) – Continuous Integration
+- <img width='25' height='25' src='https://img.stackshare.io/service/133/3wgIDj3j.png' alt='Heroku'/> [Heroku](https://www.heroku.com) – Platform as a Service
 - <img width='25' height='25' src='https://img.stackshare.io/service/2375/default_1f67b0ca7416a9f52beb655f90b5602d5ef74b75.jpg' alt='Pillow'/> [Pillow](https://python-pillow.github.io/) – Image Processing and Management
 - <img width='25' height='25' src='https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png' alt='Shell'/> [Shell](https://en.wikipedia.org/wiki/Shell_script) – Shells
 - <img width='25' height='25' src='https://img.stackshare.io/service/11563/actions.png' alt='GitHub Actions'/> [GitHub Actions](https://github.com/features/actions) – Continuous Integration
@@ -36,7 +40,7 @@ Full tech stack [here](/techstack.md)
 # Tech Stack File
 ![](https://img.stackshare.io/repo.svg "repo") [EDM115/unzip-bot](https://github.com/EDM115/unzip-bot)![](https://img.stackshare.io/public_badge.svg "public")
 <br/><br/>
-|17<br/>Tools used|01/11/24 <br/>Report generated|
+|17<br/>Tools used|02/29/24 <br/>Report generated|
 |------|------|
 </div>
 
@@ -151,7 +155,7 @@ Full tech stack [here](/techstack.md)
 |:------|:------|:------|:------|:------|:------|
 |[GitPython](https://pypi.org/project/GitPython)|v3.1.41|01/10/24|renovate[bot] |BSD-3-Clause|N/A|
 |[aiofiles](https://pypi.org/project/aiofiles)|v23.2.1|08/29/23|EDM115 |Apache-2.0|N/A|
-|[aiohttp](https://pypi.org/project/aiohttp)|v3.9.1|11/26/23|renovate[bot] |Apache-2.0|N/A|
+|[aiohttp](https://pypi.org/project/aiohttp)|v3.9.1|11/26/23|renovate[bot] |Apache-2.0|[CVE-2024-23334](https://github.com/advisories/GHSA-5h86-8mv2-jq9f) (Moderate)<br/>[CVE-2024-23829](https://github.com/advisories/GHSA-8qpw-xqxj-h4r2) (Moderate)|
 |[dnspython](https://pypi.org/project/dnspython)|v2.4.2|01/10/24|renovate[bot] |Other|N/A|
 |[gitdb](https://pypi.org/project/gitdb)|v4.0.11|10/20/23|renovate[bot] |BSD-3-Clause|N/A|
 |[motor](https://pypi.org/project/motor)|v3.3.2|11/15/23|renovate[bot] |Apache-2.0|N/A|
diff --git a/techstack.yml b/techstack.yml
@@ -2,7 +2,7 @@ repo_name: EDM115/unzip-bot
 report_id: a22151c2a9a30641224fb622a23031a5
 version: 0.1
 repo_type: Public
-timestamp: '2024-01-11T12:29:11+00:00'
+timestamp: '2024-02-29T18:13:11+00:00'
 requested_by: EDM115
 provider: github
 branch: master
@@ -154,6 +154,20 @@ tools:
   detection_source: requirements.txt
   last_updated_by: renovate[bot]
   last_updated_on: 2023-11-26 18:24:43.000000000 Z
+  vulnerabilities:
+  - name: aiohttp is vulnerable to directory traversal
+    cve_id: CVE-2024-23334
+    cve_url: https://github.com/advisories/GHSA-5h86-8mv2-jq9f
+    detected_date: Jan 30
+    severity: moderate
+    first_patched: 3.9.2
+  - name: aiohttp's HTTP parser (the python one, not llhttp) still overly lenient
+      about separators
+    cve_id: CVE-2024-23829
+    cve_url: https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
+    detected_date: Jan 30
+    severity: moderate
+    first_patched: 3.9.2
 - name: dnspython
   description: DNS toolkit
   package_url: https://pypi.org/project/dnspython
