From 31ac4109b6fb82238c3a19f79f595c307c3b7811 Mon Sep 17 00:00:00 2001
From: alex <alex@coderabbit.ai>
Date: Thu, 14 Aug 2025 10:00:27 -0400
Subject: [PATCH 1/2] Preview/google osv-scanner

---
 Gemfile.lock     | 128 +++++++++++++++++++++++++++++++++++++++++++++++
 osv-scanner.toml |  20 ++++++++
 2 files changed, 148 insertions(+)
 create mode 100644 Gemfile.lock
 create mode 100644 osv-scanner.toml

diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 0000000..95685c7
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,128 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (6.0.2.1)
+      actionpack (= 6.0.2.1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.0.2.1)
+      actionpack (= 6.0.2.1)
+      activejob (= 6.0.2.1)
+      activerecord (= 6.0.2.1)
+      activestorage (= 6.0.2.1)
+      activesupport (= 6.0.2.1)
+      mail (>= 2.7.1)
+    actionmailer (6.0.2.1)
+      actionpack (= 6.0.2.1)
+      actionview (= 6.0.2.1)
+      activejob (= 6.0.2.1)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (6.0.2.1)
+      actionview (= 6.0.2.1)
+      activesupport (= 6.0.2.1)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+    actiontext (6.0.2.1)
+      actionpack (= 6.0.2.1)
+      activerecord (= 6.0.2.1)
+      activestorage (= 6.0.2.1)
+      activesupport (= 6.0.2.1)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.2.1)
+      activesupport (= 6.0.2.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+    activejob (6.0.2.1)
+      activesupport (= 6.0.2.1)
+      globalid (>= 0.3.6)
+    activemodel (6.0.2.1)
+      activesupport (= 6.0.2.1)
+    activerecord (6.0.2.1)
+      activemodel (= 6.0.2.1)
+      activesupport (= 6.0.2.1)
+    activestorage (6.0.2.1)
+      actionpack (= 6.0.2.1)
+      activejob (= 6.0.2.1)
+      activerecord (= 6.0.2.1)
+      marcel (~> 0.3.1)
+    activesupport (6.0.2.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    bootsnap (1.4.5)
+      msgpack (~> 1.0)
+    builder (3.2.4)
+    concurrent-ruby (1.1.5)
+    crass (1.0.6)
+    erubi (1.9.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    i18n (1.7.0)
+      concurrent-ruby (~> 1.0)
+    loofah (2.4.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+    method_source (0.9.2)
+    mini_mime (1.0.2)
+    minitest (5.13.0)
+    msgpack (1.3.1)
+    nio4r (2.5.2)
+    nokogiri (1.10.7)
+    rack (2.0.7)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (6.0.2.1)
+      actioncable (= 6.0.2.1)
+      actionmailbox (= 6.0.2.1)
+      actionmailer (= 6.0.2.1)
+      actionpack (= 6.0.2.1)
+      actiontext (= 6.0.2.1)
+      actionview (= 6.0.2.1)
+      activejob (= 6.0.2.1)
+      activemodel (= 6.0.2.1)
+      activerecord (= 6.0.2.1)
+      activestorage (= 6.0.2.1)
+      activesupport (= 6.0.2.1)
+      bundler (>= 1.3.0)
+      railties (= 6.0.2.1)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    railties (6.0.2.1)
+      actionpack (= 6.0.2.1)
+      activesupport (= 6.0.2.1)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.20.3, < 2.0)
+    rake (13.0.1)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sprockets (4.0.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    thor (0.20.3)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    thread_safe (0.3.6)
+    websocket-driver (0.7.1)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bootsnap (>= 1.4.2)
+  rails (= 6.0.2.1)
+
+BUNDLED WITH
+   2.1.4
\ No newline at end of file
diff --git a/osv-scanner.toml b/osv-scanner.toml
new file mode 100644
index 0000000..720fd05
--- /dev/null
+++ b/osv-scanner.toml
@@ -0,0 +1,20 @@
+# osv-scanner.toml
+# This empty config mirrors default behavior: nothing is ignored.
+
+# --- Examples (leave commented) ---
+# [[IgnoredVulns]]
+# id = "CVE-YYYY-XXXX"
+# # ignoreUntil = 2025-12-31
+# reason = "why this is safe to ignore"
+
+# [[PackageOverrides]]
+# # Match fields (any subset): name, version, ecosystem, group
+# name = "axios"
+# ecosystem = "npm"
+# # Actions (pick any):
+# ignore = true                  # ignore both vulns and license
+# vulnerability.ignore = true    # ignore only vulnerabilities
+# license.ignore = true          # ignore only license
+# license.override = ["MIT"]     # override license(s)
+# effectiveUntil = 2025-12-31
+# reason = "temporary exception"

