search

actions / dependency-review-action

A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
MIT License
612 stars 107 forks source link

[BUG] `allow-dependencies-licenses` not respected after changing from `==` to `>=` with Python #812

Open altendky opened 3 months ago

altendky commented 3 months ago
Details

Describe the bug I made a PR to change my Poetry-defined Python project dependencies from using == to >= and now dependency-review-action is complaining about pylint's GPL license despite it being in the allow-dependencies-licenses list.

To Reproduce For now anyways, see screenshots and exampes below.

Expected behavior I expect the allow configuration to avoid complaints about the pylint license.

Screenshots image image

Action version What version of the action are you using in your workflow? v4 (v4.3.4)

Examples https://github.com/Chia-Network/chia-blockchain/actions/runs/11036776910/job/30656244385?pr=18305

full debug log ``` 2024-09-25T16:04:27.0034799Z ##[debug]Starting: dependency-review 2024-09-25T16:04:27.0063159Z ##[debug]Cleaning runner temp folder: /home/runner/work/_temp 2024-09-25T16:04:27.0315302Z ##[debug]Starting: Set up job 2024-09-25T16:04:27.0315984Z Current runner version: '2.319.1' 2024-09-25T16:04:27.0335895Z ##[group]Operating System 2024-09-25T16:04:27.0336576Z Ubuntu 2024-09-25T16:04:27.0336934Z 22.04.5 2024-09-25T16:04:27.0337223Z LTS 2024-09-25T16:04:27.0337640Z ##[endgroup] 2024-09-25T16:04:27.0338007Z ##[group]Runner Image 2024-09-25T16:04:27.0338638Z Image: ubuntu-22.04 2024-09-25T16:04:27.0339238Z Version: 20240922.1.0 2024-09-25T16:04:27.0340250Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md 2024-09-25T16:04:27.0341646Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1 2024-09-25T16:04:27.0342598Z ##[endgroup] 2024-09-25T16:04:27.0342993Z ##[group]Runner Image Provisioner 2024-09-25T16:04:27.0343431Z 2.0.384.1 2024-09-25T16:04:27.0344041Z ##[endgroup] 2024-09-25T16:04:27.0358982Z ##[group]GITHUB_TOKEN Permissions 2024-09-25T16:04:27.0360660Z Contents: read 2024-09-25T16:04:27.0361303Z Metadata: read 2024-09-25T16:04:27.0361686Z ##[endgroup] 2024-09-25T16:04:27.0364786Z Secret source: Actions 2024-09-25T16:04:27.0365577Z ##[debug]Primary repository: Chia-Network/chia-blockchain 2024-09-25T16:04:27.0366277Z Prepare workflow directory 2024-09-25T16:04:27.0431037Z ##[debug]Creating pipeline directory: '/home/runner/work/chia-blockchain' 2024-09-25T16:04:27.0434196Z ##[debug]Creating workspace directory: '/home/runner/work/chia-blockchain/chia-blockchain' 2024-09-25T16:04:27.0435813Z ##[debug]Update context data 2024-09-25T16:04:27.0439578Z ##[debug]Evaluating job-level environment variables 2024-09-25T16:04:27.0921913Z ##[debug]Evaluating job container 2024-09-25T16:04:27.0925841Z ##[debug]Evaluating job service containers 2024-09-25T16:04:27.0928091Z ##[debug]Evaluating job defaults 2024-09-25T16:04:27.0998303Z Prepare all required actions 2024-09-25T16:04:27.1156466Z Getting action download info 2024-09-25T16:04:27.2895319Z Download action repository 'actions/checkout@v4' (SHA:692973e3d937129bcbf40652eb9f2f61becf3332) 2024-09-25T16:04:27.2924654Z ##[debug]Copied action archive '/opt/actionarchivecache/actions_checkout/692973e3d937129bcbf40652eb9f2f61becf3332.tar.gz' to '/home/runner/work/_actions/_temp_bb9db0f2-9e13-4f94-bee8-b8ba548bb97e/9e1795de-eeb2-42ea-aba2-8970de9b009d.tar.gz' 2024-09-25T16:04:27.3564982Z ##[debug]Unwrap 'actions-checkout-692973e' to '/home/runner/work/_actions/actions/checkout/v4' 2024-09-25T16:04:27.3713951Z ##[debug]Archive '/home/runner/work/_actions/_temp_bb9db0f2-9e13-4f94-bee8-b8ba548bb97e/9e1795de-eeb2-42ea-aba2-8970de9b009d.tar.gz' has been unzipped into '/home/runner/work/_actions/actions/checkout/v4'. 2024-09-25T16:04:27.3841285Z Download action repository 'actions/dependency-review-action@v4' (SHA:5a2ce3f5b92ee19cbb1541a4984c76d921601d7c) 2024-09-25T16:04:27.8231050Z ##[debug]Download 'https://api.github.com/repos/actions/dependency-review-action/tarball/5a2ce3f5b92ee19cbb1541a4984c76d921601d7c' to '/home/runner/work/_actions/_temp_dfa29719-a318-43a4-bdf3-1165c000304e/132f7eb9-0529-4e1d-b0a0-2699fd43322b.tar.gz' 2024-09-25T16:04:27.8577216Z ##[debug]Unwrap 'actions-dependency-review-action-5a2ce3f' to '/home/runner/work/_actions/actions/dependency-review-action/v4' 2024-09-25T16:04:27.8703139Z ##[debug]Archive '/home/runner/work/_actions/_temp_dfa29719-a318-43a4-bdf3-1165c000304e/132f7eb9-0529-4e1d-b0a0-2699fd43322b.tar.gz' has been unzipped into '/home/runner/work/_actions/actions/dependency-review-action/v4'. 2024-09-25T16:04:27.8767412Z ##[debug]action.yml for action: '/home/runner/work/_actions/actions/checkout/v4/action.yml'. 2024-09-25T16:04:27.9647617Z ##[debug]action.yml for action: '/home/runner/work/_actions/actions/dependency-review-action/v4/action.yml'. 2024-09-25T16:04:27.9843465Z ##[debug]Set step '__actions_checkout' display name to: 'Checkout Repository' 2024-09-25T16:04:27.9846304Z ##[debug]Set step '__actions_dependency-review-action' display name to: 'Dependency Review' 2024-09-25T16:04:27.9847864Z Complete job name: dependency-review 2024-09-25T16:04:27.9861293Z ##[debug]Collect running processes for tracking orphan processes. 2024-09-25T16:04:28.0084834Z ##[debug]Finishing: Set up job 2024-09-25T16:04:28.0281921Z ##[debug]Evaluating condition for step: 'Checkout Repository' 2024-09-25T16:04:28.0328023Z ##[debug]Evaluating: success() 2024-09-25T16:04:28.0333833Z ##[debug]Evaluating success: 2024-09-25T16:04:28.0357106Z ##[debug]=> true 2024-09-25T16:04:28.0364176Z ##[debug]Result: true 2024-09-25T16:04:28.0398102Z ##[debug]Starting: Checkout Repository 2024-09-25T16:04:28.0513620Z ##[debug]Register post job cleanup for action: actions/checkout@v4 2024-09-25T16:04:28.0619581Z ##[debug]Loading inputs 2024-09-25T16:04:28.0627523Z ##[debug]Evaluating: github.repository 2024-09-25T16:04:28.0629116Z ##[debug]Evaluating Index: 2024-09-25T16:04:28.0631402Z ##[debug]..Evaluating github: 2024-09-25T16:04:28.0632679Z ##[debug]..=> Object 2024-09-25T16:04:28.0644865Z ##[debug]..Evaluating String: 2024-09-25T16:04:28.0646025Z ##[debug]..=> 'repository' 2024-09-25T16:04:28.0650032Z ##[debug]=> 'Chia-Network/chia-blockchain' 2024-09-25T16:04:28.0651984Z ##[debug]Result: 'Chia-Network/chia-blockchain' 2024-09-25T16:04:28.0654909Z ##[debug]Evaluating: github.token 2024-09-25T16:04:28.0655464Z ##[debug]Evaluating Index: 2024-09-25T16:04:28.0656028Z ##[debug]..Evaluating github: 2024-09-25T16:04:28.0656523Z ##[debug]..=> Object 2024-09-25T16:04:28.0656926Z ##[debug]..Evaluating String: 2024-09-25T16:04:28.0657487Z ##[debug]..=> 'token' 2024-09-25T16:04:28.0658369Z ##[debug]=> '***' 2024-09-25T16:04:28.0659189Z ##[debug]Result: '***' 2024-09-25T16:04:28.0674744Z ##[debug]Loading env 2024-09-25T16:04:28.0766076Z ##[group]Run actions/checkout@v4 2024-09-25T16:04:28.0766731Z with: 2024-09-25T16:04:28.0767310Z repository: Chia-Network/chia-blockchain 2024-09-25T16:04:28.0768066Z token: *** 2024-09-25T16:04:28.0768709Z ssh-strict: true 2024-09-25T16:04:28.0769148Z ssh-user: git 2024-09-25T16:04:28.0769516Z persist-credentials: true 2024-09-25T16:04:28.0770064Z clean: true 2024-09-25T16:04:28.0770466Z sparse-checkout-cone-mode: true 2024-09-25T16:04:28.0770922Z fetch-depth: 1 2024-09-25T16:04:28.0771401Z fetch-tags: false 2024-09-25T16:04:28.0771812Z show-progress: true 2024-09-25T16:04:28.0772173Z lfs: false 2024-09-25T16:04:28.0772614Z submodules: false 2024-09-25T16:04:28.0773022Z set-safe-directory: true 2024-09-25T16:04:28.0773422Z ##[endgroup] 2024-09-25T16:04:28.2575328Z ##[debug]GITHUB_WORKSPACE = '/home/runner/work/chia-blockchain/chia-blockchain' 2024-09-25T16:04:28.2577099Z ##[debug]qualified repository = 'Chia-Network/chia-blockchain' 2024-09-25T16:04:28.2578000Z ##[debug]ref = 'refs/pull/18305/merge' 2024-09-25T16:04:28.2579306Z ##[debug]commit = '88aad60bd30bfb078647a5cb57587e4cd100e1e8' 2024-09-25T16:04:28.2580092Z ##[debug]clean = true 2024-09-25T16:04:28.2580819Z ##[debug]filter = undefined 2024-09-25T16:04:28.2581482Z ##[debug]fetch depth = 1 2024-09-25T16:04:28.2582194Z ##[debug]fetch tags = false 2024-09-25T16:04:28.2582815Z ##[debug]show progress = true 2024-09-25T16:04:28.2583567Z ##[debug]lfs = false 2024-09-25T16:04:28.2584179Z ##[debug]submodules = false 2024-09-25T16:04:28.2584928Z ##[debug]recursive submodules = false 2024-09-25T16:04:28.2585596Z ##[debug]GitHub Host URL = 2024-09-25T16:04:28.2587015Z ::add-matcher::/home/runner/work/_actions/actions/checkout/v4/dist/problem-matcher.json 2024-09-25T16:04:28.2689435Z ##[debug]Added matchers: 'checkout-git'. Problem matchers scan action output for known warning or error strings and report these inline. 