Bump mypy from 1.20.2 to 2.1.0#739
Open
dependabot[bot] wants to merge 72 commits into
Open
Conversation
When scanning a local directory, metadata detectors (typosquatting, deceptive author, compromised email, etc.) previously could not run because no registry metadata was available. The new --metadata flag accepts a path to a package metadata JSON file (matching the PyPI JSON API or npm registry format), enabling the full detection pipeline for local scans. The recall benchmark worker now automatically passes package_info-*.json files from the malicious-software-packages-dataset ZIPs to guarddog via this flag, so metadata rules contribute to recall measurement.
cluster.py now identifies ZIPs with zero source files and records them in cluster_index.json under "empty_packages". recall.py filters these out during regenerate_samples so benchmarks don't waste budget on packages that have no code to analyze.
Packages like litellm ship as a ZIP containing another ZIP. These are not empty; they just need double extraction. Count nested archives (.zip, .whl, .tar.gz) as having content.
Add 12 new YARA threat rules targeting common malware patterns that were previously undetected: download-and-execute chains, chr/hex obfuscation, PowerShell encoded commands, dynamic import+exec, reverse shells, Telegram/Discord exfil, DNS exfil, npm preinstall hooks, dependency confusion indicators, setup.py suspicious imports, and system info exfiltration. Tighten 6 existing rules to reduce false positives: threat-process-hooks (inline meta rules, exclude prepare/prepack), threat-process-injection-dll (remove overly broad .dll/.exe string matches), threat-runtime-system-info (require 3+ calls instead of 1), threat-process-spawn-silent (require both stdout+stderr suppressed), threat-runtime-obfuscation-general (raise hex threshold to 50+, remove bracket notation), threat-runtime-obfuscation-base64exec (tighten JS Buffer.from pattern, require explicit base64 encoding). Update risk engine: add "setup" and "npm" to valid categories (was silently dropping findings), make HIGH-specificity threats form standalone risks, add cross-category risk formation, add specificity gate (LOW-specificity-only capped at 4.9 unless MEDIUM+ specificity present), bump single-stage chain value from 0.3 to 0.4. Benchmark results (threshold 5.0, 1000 benign + 745 malicious packages): | | Baseline | Final | Change | |----------|----------|--------|---------| | Recall | 79.3% | 87.0% | +7.7pp | | Precision| 75.5% | 80.2% | +4.7pp | | F1 | 77.3% | 83.5% | +6.2pp | | MCC | 0.600 | 0.704 | +0.104 |
…lusters Removed 95 packages that had no source files (empty placeholders, dep confusion probes with no payload, nested-archive dataset bugs). Backfilled 94 replacements from previously unrepresented clusters for better diversity. Recall on cleaned dataset: 88.8% (was 87.0% on dirty dataset with empty packages dragging it down). PyPI recall 98.9%, compromised_lib 100%.
Add threat-runtime-obfuscation-log-suppress rule for console.log suppression combined with hex arrays/fromCharCode (common npm malware evasion). Extend threat-process-download-exec to catch Node.js child_process + fetch patterns. Recall now at 90.6% (threshold 5.0), up from 88.8%.
* Remove deprecated CLI commands 'scan' and 'verify' * code formatting
dependabot
Bot
force-pushed
the
dependabot/pip/mypy-2.1.0
branch
2 times, most recently
from
518520e to
4792e50
Compare
The github_action scanner built the source archive URL as https://github.com/<repo>/archive/refs/tags/<version>.zip, which only resolves for tag refs. When an action is pinned to a commit SHA or a branch (a common and recommended supply-chain practice for SHAs), that URL returns 404 and the scan fails. GitHub's /archive/<ref>.zip endpoint resolves any ref type (tag, branch, or commit SHA), so use that single form for all versioned refs. Tag behavior is unchanged; the no-version zipball path is untouched. Adds unit tests covering tag, commit-sha, and branch refs plus the no-version case. Fixes #714 Signed-off-by: arpitjain099 <arpitjain099@gmail.com>
Port main PRs
…ives The npm_metadata_mismatch heuristic compared dependency URLs with strict string equality. This caused false positives when the NPM manifest and package.json listed the same git repository with and without the trailing `.git` suffix (e.g. `git+https://…/repo.git` vs `git+https://…/repo`). Adds `_normalize_git_url()` to strip the `.git` suffix from git-scheme URLs before comparison, and 10 new tests covering the normalization logic, integration behavior, and edge cases. Fixes #634
Port PRs to v3
dependabot
Bot
force-pushed
the
dependabot/pip/mypy-2.1.0
branch
from
4792e50 to
ba8cfd6
Compare
Release v3 - 3.0.0a2
* Fix npm-http-dependency false positive on metadata URL fields
The npm-http-dependency rule treats any plain http:// value that is not a
known metadata field as a dependency URL (#http_plain > #http_meta). Nested
metadata objects (author, repository, bugs, funding) carry their URL under a
"url" key, which was missing from the allowlist, so packages with an
http author/repo URL (e.g. "author": { "url": "http://..." }) were
falsely flagged.
Add "url" to the metadata-field allowlist and extend the benign fixture to
cover author/repository/bugs URLs over http.
* Constrain http-dependency url allowlist to metadata objects
Addresses review feedback: allowlisting any key named "url" let a dependency
literally named "url" with a plain-http specifier ("dependencies": {"url":
"http://..."}) count as both $http_plain and $http_meta, so it was no longer
reported. Replace the bare "url" allowlist entry with $http_meta_url, which
matches the nested "url" key only inside a metadata object (author, repository,
bugs, funding, contributors, maintainers). A url dependency over http is caught
again, while benign metadata URLs stay suppressed.
Add a positive fixture covering the url-as-dependency case.
* Add S3 scanning mode Support scanning a package stored in S3, e.g. 'guarddog npm scan s3://bucket/path/to/package'. Detects the s3:// scheme, verifies AWS authentication via STS, syncs the prefix (or downloads a single archive object) to a temp dir, scans it under the sandbox like other untrusted content, and removes it from disk afterward. Folder prefixes are downloaded concurrently with a thread pool, and the botocore connection pool is sized to match the worker count. * Normalize S3 folder prefixes and handle 403 on head_object
* Add nightly evals workflow * Add nightly-evals.yml to workflow scanner test expectations
- Update branch triggers (main → v2) in tag-release.yml, pr.yml, guarddog.yml, and scorecard.yml (scorecard now tracks v3 as default) - Replace Chainguard STS OIDC policy for main with v2 - Add branch-level Docker tag (guarddog:v2/v3); :latest now points to v3 - Update README and CONTRIBUTING branch references Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rename main branch to v2 in CI workflows and docs
Bumps [mypy](https://github.com/python/mypy) from 1.20.2 to 2.1.0. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.20.2...v2.1.0) --- updated-dependencies: - dependency-name: mypy dependency-version: 2.1.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/pip/mypy-2.1.0
branch
from
ba8cfd6 to
f4ccdf6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps mypy from 1.20.2 to 2.1.0.
Changelog
Sourced from mypy's changelog.
... (truncated)
Commits
c1c336dRemove +dev from version74df14bAdd changelog for mypy 2.1 (#21464)022d9bcRevert "TypeForm: Enable by default (#21262)"8826288[mypyc] Document librt.random (#21463)3f4067bBump librt version to 0.11.0 (#21458)2b1eb58[mypyc] Enable incremental self-compilation (#21369)8152f4aRespect file config comments for stale modules (#21444)116d60bFix nondeterminism from nonassociativity of overload joins (#21455)6c4af8eFix function call message change for small number of args (#21432)4b8fdca[mypyc] Add librt.random module (#21433)