From df4f83cd031dbf3656283f33f897a9a08edc4c4c Mon Sep 17 00:00:00 2001
From: alex <alex@coderabbit.ai>
Date: Fri, 26 Sep 2025 17:04:26 -0400
Subject: [PATCH 2/2] add bad python libraries

---
 Gemfile.lock     | 128 -----------------------------------------------
 osv-scanner.toml |  20 --------
 requirements.txt |   6 +++
 3 files changed, 6 insertions(+), 148 deletions(-)
 delete mode 100644 Gemfile.lock
 delete mode 100644 osv-scanner.toml
 create mode 100644 requirements.txt

diff --git a/Gemfile.lock b/Gemfile.lock
deleted file mode 100644
index 95685c7..0000000
--- a/Gemfile.lock
+++ /dev/null
@@ -1,128 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      nio4r (~> 2.0)
-      websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activejob (= 6.0.2.1)
-      activerecord (= 6.0.2.1)
-      activestorage (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      mail (>= 2.7.1)
-    actionmailer (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      actionview (= 6.0.2.1)
-      activejob (= 6.0.2.1)
-      mail (~> 2.5, >= 2.5.4)
-    actionpack (6.0.2.1)
-      actionview (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      rack (~> 2.0)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-    actiontext (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activerecord (= 6.0.2.1)
-      activestorage (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      nokogiri (>= 1.8.5)
-    actionview (6.0.2.1)
-      activesupport (= 6.0.2.1)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-    activejob (6.0.2.1)
-      activesupport (= 6.0.2.1)
-      globalid (>= 0.3.6)
-    activemodel (6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activerecord (6.0.2.1)
-      activemodel (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activestorage (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activejob (= 6.0.2.1)
-      activerecord (= 6.0.2.1)
-      marcel (~> 0.3.1)
-    activesupport (6.0.2.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    bootsnap (1.4.5)
-      msgpack (~> 1.0)
-    builder (3.2.4)
-    concurrent-ruby (1.1.5)
-    crass (1.0.6)
-    erubi (1.9.0)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    i18n (1.7.0)
-      concurrent-ruby (~> 1.0)
-    loofah (2.4.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-    method_source (0.9.2)
-    mini_mime (1.0.2)
-    minitest (5.13.0)
-    msgpack (1.3.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.7)
-    rack (2.0.7)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (6.0.2.1)
-      actioncable (= 6.0.2.1)
-      actionmailbox (= 6.0.2.1)
-      actionmailer (= 6.0.2.1)
-      actionpack (= 6.0.2.1)
-      actiontext (= 6.0.2.1)
-      actionview (= 6.0.2.1)
-      activejob (= 6.0.2.1)
-      activemodel (= 6.0.2.1)
-      activerecord (= 6.0.2.1)
-      activestorage (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      bundler (>= 1.3.0)
-      railties (= 6.0.2.1)
-      sprockets-rails (>= 2.0.0)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    railties (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (13.0.1)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sprockets (4.0.0)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    thor (0.20.3)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    thread_safe (0.3.6)
-    websocket-driver (0.7.1)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.4)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bootsnap (>= 1.4.2)
-  rails (= 6.0.2.1)
-
-BUNDLED WITH
-   2.1.4
\ No newline at end of file
diff --git a/osv-scanner.toml b/osv-scanner.toml
deleted file mode 100644
index 720fd05..0000000
--- a/osv-scanner.toml
+++ /dev/null
@@ -1,20 +0,0 @@
-# osv-scanner.toml
-# This empty config mirrors default behavior: nothing is ignored.
-
-# --- Examples (leave commented) ---
-# [[IgnoredVulns]]
-# id = "CVE-YYYY-XXXX"
-# # ignoreUntil = 2025-12-31
-# reason = "why this is safe to ignore"
-
-# [[PackageOverrides]]
-# # Match fields (any subset): name, version, ecosystem, group
-# name = "axios"
-# ecosystem = "npm"
-# # Actions (pick any):
-# ignore = true                  # ignore both vulns and license
-# vulnerability.ignore = true    # ignore only vulnerabilities
-# license.ignore = true          # ignore only license
-# license.override = ["MIT"]     # override license(s)
-# effectiveUntil = 2025-12-31
-# reason = "temporary exception"
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..097ceff
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,6 @@
+ecdsa==0.19.1
+fastapi==0.104.1
+jinja2==3.1.2
+python-jose==3.3.0
+python-multipart==0.0.6
+starlette==0.27.0
\ No newline at end of file