2024-09-25T16:04:28.2700436Z Syncing repository: Chia-Network/chia-blockchain 2024-09-25T16:04:28.2702372Z ::group::Getting Git version info 2024-09-25T16:04:28.2704318Z ##[group]Getting Git version info 2024-09-25T16:04:28.2705541Z Working directory is '/home/runner/work/chia-blockchain/chia-blockchain' 2024-09-25T16:04:28.2707631Z ##[debug]Getting git version 2024-09-25T16:04:28.2708368Z [command]/usr/bin/git version 2024-09-25T16:04:28.2709412Z git version 2.46.1 2024-09-25T16:04:28.2710449Z ##[debug]0 2024-09-25T16:04:28.2711412Z ##[debug]git version 2.46.1 2024-09-25T16:04:28.2712093Z ##[debug] 2024-09-25T16:04:28.2713547Z ##[debug]Set git useragent to: git/2.46.1 (github-actions-checkout) 2024-09-25T16:04:28.2714511Z ::endgroup:: 2024-09-25T16:04:28.2715008Z ##[endgroup] 2024-09-25T16:04:28.2725980Z ::add-mask::*** 2024-09-25T16:04:28.2727734Z Temporarily overriding HOME='/home/runner/work/_temp/150b9bdb-d241-4275-a0c0-8619806aa27e' before making global git config changes 2024-09-25T16:04:28.2729209Z Adding repository directory to the temporary git global config as a safe directory 2024-09-25T16:04:28.2730251Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/chia-blockchain/chia-blockchain 2024-09-25T16:04:28.2747270Z ##[debug]0 2024-09-25T16:04:28.2748151Z ##[debug] 2024-09-25T16:04:28.2752487Z Deleting the contents of '/home/runner/work/chia-blockchain/chia-blockchain' 2024-09-25T16:04:28.2756002Z ::group::Initializing the repository 2024-09-25T16:04:28.2756690Z ##[group]Initializing the repository 2024-09-25T16:04:28.2760336Z [command]/usr/bin/git init /home/runner/work/chia-blockchain/chia-blockchain 2024-09-25T16:04:28.2816538Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-09-25T16:04:28.2817848Z hint: is subject to change. To configure the initial branch name to use in all 2024-09-25T16:04:28.2818956Z hint: of your new repositories, which will suppress this warning, call: 2024-09-25T16:04:28.2819664Z hint: 2024-09-25T16:04:28.2820783Z hint: git config --global init.defaultBranch 2024-09-25T16:04:28.2821357Z hint: 2024-09-25T16:04:28.2822129Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-09-25T16:04:28.2823991Z hint: 'development'. The just-created branch can be renamed via this command: 2024-09-25T16:04:28.2825230Z hint: 2024-09-25T16:04:28.2825950Z hint: git branch -m 2024-09-25T16:04:28.2827612Z Initialized empty Git repository in /home/runner/work/chia-blockchain/chia-blockchain/.git/ 2024-09-25T16:04:28.2829574Z ##[debug]0 2024-09-25T16:04:28.2831488Z ##[debug]Initialized empty Git repository in /home/runner/work/chia-blockchain/chia-blockchain/.git/ 2024-09-25T16:04:28.2832856Z ##[debug] 2024-09-25T16:04:28.2835395Z [command]/usr/bin/git remote add origin https://github.com/Chia-Network/chia-blockchain 2024-09-25T16:04:28.2866176Z ##[debug]0 2024-09-25T16:04:28.2867406Z ##[debug] 2024-09-25T16:04:28.2868778Z ::endgroup:: 2024-09-25T16:04:28.2869397Z ##[endgroup] 2024-09-25T16:04:28.2870858Z ::group::Disabling automatic garbage collection 2024-09-25T16:04:28.2871955Z ##[group]Disabling automatic garbage collection 2024-09-25T16:04:28.2873299Z [command]/usr/bin/git config --local gc.auto 0 2024-09-25T16:04:28.2904524Z ##[debug]0 2024-09-25T16:04:28.2905782Z ##[debug] 2024-09-25T16:04:28.2906872Z ::endgroup:: 2024-09-25T16:04:28.2907273Z ##[endgroup] 2024-09-25T16:04:28.2908139Z ::group::Setting up auth 2024-09-25T16:04:28.2909265Z ##[group]Setting up auth 2024-09-25T16:04:28.2912652Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-09-25T16:04:28.2939165Z ##[debug]1 2024-09-25T16:04:28.2943598Z ##[debug] 2024-09-25T16:04:28.2945079Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-09-25T16:04:28.3234187Z ##[debug]0 2024-09-25T16:04:28.3235127Z ##[debug] 2024-09-25T16:04:28.3238987Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-09-25T16:04:28.3263143Z ##[debug]1 2024-09-25T16:04:28.3263954Z ##[debug] 2024-09-25T16:04:28.3267884Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-09-25T16:04:28.3482161Z ##[debug]0 2024-09-25T16:04:28.3483043Z ##[debug] 2024-09-25T16:04:28.3490746Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-09-25T16:04:28.3525404Z ##[debug]0 2024-09-25T16:04:28.3526234Z ##[debug] 2024-09-25T16:04:28.3533167Z ::endgroup:: 2024-09-25T16:04:28.3533630Z ##[endgroup] 2024-09-25T16:04:28.3534368Z ::group::Fetching the repository 2024-09-25T16:04:28.3534806Z ##[group]Fetching the repository 2024-09-25T16:04:28.3541827Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +88aad60bd30bfb078647a5cb57587e4cd100e1e8:refs/remotes/pull/18305/merge 2024-09-25T16:04:28.8252123Z From https://github.com/Chia-Network/chia-blockchain 2024-09-25T16:04:28.8253484Z * [new ref] 88aad60bd30bfb078647a5cb57587e4cd100e1e8 -> pull/18305/merge 2024-09-25T16:04:28.8278815Z ##[debug]0 2024-09-25T16:04:28.8279993Z ##[debug] 2024-09-25T16:04:28.8280964Z ::endgroup:: 2024-09-25T16:04:28.8281580Z ##[endgroup] 2024-09-25T16:04:28.8282617Z ::group::Determining the checkout info 2024-09-25T16:04:28.8283419Z ##[group]Determining the checkout info 2024-09-25T16:04:28.8284728Z ::endgroup:: 2024-09-25T16:04:28.8285305Z ##[endgroup] 2024-09-25T16:04:28.8287174Z [command]/usr/bin/git sparse-checkout disable 2024-09-25T16:04:28.8322515Z ##[debug]0 2024-09-25T16:04:28.8323524Z ##[debug] 2024-09-25T16:04:28.8327432Z [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig 2024-09-25T16:04:28.8355278Z ##[debug]0 2024-09-25T16:04:28.8356272Z ##[debug] 2024-09-25T16:04:28.8362978Z ::group::Checking out the ref 2024-09-25T16:04:28.8363637Z ##[group]Checking out the ref 2024-09-25T16:04:28.8364799Z [command]/usr/bin/git checkout --progress --force refs/remotes/pull/18305/merge 2024-09-25T16:04:28.9238288Z Note: switching to 'refs/remotes/pull/18305/merge'. 2024-09-25T16:04:28.9239400Z 2024-09-25T16:04:28.9240289Z You are in 'detached HEAD' state. You can look around, make experimental 2024-09-25T16:04:28.9242133Z changes and commit them, and you can discard any commits you make in this 2024-09-25T16:04:28.9243663Z state without impacting any branches by switching back to a branch. 2024-09-25T16:04:28.9244533Z 2024-09-25T16:04:28.9245240Z If you want to create a new branch to retain commits you create, you may 2024-09-25T16:04:28.9246962Z do so (now or later) by using -c with the switch command. Example: 2024-09-25T16:04:28.9247795Z 2024-09-25T16:04:28.9248201Z git switch -c 2024-09-25T16:04:28.9248892Z 2024-09-25T16:04:28.9249312Z Or undo this operation with: 2024-09-25T16:04:28.9249788Z 2024-09-25T16:04:28.9250022Z git switch - 2024-09-25T16:04:28.9250436Z 2024-09-25T16:04:28.9251074Z Turn off this advice by setting config variable advice.detachedHead to false 2024-09-25T16:04:28.9252020Z 2024-09-25T16:04:28.9253213Z HEAD is now at 88aad60 Merge af0d32fdf68848a8597adf7b1231d54672e82a7d into bffb7b11c37f107b08ed2b8e2858d9376fb8faee 2024-09-25T16:04:28.9254621Z ##[debug]0 2024-09-25T16:04:28.9255311Z ##[debug] 2024-09-25T16:04:28.9255909Z ::endgroup:: 2024-09-25T16:04:28.9256200Z ##[endgroup] 2024-09-25T16:04:28.9284245Z ##[debug]0 2024-09-25T16:04:28.9285628Z ##[debug]commit 88aad60bd30bfb078647a5cb57587e4cd100e1e8 2024-09-25T16:04:28.9286173Z ##[debug]Author: Kyle Altendorf 2024-09-25T16:04:28.9286649Z ##[debug]Date: Wed Sep 25 12:00:44 2024 -0400 2024-09-25T16:04:28.9287152Z ##[debug] 2024-09-25T16:04:28.9287853Z ##[debug] Merge af0d32fdf68848a8597adf7b1231d54672e82a7d into bffb7b11c37f107b08ed2b8e2858d9376fb8faee 2024-09-25T16:04:28.9289093Z ##[debug] 2024-09-25T16:04:28.9289676Z [command]/usr/bin/git log -1 --format='%H' 2024-09-25T16:04:28.9311071Z '88aad60bd30bfb078647a5cb57587e4cd100e1e8' 2024-09-25T16:04:28.9316063Z ##[debug]0 2024-09-25T16:04:28.9317213Z ##[debug]'88aad60bd30bfb078647a5cb57587e4cd100e1e8' 2024-09-25T16:04:28.9317908Z ##[debug] 2024-09-25T16:04:28.9320654Z ##[debug]Unsetting HOME override 2024-09-25T16:04:28.9329659Z ::remove-matcher owner=checkout-git:: 2024-09-25T16:04:28.9348865Z ##[debug]Removed matchers: 'checkout-git' 2024-09-25T16:04:28.9395174Z ##[debug]Node Action run completed with exit code 0 2024-09-25T16:04:28.9513398Z ##[debug]Save intra-action state isPost = true 2024-09-25T16:04:28.9514093Z ##[debug]Save intra-action state setSafeDirectory = true 2024-09-25T16:04:28.9514872Z ##[debug]Save intra-action state repositoryPath = /home/runner/work/chia-blockchain/chia-blockchain 2024-09-25T16:04:28.9525494Z ##[debug]Finishing: Checkout Repository 2024-09-25T16:04:28.9538184Z ##[debug]Evaluating condition for step: 'Dependency Review' 2024-09-25T16:04:28.9541277Z ##[debug]Evaluating: success() 2024-09-25T16:04:28.9541857Z ##[debug]Evaluating success: 2024-09-25T16:04:28.9542531Z ##[debug]=> true 2024-09-25T16:04:28.9543164Z ##[debug]Result: true 2024-09-25T16:04:28.9544204Z ##[debug]Starting: Dependency Review 2024-09-25T16:04:28.9596580Z ##[debug]Loading inputs 2024-09-25T16:04:28.9627174Z ##[debug]Evaluating: github.token 2024-09-25T16:04:28.9627720Z ##[debug]Evaluating Index: 2024-09-25T16:04:28.9628148Z ##[debug]..Evaluating github: 2024-09-25T16:04:28.9628753Z ##[debug]..=> Object 2024-09-25T16:04:28.9629212Z ##[debug]..Evaluating String: 2024-09-25T16:04:28.9629634Z ##[debug]..=> 'token' 2024-09-25T16:04:28.9630327Z ##[debug]=> '***' 2024-09-25T16:04:28.9630929Z ##[debug]Result: '***' 2024-09-25T16:04:28.9641834Z ##[debug]Loading env 2024-09-25T16:04:28.9648163Z ##[group]Run actions/dependency-review-action@v4 2024-09-25T16:04:28.9648750Z with: 2024-09-25T16:04:28.9649335Z allow-dependencies-licenses: pkg:pypi/pylint, pkg:pypi/pyinstaller 2024-09-25T16:04:28.9650519Z deny-licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later 2024-09-25T16:04:28.9651696Z repo-token: *** 2024-09-25T16:04:28.9652032Z ##[endgroup] 2024-09-25T16:04:30.2230917Z ##[debug]Filtered Changes: [{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":">= 24.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":">= 3.10.2","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":">= 0.7.0","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":">= 0.20.0","package_url":"","license":null,"source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":">= 4.3.0","package_url":"","license":null,"source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":">= 4.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":">= 24.8.0","package_url":"","license":null,"source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":">= 1.34.143","package_url":"","license":null,"source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":">= 0.13.0","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":">= 1.5.1","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":">= 2.0.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":">= 1.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":">= 8.1.7","package_url":"","license":null,"source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":">= 0.9.10","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":">= 0.4.9","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":">= 0.1.43","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":">= 0.4.6","package_url":"","license":null,"source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":">= 6.8.2","package_url":"","license":null,"source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":">= 7.