SwaragThaikkandi / SMdRQA

For doing multidimensional recurrent quantification analysis(MdRQA) and sliding window version of it

https://swaragthaikkandi.github.io/SMdRQA/

GNU General Public License v3.0

1 stars 0 forks source link

Update requirements.txt #53

Closed SwaragThaikkandi closed 7 months ago

SwaragThaikkandi commented 7 months ago

Security Update against vulnerabilities: https://github.com/SwaragThaikkandi/SMdRQA/issues/52

github-actions[bot] commented 7 months ago

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

requirements.txt

Package	Version	License	Issue Type
pillow	>= 10.2.0	Null	Unknown License

OpenSSF Scorecard

Package

Version

Score

Details

>= 10.2.0

:green_circle: 7.5

Details

Check	Score	Reason
Code-Review	:green_circle: 8	found 1 unreviewed changesets out of 9 -- score normalized to 8
Maintained	:green_circle: 10	30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
License	:green_circle: 9	license file detected
CII-Best-Practices	:warning: 2	badge detected: InProgress
Signed-Releases	:warning: -1	no releases found
Security-Policy	:green_circle: 10	security policy file detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:green_circle: 10	GitHub workflow tokens follow principle of least privilege
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Fuzzing	:green_circle: 10	project is fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Packaging	:green_circle: 10	packaging workflow detected
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

>= 10.0.1

:green_circle: 7.5

Details

Check	Score	Reason
Code-Review	:green_circle: 8	found 1 unreviewed changesets out of 9 -- score normalized to 8
Maintained	:green_circle: 10	30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
License	:green_circle: 9	license file detected
CII-Best-Practices	:warning: 2	badge detected: InProgress
Signed-Releases	:warning: -1	no releases found
Security-Policy	:green_circle: 10	security policy file detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:green_circle: 10	GitHub workflow tokens follow principle of least privilege
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Fuzzing	:green_circle: 10	project is fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Packaging	:green_circle: 10	packaging workflow detected
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

requirements.txt

pillow@>= 10.2.0
pillow@>= 10.0.1