GOV.UK Frontend v5.5.0

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/flake8	7.1.1	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 8 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 5/10 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pycodestyle	2.12.1	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 6 Found 5/8 approved changesets -- score normalized to 6 Maintained :green_circle: 10 20 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/werkzeug	3.0.4	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/17 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/flake8	7.1.1	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 8 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 5/10 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pycodestyle	2.12.1	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 6 Found 5/8 approved changesets -- score normalized to 6 Maintained :green_circle: 10 20 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/werkzeug	3.0.4	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/17 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/flake8	7.1.1	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 8 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 5/10 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pycodestyle	2.12.1	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 6 Found 5/8 approved changesets -- score normalized to 6 Maintained :green_circle: 10 20 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/werkzeug	3.0.4	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/17 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/flake8	7.1.1	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 8 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 5/10 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/importlib-metadata	8.4.0	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/25 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 8 binaries present in source code Branch-Protection :warning: 0 branch protection not enabled on development/release branches Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pycodestyle	2.12.1	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 6 Found 5/8 approved changesets -- score normalized to 6 Maintained :green_circle: 10 20 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/werkzeug	3.0.4	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/17 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/zipp	3.20.1	:green_circle: 6.6	Details Check Score Reason Code-Review :warning: 0 Found 0/28 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Security-Policy :green_circle: 10 security policy file detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection :warning: 0 branch protection not enabled on development/release branches Signed-Releases :warning: -1 no releases found Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/flake8	7.1.1	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 8 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 5/10 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/importlib-metadata	8.4.0	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/25 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 8 binaries present in source code Branch-Protection :warning: 0 branch protection not enabled on development/release branches Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pycodestyle	2.12.1	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 6 Found 5/8 approved changesets -- score normalized to 6 Maintained :green_circle: 10 20 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/werkzeug	3.0.4	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/17 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/zipp	3.20.1	:green_circle: 6.6	Details Check Score Reason Code-Review :warning: 0 Found 0/28 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Security-Policy :green_circle: 10 security policy file detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection :warning: 0 branch protection not enabled on development/release branches Signed-Releases :warning: -1 no releases found Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

requirements-test-3.10.txt

• flake8@7.1.1
• pycodestyle@2.12.1
• werkzeug@3.0.4
• flake8@7.0.0
• pycodestyle@2.11.1
• werkzeug@3.0.3

requirements-test-3.11.txt

• flake8@7.1.1
• pycodestyle@2.12.1
• werkzeug@3.0.4
• flake8@7.0.0
• pycodestyle@2.11.1
• werkzeug@3.0.3

requirements-test-3.12.txt

• flake8@7.1.1
• pycodestyle@2.12.1
• werkzeug@3.0.4
• flake8@7.0.0
• pycodestyle@2.11.1
• werkzeug@3.0.3

requirements-test-3.8.txt

• zipp@3.19.0
• flake8@7.1.1
• importlib-metadata@8.4.0
• pycodestyle@2.12.1
• werkzeug@3.0.4
• zipp@3.20.1
• flake8@7.0.0
• importlib-metadata@7.1.0
• pycodestyle@2.11.1
• werkzeug@3.0.3

requirements-test-3.9.txt

• zipp@3.19.0
• flake8@7.1.1
• importlib-metadata@8.4.0
• pycodestyle@2.12.1
• werkzeug@3.0.4
• zipp@3.20.1
• flake8@7.0.0
• importlib-metadata@7.1.0
• pycodestyle@2.11.1
• werkzeug@3.0.3