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":">= 43.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":">= 9.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":">= 2.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":">= 3.15.4","package_url":"","license":null,"source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":">= 7.1.1","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":">= 0.3.1","package_url":"","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":">= 6.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":">= 5.13.2","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":">= 25.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":">= 1.3.9","package_url":"","license":null,"source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":">= 5.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":">= 2.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":">= 1.11.1","package_url":"","license":null,"source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":">= 24.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":">= 24.2","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":">= 6.9.0","package_url":"","license":null,"source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":">= 3.2.6","package_url":"","license":null,"source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":">= 8.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":">= 5.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":">= 3.14.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":">= 1.6.6","package_url":"","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":">= 3.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":">= 3.16.0","package_url":"","license":null,"source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":">= 6.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":">= 1.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":">= 75.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":">= 2.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":">= 4.11.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":">= 4.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":"24.1.0","package_url":"pkg:pypi/aiofiles@24.1.0","license":"Apache-2.0","source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":"3.10.2","package_url":"pkg:pypi/aiohttp@3.10.2","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":"0.7.0","package_url":"pkg:pypi/aiohttp-cors@0.7.0","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":"0.20.0","package_url":"pkg:pypi/aiosqlite@0.20.0","license":"MIT","source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":"4.3.0","package_url":"pkg:pypi/anyio@4.3.0","license":"MIT","source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":"4.1.4","package_url":"pkg:pypi/bitstring@4.1.4","license":"MIT","source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":"24.8.0","package_url":"pkg:pypi/black@24.8.0","license":"MIT","source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":"1.34.143","package_url":"pkg:pypi/boto3@1.34.143","license":"Apache-2.0","source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":"1.2.1","package_url":"pkg:pypi/build@1.2.1","license":"MIT","source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":"0.13.0","package_url":"pkg:pypi/chia-rs@0.13.0","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":"1.5.1","package_url":"pkg:pypi/chiabip158@1.5.1","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":"2.0.4","package_url":"pkg:pypi/chiapos@2.0.4","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":"1.1.4","package_url":"pkg:pypi/chiavdf@1.1.4","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":"8.1.7","package_url":"pkg:pypi/click@8.1.7","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":"0.9.10","package_url":"pkg:pypi/clvm@0.9.10","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":"0.4.9","package_url":"pkg:pypi/clvm-tools@0.4.9","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":"0.1.43","package_url":"pkg:pypi/clvm-tools-rs@0.1.43","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":"0.4.6","package_url":"pkg:pypi/colorama@0.4.6","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":"6.8.2","package_url":"pkg:pypi/colorlog@6.8.2","license":"MIT","source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":"0.9.25","package_url":"pkg:pypi/concurrent-log-handler@0.9.25","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":"7.6.1","package_url":"pkg:pypi/coverage@7.6.1","license":"Apache-2.0","source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":"43.0.1","package_url":"pkg:pypi/cryptography@43.0.1","license":"Apache-2.0 OR (Apache-2.0 AND BSD-3-Clause)","source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":"9.0.0","package_url":"pkg:pypi/diff-cover@9.0.0","license":"Apache-2.0","source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":"0.9.25","package_url":"pkg:pypi/dnslib@0.9.25","license":"BSD-2-Clause","source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":"2.6.1","package_url":"pkg:pypi/dnspython@2.6.1","license":"ISC","source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":"3.15.4","package_url":"pkg:pypi/filelock@3.15.4","license":"Unlicense","source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":"7.1.1","package_url":"pkg:pypi/flake8@7.1.1","license":"MIT","source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":"0.3.1","package_url":"pkg:pypi/hsms@0.3.1","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":"6.4.0","package_url":"pkg:pypi/importlib-resources@6.4.0","license":"Apache-2.0","source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":"5.13.2","package_url":"pkg:pypi/isort@5.13.2","license":"MIT","source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":"25.2.1","package_url":"pkg:pypi/keyring@25.2.1","license":"MIT","source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":"1.3.9","package_url":"pkg:pypi/keyrings.cryptfile@1.3.9","license":"MIT","source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":"5.2.2","package_url":"pkg:pypi/lxml@5.2.2","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":"2.2.2","package_url":"pkg:pypi/miniupnpc@2.2.2","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":"1.11.1","package_url":"pkg:pypi/mypy@1.11.1","license":"MIT","source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":"24.0","package_url":"pkg:pypi/packaging@24.0","license":"Apache-2.0 OR (Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause)","source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":"24.2","package_url":"pkg:pypi/pip@24.2","license":"MIT","source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":"1.2.1","package_url":"pkg:pypi/py3createtorrent@1.2.1","license":"LGPL-3.0-or-later","source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":"6.9.0","package_url":"pkg:pypi/pyinstaller@6.9.0","license":"GPL-2.0-only","source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":"3.2.6","package_url":"pkg:pypi/pylint@3.2.6","license":"GPL-2.0-only AND GPL-2.0-or-later","source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":"8.3.3","package_url":"pkg:pypi/pytest@8.3.3","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":"5.0.0","package_url":"pkg:pypi/pytest-cov@5.0.0","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":"3.14.0","package_url":"pkg:pypi/pytest-mock@3.14.0","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":"1.6.6","package_url":"pkg:pypi/pytest-monitor@1.6.6","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":"3.6.1","package_url":"pkg:pypi/pytest-xdist@3.6.1","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":"3.16.0","package_url":"pkg:pypi/pyupgrade@3.16.0","license":"MIT","source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":"6.0.1","package_url":"pkg:pypi/pyyaml@6.0.1","license":"MIT","source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":"1.3.3","package_url":"pkg:pypi/setproctitle@1.3.3","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":"75.1.0","package_url":"pkg:pypi/setuptools@75.1.0","license":"MIT","source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":"2.4.0","package_url":"pkg:pypi/sortedcontainers@2.4.0","license":"Apache-2.0","source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":"4.11.0","package_url":"pkg:pypi/typing-extensions@4.11.0","license":"Python-2.0","source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":"4.0.1","package_url":"pkg:pypi/watchdog@4.0.1","license":"Apache-2.0","source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]}] 2024-09-25T16:04:30.2330608Z ##[debug]Config Deny Packages: {"fail_on_severity":"low","fail_on_scopes":["runtime"],"deny_licenses":["AGPL-1.0-only","AGPL-1.0-or-later","AGPL-1.0-or-later","AGPL-3.0-or-later","GPL-1.0-only","GPL-1.0-or-later","GPL-2.0-only","GPL-2.0-or-later","GPL-3.0-only","GPL-3.0-or-later"],"allow_dependencies_licenses":["pkg:pypi/pylint","pkg:pypi/pyinstaller"],"allow_ghsas":[],"deny_packages":[],"deny_groups":[],"license_check":true,"vulnerability_check":true,"retry_on_snapshot_warnings":false,"retry_on_snapshot_warnings_timeout":120,"show_openssf_scorecard":true,"warn_on_openssf_scorecard_level":3,"comment_summary_in_pr":"never","warn_only":false} 2024-09-25T16:04:30.2333436Z Dependency review did not detect any denied packages 2024-09-25T16:04:30.7383540Z ##[debug]Couldn't get scorecard data for github.com/aio-libs/aiohttp-cors 2024-09-25T16:04:31.5550164Z ##[debug]Getting deps.dev data for chia_rs >= 0.13.0 2024-09-25T16:04:32.3150176Z ##[debug]Getting deps.dev data for clvm_tools >= 0.4.9 2024-09-25T16:04:32.3373965Z ##[debug]Getting deps.dev data for clvm_tools_rs >= 0.1.43 2024-09-25T16:04:32.8200311Z ##[debug]Getting deps.dev data for concurrent_log_handler >= 0.9.25 2024-09-25T16:04:33.7887690Z ##[debug]Couldn't get scorecard data for github.com/tox-dev/filelock 2024-09-25T16:04:34.0665411Z ##[debug]Couldn't get scorecard data for github.com/richardkiss/hsms 2024-09-25T16:04:34.8197381Z ##[debug]Couldn't get scorecard data for github.com/transmission/miniupnpc 2024-09-25T16:04:37.4321398Z ::group::Vulnerabilities 2024-09-25T16:04:37.4322126Z ##[group]Vulnerabilities 2024-09-25T16:04:37.4323693Z Dependency review did not detect any vulnerable packages with severity level "low" or higher. 2024-09-25T16:04:37.4330140Z ##[debug]found 17 unknown licenses 2024-09-25T16:04:37.4331587Z ##[debug]0 licenses could not be validated 2024-09-25T16:04:37.4332852Z ::group::Licenses 2024-09-25T16:04:37.4333491Z ##[group]Licenses 2024-09-25T16:04:37.4333947Z 2024-09-25T16:04:37.4334372Z The following dependencies have incompatible licenses: 2024-09-25T16:04:37.4336273Z pyproject.toml » pylint@>= 3.2.6 – License: GPL-2.0 2024-09-25T16:04:37.4373688Z ##[error]Dependency review detected incompatible licenses. 2024-09-25T16:04:37.4384661Z 2024-09-25T16:04:37.4385244Z We could not detect a license for the following dependencies: 2024-09-25T16:04:37.4386440Z pyproject.toml » chia_rs@>= 0.13.0 2024-09-25T16:04:37.4387631Z pyproject.toml » clvm_tools@>= 0.4.9 2024-09-25T16:04:37.4388873Z pyproject.toml » clvm_tools_rs@>= 0.1.43 2024-09-25T16:04:37.4389984Z pyproject.toml » concurrent_log_handler@>= 0.9.25 2024-09-25T16:04:37.4391235Z pyproject.toml » aiohttp@>= 3.10.2 2024-09-25T16:04:37.4392376Z pyproject.toml » cryptography@>= 43.0.1 2024-09-25T16:04:37.4393342Z pyproject.toml » dnspython@>= 2.6.1 2024-09-25T16:04:37.4394480Z pyproject.toml » flake8@>= 7.1.1 2024-09-25T16:04:37.4395371Z pyproject.toml » lxml@>= 5.2.2 2024-09-25T16:04:37.4396113Z pyproject.toml » miniupnpc@>= 2.2.2 2024-09-25T16:04:37.4397052Z pyproject.toml » mypy@>= 1.11.1 2024-09-25T16:04:37.4397861Z pyproject.toml » packaging@>= 24.0 2024-09-25T16:04:37.4398963Z pyproject.toml » py3createtorrent@>= 1.2.1 2024-09-25T16:04:37.4400210Z pyproject.toml » pyinstaller@>= 6.9.0 2024-09-25T16:04:37.4401252Z pyproject.toml » setproctitle@>= 1.3.3 2024-09-25T16:04:37.4402264Z pyproject.toml » sortedcontainers@>= 2.4.0 2024-09-25T16:04:37.4403523Z pyproject.toml » typing-extensions@>= 4.11.0 2024-09-25T16:04:37.4405063Z ::group::Denied 2024-09-25T16:04:37.4405783Z ##[group]Denied 2024-09-25T16:04:37.4406918Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4408855Z ##[debug]Overall score 4.7 2024-09-25T16:04:37.4409889Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4410921Z ##[debug]Overall score 6.9 2024-09-25T16:04:37.4411767Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4412761Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4413662Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4414690Z ##[debug]Overall score 3.9 2024-09-25T16:04:37.4415614Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4416652Z ##[debug]Overall score 5.7 2024-09-25T16:04:37.4417731Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4419007Z ##[debug]Overall score 4.5 2024-09-25T16:04:37.4419915Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4421031Z ##[debug]Overall score 6.5 2024-09-25T16:04:37.4421948Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4423013Z ##[debug]Overall score 7.9 2024-09-25T16:04:37.4423902Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4424980Z ##[debug]Overall score 6 2024-09-25T16:04:37.4425867Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4426942Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4427867Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4429178Z ##[debug]Overall score 6 2024-09-25T16:04:37.4430107Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4431171Z ##[debug]Overall score 6.3 2024-09-25T16:04:37.4432095Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4433164Z ##[debug]Overall score 6.2 2024-09-25T16:04:37.4434089Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4435142Z ##[debug]Overall score 6.8 2024-09-25T16:04:37.4436058Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4437111Z ##[debug]Overall score 5.9 2024-09-25T16:04:37.4438035Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4439269Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4440233Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4441303Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4442282Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4443359Z ##[debug]Overall score 4.3 2024-09-25T16:04:37.4444281Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4445338Z ##[debug]Overall score 4.3 2024-09-25T16:04:37.4446221Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4447350Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4448285Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4449543Z ##[debug]Overall score 8.5 2024-09-25T16:04:37.4450455Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4451563Z ##[debug]Overall score 8.6 2024-09-25T16:04:37.4452476Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4453536Z ##[debug]Overall score 6 2024-09-25T16:04:37.4454395Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4455437Z ##[debug]Overall score 4.6 2024-09-25T16:04:37.4456294Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4457341Z ##[debug]Overall score 6.2 2024-09-25T16:04:37.4458221Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4459472Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4460440Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4461467Z ##[debug]Overall score 6 2024-09-25T16:04:37.4462362Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4463503Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4464549Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4465670Z ##[debug]Overall score 5.9 2024-09-25T16:04:37.4466665Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4467848Z ##[debug]Overall score 3.4 2024-09-25T16:04:37.4468958Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4470022Z ##[debug]Overall score 5.9 2024-09-25T16:04:37.4470963Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4472092Z ##[debug]Overall score 3.9 2024-09-25T16:04:37.4473078Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4474190Z ##[debug]Overall score 6.6 2024-09-25T16:04:37.4475122Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4476475Z ##[debug]Overall score undefined 2024-09-25T16:04:37.4477472Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4478730Z ##[debug]Overall score 6.3 2024-09-25T16:04:37.4479653Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4480727Z ##[debug]Overall score 7.6 2024-09-25T16:04:37.4481637Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4482722Z ##[debug]Overall score 5.9 2024-09-25T16:04:37.4483647Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4484710Z ##[debug]Overall score 3.4 2024-09-25T16:04:37.4485662Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4486961Z ##[debug]Overall score 5.5 2024-09-25T16:04:37.4488001Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4489300Z ##[debug]Overall score 7.2 2024-09-25T16:04:37.4490345Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4491468Z ##[debug]Overall score 6.4 2024-09-25T16:04:37.4492446Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4493562Z ##[debug]Overall score 5.2 2024-09-25T16:04:37.4494545Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4495684Z ##[debug]Overall score 5.5 2024-09-25T16:04:37.4496646Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4497750Z ##[debug]Overall score 4.3 2024-09-25T16:04:37.4498803Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4499968Z ##[debug]Overall score 5.6 2024-09-25T16:04:37.4500933Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4502027Z ##[debug]Overall score 4.8 2024-09-25T16:04:37.4502863Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4503898Z ##[debug]Overall score 6.4 2024-09-25T16:04:37.4504735Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4505728Z ##[debug]Overall score 3.4 2024-09-25T16:04:37.4506576Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4507530Z ##[debug]Overall score 5 2024-09-25T16:04:37.4508367Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4509557Z ##[debug]Overall score 3.4 2024-09-25T16:04:37.4510138Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4510808Z ##[debug]Overall score 7.2 2024-09-25T16:04:37.4511382Z ##[debug]Adding scorecard to summary 2024-09-25T16:04:37.4512039Z ##[debug]Overall score 4.7 2024-09-25T16:04:37.4512591Z ::group::Scorecard 2024-09-25T16:04:37.4513004Z ##[group]Scorecard 2024-09-25T16:04:37.4513394Z pip/aiofiles: OpenSSF Scorecard Score: 4.7 2024-09-25T16:04:37.4513854Z pip/aiohttp: OpenSSF Scorecard Score: 6.9 2024-09-25T16:04:37.4514417Z pip/aiohttp_cors: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4514939Z pip/aiosqlite: OpenSSF Scorecard Score: 3.9 2024-09-25T16:04:37.4515367Z pip/anyio: OpenSSF Scorecard Score: 5.7 2024-09-25T16:04:37.4515888Z pip/bitstring: OpenSSF Scorecard Score: 4.5 2024-09-25T16:04:37.4516355Z pip/black: OpenSSF Scorecard Score: 6.5 2024-09-25T16:04:37.4516764Z pip/boto3: OpenSSF Scorecard Score: 7.9 2024-09-25T16:04:37.4517261Z pip/build: OpenSSF Scorecard Score: 6 2024-09-25T16:04:37.4517741Z pip/chia_rs: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4518190Z pip/chiabip158: OpenSSF Scorecard Score: 6 2024-09-25T16:04:37.4518946Z pip/chiapos: OpenSSF Scorecard Score: 6.3 2024-09-25T16:04:37.4519430Z pip/chiavdf: OpenSSF Scorecard Score: 6.2 2024-09-25T16:04:37.4519843Z pip/click: OpenSSF Scorecard Score: 6.8 2024-09-25T16:04:37.4520349Z pip/clvm: OpenSSF Scorecard Score: 5.9 2024-09-25T16:04:37.4520842Z pip/clvm_tools: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4521336Z pip/clvm_tools_rs: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4521908Z pip/colorama: OpenSSF Scorecard Score: 4.3 2024-09-25T16:04:37.4522390Z pip/colorlog: OpenSSF Scorecard Score: 4.3 2024-09-25T16:04:37.4522932Z pip/concurrent_log_handler: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4523519Z pip/coverage: OpenSSF Scorecard Score: 8.5 2024-09-25T16:04:37.4523992Z pip/cryptography: OpenSSF Scorecard Score: 8.6 2024-09-25T16:04:37.4524559Z pip/diff-cover: OpenSSF Scorecard Score: 6 2024-09-25T16:04:37.4525069Z pip/dnslib: OpenSSF Scorecard Score: 4.6 2024-09-25T16:04:37.4525733Z pip/dnspython: OpenSSF Scorecard Score: 6.2 2024-09-25T16:04:37.4526253Z pip/filelock: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4526770Z pip/flake8: OpenSSF Scorecard Score: 6 2024-09-25T16:04:37.4527227Z pip/hsms: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4527820Z pip/importlib-resources: OpenSSF Scorecard Score: 5.9 2024-09-25T16:04:37.4528367Z pip/isort: OpenSSF Scorecard Score: 3.4 2024-09-25T16:04:37.4529048Z pip/keyring: OpenSSF Scorecard Score: 5.9 2024-09-25T16:04:37.4529583Z pip/keyrings.cryptfile: OpenSSF Scorecard Score: 3.9 2024-09-25T16:04:37.4530253Z pip/lxml: OpenSSF Scorecard Score: 6.6 2024-09-25T16:04:37.4530729Z pip/miniupnpc: OpenSSF Scorecard Score: undefined 2024-09-25T16:04:37.4531231Z pip/mypy: OpenSSF Scorecard Score: 6.3 2024-09-25T16:04:37.4531740Z pip/packaging: OpenSSF Scorecard Score: 7.6 2024-09-25T16:04:37.4532229Z pip/pip: OpenSSF Scorecard Score: 5.9 2024-09-25T16:04:37.4532708Z pip/py3createtorrent: OpenSSF Scorecard Score: 3.4 2024-09-25T16:04:37.4533264Z pip/pyinstaller: OpenSSF Scorecard Score: 5.5 2024-09-25T16:04:37.4533752Z pip/pylint: OpenSSF Scorecard Score: 7.2 2024-09-25T16:04:37.4534205Z pip/pytest: OpenSSF Scorecard Score: 6.4 2024-09-25T16:04:37.4534744Z pip/pytest-cov: OpenSSF Scorecard Score: 5.2 2024-09-25T16:04:37.4535292Z pip/pytest-mock: OpenSSF Scorecard Score: 5.5 2024-09-25T16:04:37.4536213Z pip/pytest-monitor: OpenSSF Scorecard Score: 4.3 2024-09-25T16:04:37.4537153Z pip/pytest-xdist: OpenSSF Scorecard Score: 5.6 2024-09-25T16:04:37.4537866Z pip/pyupgrade: OpenSSF Scorecard Score: 4.8 2024-09-25T16:04:37.4538879Z pip/pyyaml: OpenSSF Scorecard Score: 6.4 2024-09-25T16:04:37.4539671Z pip/setproctitle: OpenSSF Scorecard Score: 3.4 2024-09-25T16:04:37.4540377Z pip/setuptools: OpenSSF Scorecard Score: 5 2024-09-25T16:04:37.4541254Z pip/sortedcontainers: OpenSSF Scorecard Score: 3.4 2024-09-25T16:04:37.4542231Z pip/typing-extensions: OpenSSF Scorecard Score: 7.2 2024-09-25T16:04:37.4542981Z pip/watchdog: OpenSSF Scorecard Score: 4.7 2024-09-25T16:04:37.4543847Z ::group::Dependency Changes 2024-09-25T16:04:37.4544245Z ##[group]Dependency Changes 2024-09-25T16:04:37.4544729Z File: pyproject.toml 2024-09-25T16:04:37.4545135Z + aiofiles@>= 24.1.0 2024-09-25T16:04:37.4545542Z + aiohttp@>= 3.10.2 2024-09-25T16:04:37.4546012Z + aiohttp_cors@>= 0.7.0 2024-09-25T16:04:37.4546419Z + aiosqlite@>= 0.20.0 2024-09-25T16:04:37.4546816Z + anyio@>= 4.3.0 2024-09-25T16:04:37.4547271Z + bitstring@>= 4.1.4 2024-09-25T16:04:37.4547656Z + black@>= 24.8.0 2024-09-25T16:04:37.4548057Z + boto3@>= 1.34.143 2024-09-25T16:04:37.4548676Z + build@>= 1.2.1 2024-09-25T16:04:37.4549082Z + chia_rs@>= 0.13.0 2024-09-25T16:04:37.4549491Z + chiabip158@>= 1.5.1 2024-09-25T16:04:37.4549986Z + chiapos@>= 2.0.4 2024-09-25T16:04:37.4550346Z + chiavdf@>= 1.1.4 2024-09-25T16:04:37.4550726Z + click@>= 8.1.7 2024-09-25T16:04:37.4551202Z + clvm@>= 0.9.10 2024-09-25T16:04:37.4551559Z + clvm_tools@>= 0.4.9 2024-09-25T16:04:37.4551975Z + clvm_tools_rs@>= 0.1.43 2024-09-25T16:04:37.4552477Z + colorama@>= 0.4.6 2024-09-25T16:04:37.4552880Z + colorlog@>= 6.8.2 2024-09-25T16:04:37.4553351Z + concurrent_log_handler@>= 0.9.25 2024-09-25T16:04:37.4553881Z + coverage@>= 7.6.1 2024-09-25T16:04:37.4554256Z + cryptography@>= 43.0.1 2024-09-25T16:04:37.4554678Z + diff-cover@>= 9.0.0 2024-09-25T16:04:37.4555154Z + dnslib@>= 0.9.25 2024-09-25T16:04:37.4555519Z + dnspython@>= 2.6.1 2024-09-25T16:04:37.4555920Z + filelock@>= 3.15.4 2024-09-25T16:04:37.4556393Z + flake8@>= 7.1.1 2024-09-25T16:04:37.4556745Z + hsms@>= 0.3.1 2024-09-25T16:04:37.4557173Z + importlib-resources@>= 6.4.0 2024-09-25T16:04:37.4557679Z + isort@>= 5.13.2 2024-09-25T16:04:37.4558041Z + keyring@>= 25.2.1 2024-09-25T16:04:37.4558870Z + keyrings.cryptfile@>= 1.3.9 2024-09-25T16:04:37.4559398Z + lxml@>= 5.2.2 2024-09-25T16:04:37.4559760Z + miniupnpc@>= 2.2.2 2024-09-25T16:04:37.4560187Z + mypy@>= 1.11.1 2024-09-25T16:04:37.4560537Z + packaging@>= 24.0 2024-09-25T16:04:37.4560997Z + pip@>= 24.2 2024-09-25T16:04:37.4561413Z + py3createtorrent@>= 1.2.1 2024-09-25T16:04:37.4561832Z + pyinstaller@>= 6.9.0 2024-09-25T16:04:37.4562329Z + pylint@>= 3.2.6 2024-09-25T16:04:37.4562716Z + pytest@>= 8.3.3 2024-09-25T16:04:37.4563201Z + pytest-cov@>= 5.0.0 2024-09-25T16:04:37.4563730Z + pytest-mock@>= 3.14.0 2024-09-25T16:04:37.4564166Z + pytest-monitor@>= 1.6.6 2024-09-25T16:04:37.4564567Z + pytest-xdist@>= 3.6.1 2024-09-25T16:04:37.4565075Z + pyupgrade@>= 3.16.0 2024-09-25T16:04:37.4565479Z + pyyaml@>= 6.0.1 2024-09-25T16:04:37.4565841Z + setproctitle@>= 1.3.3 2024-09-25T16:04:37.4566351Z + setuptools@>= 75.1.0 2024-09-25T16:04:37.4566782Z + sortedcontainers@>= 2.4.0 2024-09-25T16:04:37.4567257Z + typing-extensions@>= 4.11.0 2024-09-25T16:04:37.4567774Z + watchdog@>= 4.0.1 2024-09-25T16:04:37.4568263Z - aiofiles@24.1.0 2024-09-25T16:04:37.4569045Z - aiohttp@3.10.2 2024-09-25T16:04:37.4569558Z - aiohttp_cors@0.7.0 2024-09-25T16:04:37.4569960Z - aiosqlite@0.20.0 2024-09-25T16:04:37.4570326Z - anyio@4.3.0 2024-09-25T16:04:37.4570763Z - bitstring@4.1.4 2024-09-25T16:04:37.4571152Z - black@24.8.0 2024-09-25T16:04:37.4571515Z - boto3@1.34.143 2024-09-25T16:04:37.4571952Z - build@1.2.1 2024-09-25T16:04:37.4572333Z - chia_rs@0.13.0 2024-09-25T16:04:37.4572685Z - chiabip158@1.5.1 2024-09-25T16:04:37.4573137Z - chiapos@2.0.4 2024-09-25T16:04:37.4573532Z - chiavdf@1.1.4 2024-09-25T16:04:37.4573872Z - click@8.1.7 2024-09-25T16:04:37.4574295Z - clvm@0.9.10 2024-09-25T16:04:37.4574676Z - clvm_tools@0.4.9 2024-09-25T16:04:37.4575039Z - clvm_tools_rs@0.1.43 2024-09-25T16:04:37.4575517Z - colorama@0.4.6 2024-09-25T16:04:37.4575912Z - colorlog@6.8.2 2024-09-25T16:04:37.4576294Z - concurrent_log_handler@0.9.25 2024-09-25T16:04:37.4576801Z - coverage@7.6.1 2024-09-25T16:04:37.4577206Z - cryptography@43.0.1 2024-09-25T16:04:37.4577587Z - diff-cover@9.0.0 2024-09-25T16:04:37.4578042Z - dnslib@0.9.25 2024-09-25T16:04:37.4578443Z - dnspython@2.6.1 2024-09-25T16:04:37.4579195Z - filelock@3.15.4 2024-09-25T16:04:37.4579707Z - flake8@7.1.1 2024-09-25T16:04:37.4580083Z - hsms@0.3.1 2024-09-25T16:04:37.4580444Z - importlib-resources@6.4.0 2024-09-25T16:04:37.4580958Z - isort@5.13.2 2024-09-25T16:04:37.4581335Z - keyring@25.2.1 2024-09-25T16:04:37.4581708Z - keyrings.cryptfile@1.3.9 2024-09-25T16:04:37.4582214Z - lxml@5.2.2 2024-09-25T16:04:37.4582580Z - miniupnpc@2.2.2 2024-09-25T16:04:37.4582925Z - mypy@1.11.1 2024-09-25T16:04:37.4583375Z - packaging@24.0 2024-09-25T16:04:37.4583746Z - pip@24.2 2024-09-25T16:04:37.4584088Z - py3createtorrent@1.2.1 2024-09-25T16:04:37.4584590Z - pyinstaller@6.9.0 2024-09-25T16:04:37.4584991Z - pylint@3.2.6 2024-09-25T16:04:37.4585323Z - pytest@8.3.3 2024-09-25T16:04:37.4585779Z - pytest-cov@5.0.0 2024-09-25T16:04:37.4586188Z - pytest-mock@3.14.0 2024-09-25T16:04:37.4586586Z - pytest-monitor@1.6.6 2024-09-25T16:04:37.4587062Z - pytest-xdist@3.6.1 2024-09-25T16:04:37.4587468Z - pyupgrade@3.16.0 2024-09-25T16:04:37.4587836Z - pyyaml@6.0.1 2024-09-25T16:04:37.4588284Z - setproctitle@1.3.3 2024-09-25T16:04:37.4589324Z - setuptools@75.1.0 2024-09-25T16:04:37.4589917Z - sortedcontainers@2.4.0 2024-09-25T16:04:37.4590459Z - typing-extensions@4.11.0 2024-09-25T16:04:37.4590908Z - watchdog@4.0.1 2024-09-25T16:04:37.4591777Z ##[debug]The comment was too big for the GitHub API. Falling back on a minimum comment 2024-09-25T16:04:37.4592613Z ::endgroup:: 2024-09-25T16:04:37.4592888Z ##[endgroup] 2024-09-25T16:04:37.4593450Z ::endgroup:: 2024-09-25T16:04:37.4593764Z ##[endgroup] 2024-09-25T16:04:37.4594314Z ::endgroup:: 2024-09-25T16:04:37.4594625Z ##[endgroup] 2024-09-25T16:04:37.4595170Z ::endgroup:: 2024-09-25T16:04:37.4595570Z ##[endgroup] 2024-09-25T16:04:37.4596079Z ::endgroup:: 2024-09-25T16:04:37.4596462Z ##[endgroup] 2024-09-25T16:04:37.4597697Z ##[debug]Node Action run completed with exit code 1 2024-09-25T16:04:37.4953911Z ##[debug]Set output vulnerable-changes = [] 2024-09-25T16:04:37.4970750Z ##[debug]Set output invalid-license-changes = {"unlicensed":[{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":">= 0.13.0","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":">= 0.4.9","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":">= 0.1.43","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":">= 3.10.2","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":">= 43.0.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":">= 2.6.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":">= 7.1.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":">= 5.2.2","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":">= 2.2.2","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":">= 1.11.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":">= 24.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":">= 1.2.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":">= 6.9.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":">= 1.3.3","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":">= 2.4.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":">= 4.11.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]}],"unresolved":[],"forbidden":[{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":">= 3.2.6","package_url":"","license":"GPL-2.0","source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]}]} 2024-09-25T16:04:37.4987322Z ##[debug]Set output denied-changes = [] 2024-09-25T16:04:37.5083896Z ##[debug]Set output dependency-changes = [{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":">= 24.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":">= 3.10.2","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":">= 0.7.0","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":">= 0.20.0","package_url":"","license":null,"source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":">= 4.3.0","package_url":"","license":null,"source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":">= 4.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":">= 24.8.0","package_url":"","license":null,"source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":">= 1.34.143","package_url":"","license":null,"source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":">= 0.13.0","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":">= 1.5.1","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":">= 2.0.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":">= 1.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":">= 8.1.7","package_url":"","license":null,"source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":">= 0.9.10","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":">= 0.4.9","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":">= 0.1.43","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":">= 0.4.6","package_url":"","license":null,"source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":">= 6.8.2","package_url":"","license":null,"source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":">= 7.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":">= 43.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":">= 9.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":">= 2.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":">= 3.15.4","package_url":"","license":null,"source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":">= 7.1.1","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":">= 0.3.1","package_url":"","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":">= 6.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":">= 5.13.2","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":">= 25.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":">= 1.3.9","package_url":"","license":null,"source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":">= 5.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":">= 2.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":">= 1.11.1","package_url":"","license":null,"source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":">= 24.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":">= 24.2","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":">= 6.9.0","package_url":"","license":null,"source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":">= 3.2.6","package_url":"","license":null,"source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":">= 8.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":">= 5.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":">= 3.14.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":">= 1.6.6","package_url":"","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":">= 3.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":">= 3.16.0","package_url":"","license":null,"source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":">= 6.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":">= 1.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":">= 75.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":">= 2.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":">= 4.11.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":">= 4.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":"24.1.0","package_url":"pkg:pypi/aiofiles@24.1.0","license":"Apache-2.0","source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":"3.10.2","package_url":"pkg:pypi/aiohttp@3.10.2","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":"0.7.0","package_url":"pkg:pypi/aiohttp-cors@0.7.0","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":"0.20.0","package_url":"pkg:pypi/aiosqlite@0.20.0","license":"MIT","source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":"4.3.0","package_url":"pkg:pypi/anyio@4.3.0","license":"MIT","source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":"4.1.4","package_url":"pkg:pypi/bitstring@4.1.4","license":"MIT","source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":"24.8.0","package_url":"pkg:pypi/black@24.8.0","license":"MIT","source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":"1.34.143","package_url":"pkg:pypi/boto3@1.34.143","license":"Apache-2.0","source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":"1.2.1","package_url":"pkg:pypi/build@1.2.1","license":"MIT","source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":"0.13.0","package_url":"pkg:pypi/chia-rs@0.13.0","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":"1.5.1","package_url":"pkg:pypi/chiabip158@1.5.1","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":"2.0.4","package_url":"pkg:pypi/chiapos@2.0.4","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":"1.1.4","package_url":"pkg:pypi/chiavdf@1.1.4","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":"8.1.7","package_url":"pkg:pypi/click@8.1.7","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":"0.9.10","package_url":"pkg:pypi/clvm@0.9.10","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":"0.4.9","package_url":"pkg:pypi/clvm-tools@0.4.9","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":"0.1.43","package_url":"pkg:pypi/clvm-tools-rs@0.1.43","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":"0.4.6","package_url":"pkg:pypi/colorama@0.4.6","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":"6.8.2","package_url":"pkg:pypi/colorlog@6.8.2","license":"MIT","source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":"0.9.25","package_url":"pkg:pypi/concurrent-log-handler@0.9.25","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":"7.6.1","package_url":"pkg:pypi/coverage@7.6.1","license":"Apache-2.0","source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":"43.0.1","package_url":"pkg:pypi/cryptography@43.0.1","license":"Apache-2.0 OR (Apache-2.0 AND BSD-3-Clause)","source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":"9.0.0","package_url":"pkg:pypi/diff-cover@9.0.0","license":"Apache-2.0","source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":"0.9.25","package_url":"pkg:pypi/dnslib@0.9.25","license":"BSD-2-Clause","source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":"2.6.1","package_url":"pkg:pypi/dnspython@2.6.1","license":"ISC","source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":"3.15.4","package_url":"pkg:pypi/filelock@3.15.4","license":"Unlicense","source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":"7.1.1","package_url":"pkg:pypi/flake8@7.1.1","license":"MIT","source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":"0.3.1","package_url":"pkg:pypi/hsms@0.3.1","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":"6.4.0","package_url":"pkg:pypi/importlib-resources@6.4.0","license":"Apache-2.0","source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":"5.13.2","package_url":"pkg:pypi/isort@5.13.2","license":"MIT","source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":"25.2.1","package_url":"pkg:pypi/keyring@25.2.1","license":"MIT","source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":"1.3.9","package_url":"pkg:pypi/keyrings.cryptfile@1.3.9","license":"MIT","source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":"5.2.2","package_url":"pkg:pypi/lxml@5.2.2","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":"2.2.2","package_url":"pkg:pypi/miniupnpc@2.2.2","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":"1.11.1","package_url":"pkg:pypi/mypy@1.11.1","license":"MIT","source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":"24.0","package_url":"pkg:pypi/packaging@24.0","license":"Apache-2.0 OR (Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause)","source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":"24.2","package_url":"pkg:pypi/pip@24.2","license":"MIT","source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":"1.2.1","package_url":"pkg:pypi/py3createtorrent@1.2.1","license":"LGPL-3.0-or-later","source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":"6.9.0","package_url":"pkg:pypi/pyinstaller@6.9.0","license":"GPL-2.0-only","source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":"3.2.6","package_url":"pkg:pypi/pylint@3.2.6","license":"GPL-2.0-only AND GPL-2.0-or-later","source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":"8.3.3","package_url":"pkg:pypi/pytest@8.3.3","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":"5.0.0","package_url":"pkg:pypi/pytest-cov@5.0.0","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":"3.14.0","package_url":"pkg:pypi/pytest-mock@3.14.0","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":"1.6.6","package_url":"pkg:pypi/pytest-monitor@1.6.6","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":"3.6.1","package_url":"pkg:pypi/pytest-xdist@3.6.1","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":"3.16.0","package_url":"pkg:pypi/pyupgrade@3.16.0","license":"MIT","source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":"6.0.1","package_url":"pkg:pypi/pyyaml@6.0.1","license":"MIT","source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":"1.3.3","package_url":"pkg:pypi/setproctitle@1.3.3","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":"75.1.0","package_url":"pkg:pypi/setuptools@75.1.0","license":"MIT","source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":"2.4.0","package_url":"pkg:pypi/sortedcontainers@2.4.0","license":"Apache-2.0","source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":"4.11.0","package_url":"pkg:pypi/typing-extensions@4.11.0","license":"Python-2.0","source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":"4.0.1","package_url":"pkg:pypi/watchdog@4.0.1","license":"Apache-2.0","source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]}] 2024-09-25T16:04:37.5365884Z ##[debug]Set output comment-content =

Dependency Review

2024-09-25T16:04:37.5367847Z ##[debug]The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 17 package(s) with unknown licenses.
2024-09-25T16:04:37.5370602Z ##[debug]See the Details below.

License Issues

2024-09-25T16:04:37.5371222Z ##[debug]

pyproject.toml

2024-09-25T16:04:37.5386068Z ##[debug]
PackageVersionLicenseIssue Type
pylint>= 3.2.6GPL-2.0Incompatible License
chia_rs>= 0.13.0NullUnknown License
clvm_tools>= 0.4.9NullUnknown License
clvm_tools_rs>= 0.1.43NullUnknown License
concurrent_log_handler>= 0.9.25NullUnknown License
aiohttp>= 3.10.2NullUnknown License
cryptography>= 43.0.1NullUnknown License
dnspython>= 2.6.1NullUnknown License
flake8>= 7.1.1NullUnknown License
lxml>= 5.2.2NullUnknown License
miniupnpc>= 2.2.2NullUnknown License
mypy>= 1.11.1NullUnknown License
packaging>= 24.0NullUnknown License
py3createtorrent>= 1.2.1NullUnknown License
pyinstaller>= 6.9.0NullUnknown License
setproctitle>= 1.3.3NullUnknown License
sortedcontainers>= 2.4.0NullUnknown License
typing-extensions>= 4.11.0NullUnknown License
2024-09-25T16:04:37.5397048Z ##[debug]
Denied Licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later
2024-09-25T16:04:37.5398444Z ##[debug]
Excluded from license check: pkg:pypi/pylint, pkg:pypi/pyinstaller
2024-09-25T16:04:37.5399295Z ##[debug]

OpenSSF Scorecard

2024-09-25T16:04:37.5399661Z ##[debug]
Scorecard details 2024-09-25T16:04:37.5400195Z ##[debug] 2024-09-25T16:04:37.5400935Z ##[debug] 2024-09-25T16:04:37.5407882Z ##[debug] 2024-09-25T16:04:37.5415148Z ##[debug] 2024-09-25T16:04:37.5422359Z ##[debug] 2024-09-25T16:04:37.5429837Z ##[debug] 2024-09-25T16:04:37.5430488Z ##[debug] 2024-09-25T16:04:37.5431109Z ##[debug] 2024-09-25T16:04:37.5437858Z ##[debug] 2024-09-25T16:04:37.5445007Z ##[debug] 2024-09-25T16:04:37.5452068Z ##[debug] 2024-09-25T16:04:37.5459549Z ##[debug] 2024-09-25T16:04:37.5466190Z ##[debug] 2024-09-25T16:04:37.5473149Z ##[debug] 2024-09-25T16:04:37.5480378Z ##[debug] 2024-09-25T16:04:37.5487796Z ##[debug] 2024-09-25T16:04:37.5494662Z ##[debug] 2024-09-25T16:04:37.5501847Z ##[debug] 2024-09-25T16:04:37.5508922Z ##[debug] 2024-09-25T16:04:37.5515988Z ##[debug] 2024-09-25T16:04:37.5516382Z ##[debug] 2024-09-25T16:04:37.5517020Z ##[debug] 2024-09-25T16:04:37.5523744Z ##[debug] 2024-09-25T16:04:37.5530689Z ##[debug] 2024-09-25T16:04:37.5537294Z ##[debug] 2024-09-25T16:04:37.5544083Z ##[debug] 2024-09-25T16:04:37.5550865Z ##[debug] 2024-09-25T16:04:37.5557969Z ##[debug] 2024-09-25T16:04:37.5565058Z ##[debug] 2024-09-25T16:04:37.5572294Z ##[debug] 2024-09-25T16:04:37.5579008Z ##[debug] 2024-09-25T16:04:37.5585856Z ##[debug] 2024-09-25T16:04:37.5586262Z ##[debug] 2024-09-25T16:04:37.5586680Z ##[debug] 2024-09-25T16:04:37.5587192Z ##[debug] 2024-09-25T16:04:37.5587795Z ##[debug] 2024-09-25T16:04:37.5594547Z ##[debug] 2024-09-25T16:04:37.5601536Z ##[debug] 2024-09-25T16:04:37.5608404Z ##[debug] 2024-09-25T16:04:37.5615647Z ##[debug] 2024-09-25T16:04:37.5616217Z ##[debug] 2024-09-25T16:04:37.5616834Z ##[debug] 2024-09-25T16:04:37.5623679Z ##[debug] 2024-09-25T16:04:37.5630730Z ##[debug] 2024-09-25T16:04:37.5637543Z ##[debug] 2024-09-25T16:04:37.5644926Z ##[debug] 2024-09-25T16:04:37.5651859Z ##[debug] 2024-09-25T16:04:37.5660792Z ##[debug] 2024-09-25T16:04:37.5673072Z ##[debug] 2024-09-25T16:04:37.5686364Z ##[debug] 2024-09-25T16:04:37.5699501Z ##[debug] 2024-09-25T16:04:37.5713012Z ##[debug] 2024-09-25T16:04:37.5714155Z ##[debug] 2024-09-25T16:04:37.5715202Z ##[debug] 2024-09-25T16:04:37.5725498Z ##[debug] 2024-09-25T16:04:37.5733298Z ##[debug] 2024-09-25T16:04:37.5733924Z ##[debug] 2024-09-25T16:04:37.5734629Z ##[debug] 2024-09-25T16:04:37.5741620Z ##[debug] 2024-09-25T16:04:37.5748601Z ##[debug] 2024-09-25T16:04:37.5755179Z ##[debug] 2024-09-25T16:04:37.5762452Z ##[debug] 2024-09-25T16:04:37.5769290Z ##[debug] 2024-09-25T16:04:37.5776363Z ##[debug] 2024-09-25T16:04:37.5783268Z ##[debug] 2024-09-25T16:04:37.5790390Z ##[debug] 2024-09-25T16:04:37.5797691Z ##[debug] 2024-09-25T16:04:37.5805746Z ##[debug] 2024-09-25T16:04:37.5806391Z ##[debug] 2024-09-25T16:04:37.5806950Z ##[debug] 2024-09-25T16:04:37.5814018Z ##[debug] 2024-09-25T16:04:37.5821399Z ##[debug] 2024-09-25T16:04:37.5828334Z ##[debug] 2024-09-25T16:04:37.5835516Z ##[debug] 2024-09-25T16:04:37.5846892Z ##[debug] 2024-09-25T16:04:37.5859755Z ##[debug] 2024-09-25T16:04:37.5867242Z ##[debug] 2024-09-25T16:04:37.5874363Z ##[debug] 2024-09-25T16:04:37.5881459Z ##[debug] 2024-09-25T16:04:37.5888880Z ##[debug] 2024-09-25T16:04:37.5895530Z ##[debug] 2024-09-25T16:04:37.5902458Z ##[debug] 2024-09-25T16:04:37.5909534Z ##[debug] 2024-09-25T16:04:37.5916812Z ##[debug] 2024-09-25T16:04:37.5924054Z ##[debug] 2024-09-25T16:04:37.5931242Z ##[debug] 2024-09-25T16:04:37.5938394Z ##[debug] 2024-09-25T16:04:37.5945979Z ##[debug] 2024-09-25T16:04:37.5952725Z ##[debug] 2024-09-25T16:04:37.5959678Z ##[debug] 2024-09-25T16:04:37.5966698Z ##[debug] 2024-09-25T16:04:37.5974071Z ##[debug] 2024-09-25T16:04:37.5980774Z ##[debug] 2024-09-25T16:04:37.5987555Z ##[debug] 2024-09-25T16:04:37.5999612Z ##[debug] 2024-09-25T16:04:37.6012922Z ##[debug] 2024-09-25T16:04:37.6024696Z ##[debug] 2024-09-25T16:04:37.6032157Z ##[debug] 2024-09-25T16:04:37.6039047Z ##[debug] 2024-09-25T16:04:37.6046057Z ##[debug] 2024-09-25T16:04:37.6053110Z ##[debug] 2024-09-25T16:04:37.6060352Z ##[debug] 2024-09-25T16:04:37.6067356Z ##[debug] 2024-09-25T16:04:37.6074788Z ##[debug] 2024-09-25T16:04:37.6081716Z ##[debug] 2024-09-25T16:04:37.6088648Z ##[debug]
PackageVersionScoreDetails
pip/aiofiles >= 24.1.0:green_circle: 4.7
Details
CheckScoreReason
Code-Review:green_circle: 3Found 6/18 approved changesets -- score normalized to 3
Maintained:warning: 20 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
Vulnerabilities:green_circle: 82 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/aiohttp >= 3.10.2:green_circle: 6.9
Details
CheckScoreReason
Code-Review:green_circle: 5Found 15/28 approved changesets -- score normalized to 5
Maintained:green_circle: 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
Security-Policy:green_circle: 10security policy file detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
pip/aiohttp_cors >= 0.7.0 UnknownUnknown
pip/aiosqlite >= 0.20.0:green_circle: 3.9
Details
CheckScoreReason
Code-Review:green_circle: 5Found 3/6 approved changesets -- score normalized to 5
Maintained:warning: 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Packaging:warning: -1packaging workflow not detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/anyio >= 4.3.0:green_circle: 5.7
Details
CheckScoreReason
Code-Review:green_circle: 6Found 13/21 approved changesets -- score normalized to 6
Maintained:green_circle: 1029 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/bitstring >= 4.1.4:green_circle: 4.5
Details
CheckScoreReason
Code-Review:warning: 0Found 0/30 approved changesets -- score normalized to 0
Maintained:green_circle: 101 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
SAST:warning: 0no SAST tool detected
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/black >= 24.8.0:green_circle: 6.5
Details
CheckScoreReason
Code-Review:green_circle: 7Found 21/27 approved changesets -- score normalized to 7
Maintained:green_circle: 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/boto3 >= 1.34.143:green_circle: 7.9
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review:warning: 0Found 0/30 approved changesets -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
SAST:green_circle: 10SAST tool detected: CodeQL
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:green_circle: 10all dependencies are pinned
pip/build >= 1.2.1:green_circle: 6
Details
CheckScoreReason
Code-Review:green_circle: 9Found 13/14 approved changesets -- score normalized to 9
Maintained:green_circle: 1020 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Security-Policy:warning: 0security policy file not detected
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/chia_rs >= 0.13.0 UnknownUnknown
pip/chiabip158 >= 1.5.1:green_circle: 6
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:warning: 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:green_circle: 6branch protection is not maximal on development and all release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
pip/chiapos >= 2.0.4:green_circle: 6.3
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:green_circle: 10SAST tool is run on all commits
Packaging:green_circle: 10packaging workflow detected
Branch-Protection:warning: 1branch protection is not maximal on development and all release branches
pip/chiavdf >= 1.1.4:green_circle: 6.2
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Binary-Artifacts:green_circle: 10no binaries found in the repo
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Branch-Protection:green_circle: 6branch protection is not maximal on development and all release branches
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
pip/click >= 8.1.7:green_circle: 6.8
Details
CheckScoreReason
Code-Review:warning: 1Found 2/13 approved changesets -- score normalized to 1
Maintained:green_circle: 1021 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:green_circle: 104 out of the last 4 releases have a total of 4 signed artifacts.
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:green_circle: 5dependency not pinned by hash detected -- score normalized to 5
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
Packaging:green_circle: 10packaging workflow detected
Security-Policy:green_circle: 9security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/clvm >= 0.9.10:green_circle: 5.9
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:warning: 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:green_circle: 6branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 8SAST tool is not run on all commits -- score normalized to 8
pip/clvm_tools >= 0.4.9 UnknownUnknown
pip/clvm_tools_rs >= 0.1.43 UnknownUnknown
pip/colorama >= 0.4.6:green_circle: 4.3
Details
CheckScoreReason
Code-Review:green_circle: 3Found 5/16 approved changesets -- score normalized to 3
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/colorlog >= 6.8.2:green_circle: 4.3
Details
CheckScoreReason
Code-Review:warning: 1Found 3/29 approved changesets -- score normalized to 1
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/concurrent_log_handler >= 0.9.25 UnknownUnknown
pip/coverage >= 7.6.1:green_circle: 8.5
Details
CheckScoreReason
Code-Review:warning: 0Found 2/27 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
License:green_circle: 10license file detected
CII-Best-Practices:green_circle: 5badge detected: Passing
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:green_circle: 5dependency not pinned by hash detected -- score normalized to 5
Fuzzing:green_circle: 10project is fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
pip/cryptography >= 43.0.1:green_circle: 8.6
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 10all changesets reviewed
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Fuzzing:green_circle: 10project is fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Packaging:green_circle: 10packaging workflow detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:green_circle: 4dependency not pinned by hash detected -- score normalized to 4
pip/diff-cover >= 9.0.0:green_circle: 6
Details
CheckScoreReason
Code-Review:green_circle: 5Found 6/12 approved changesets -- score normalized to 5
Maintained:green_circle: 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:green_circle: 10SAST tool is run on all commits
pip/dnslib >= 0.9.25:green_circle: 4.6
Details
CheckScoreReason
Code-Review:warning: 2Found 5/23 approved changesets -- score normalized to 2
Maintained:green_circle: 105 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/dnspython >= 2.6.1:green_circle: 6.2
Details
CheckScoreReason
Code-Review:warning: 1Found 5/30 approved changesets -- score normalized to 1
Maintained:green_circle: 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:green_circle: 9SAST tool detected but not run on all commits
pip/filelock >= 3.15.4 UnknownUnknown
pip/flake8 >= 7.1.1:green_circle: 6
Details
CheckScoreReason
Code-Review:green_circle: 5Found 5/10 approved changesets -- score normalized to 5
Maintained:green_circle: 105 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/hsms >= 0.3.1 UnknownUnknown
pip/importlib-resources >= 6.4.0:green_circle: 5.9
Details
CheckScoreReason
Code-Review:warning: 0Found 0/28 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts:green_circle: 10no binaries found in the repo
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Packaging:warning: -1packaging workflow not detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/isort >= 5.13.2:green_circle: 3.4
Details
CheckScoreReason
Code-Review:green_circle: 7Found 10/14 approved changesets -- score normalized to 7
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 8binaries present in source code
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:warning: 011 existing vulnerabilities detected
pip/keyring >= 25.2.1:green_circle: 5.9
Details
CheckScoreReason
Code-Review:warning: 0Found 2/25 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Packaging:warning: -1packaging workflow not detected
Security-Policy:green_circle: 10security policy file detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/keyrings.cryptfile >= 1.3.9:green_circle: 3.9
Details
CheckScoreReason
Code-Review:green_circle: 5Found 8/15 approved changesets -- score normalized to 5
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Security-Policy:warning: 0security policy file not detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/lxml >= 5.2.2:green_circle: 6.6
Details
CheckScoreReason
Code-Review:warning: 0Found 2/27 approved changesets -- score normalized to 0
Maintained:green_circle: 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Security-Policy:green_circle: 10security policy file detected
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/miniupnpc >= 2.2.2 UnknownUnknown
pip/mypy >= 1.11.1:green_circle: 6.3
Details
CheckScoreReason
Code-Review:green_circle: 8Found 23/28 approved changesets -- score normalized to 8
Maintained:green_circle: 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
Security-Policy:green_circle: 10security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/packaging >= 24.0:green_circle: 7.6
Details
CheckScoreReason
Code-Review:green_circle: 8Found 21/26 approved changesets -- score normalized to 8
Maintained:green_circle: 1015 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:green_circle: 9security policy file detected
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 4binaries present in source code
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:green_circle: 10all dependencies are pinned
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 91 existing vulnerabilities detected
SAST:green_circle: 10SAST tool is run on all commits
pip/pip >= 24.2:green_circle: 5.9
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 2badge detected: InProgress
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 9security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Packaging:warning: -1packaging workflow not detected
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
Binary-Artifacts:warning: 0binaries present in source code
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:green_circle: 10project is fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/py3createtorrent >= 1.2.1:green_circle: 3.4
Details
CheckScoreReason
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review:warning: 0Found 0/11 approved changesets -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pyinstaller >= 6.9.0:green_circle: 5.5
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:warning: 0binaries present in source code
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
pip/pylint >= 3.2.6:green_circle: 7.2
Details
CheckScoreReason
Code-Review:green_circle: 9Found 19/20 approved changesets -- score normalized to 9
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
License:green_circle: 10license file detected
CII-Best-Practices:green_circle: 5badge detected: Passing
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Security-Policy:green_circle: 9security policy file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
SAST:green_circle: 9SAST tool detected but not run on all commits
pip/pytest >= 8.3.3:green_circle: 6.4
Details
CheckScoreReason
Code-Review:green_circle: 9Found 10/11 approved changesets -- score normalized to 9
Maintained:green_circle: 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:green_circle: 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:warning: 0security policy file not detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pytest-cov >= 5.0.0:green_circle: 5.2
Details
CheckScoreReason
Maintained:green_circle: 1014 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review:warning: 2Found 6/22 approved changesets -- score normalized to 2
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 55 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pytest-mock >= 3.14.0:green_circle: 5.5
Details
CheckScoreReason
Code-Review:warning: 2Found 1/4 approved changesets -- score normalized to 2
Maintained:green_circle: 1020 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pytest-monitor >= 1.6.6:green_circle: 4.3
Details
CheckScoreReason
Code-Review:warning: 2Found 3/15 approved changesets -- score normalized to 2
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: -1No tokens found
Dangerous-Workflow:warning: -1no workflows found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: -1no dependencies found
Security-Policy:warning: 0security policy file not detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 91 existing vulnerabilities detected
SAST:green_circle: 7SAST tool is not run on all commits -- score normalized to 7
pip/pytest-xdist >= 3.6.1:green_circle: 5.6
Details
CheckScoreReason
Maintained:green_circle: 1020 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 10all changesets reviewed
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pyupgrade >= 3.16.0:green_circle: 4.8
Details
CheckScoreReason
Code-Review:warning: 1Found 1/6 approved changesets -- score normalized to 1
Maintained:green_circle: 1013 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: -1no dependencies found
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Security-Policy:warning: 0security policy file not detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pyyaml >= 6.0.1:green_circle: 6.4
Details
CheckScoreReason
Code-Review:warning: 2Found 7/30 approved changesets -- score normalized to 2
Maintained:green_circle: 102 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/setproctitle >= 1.3.3:green_circle: 3.4
Details
CheckScoreReason
Code-Review:warning: 0Found 2/26 approved changesets -- score normalized to 0
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/setuptools >= 75.1.0:green_circle: 5
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review:warning: 1Found 2/15 approved changesets -- score normalized to 1
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:warning: 2binaries present in source code
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/sortedcontainers >= 2.4.0:green_circle: 3.4
Details
CheckScoreReason
Code-Review:warning: 0Found 1/30 approved changesets -- score normalized to 0
Maintained:warning: 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Packaging:warning: -1packaging workflow not detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/typing-extensions >= 4.11.0:green_circle: 7.2
Details
CheckScoreReason
Code-Review:green_circle: 7Found 21/29 approved changesets -- score normalized to 7
Maintained:green_circle: 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Security-Policy:green_circle: 10security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/watchdog >= 4.0.1:green_circle: 4.7
Details
CheckScoreReason
Code-Review:warning: 0Found 2/30 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Packaging:green_circle: 10packaging workflow detected

Scanned Manifest Files

2024-09-25T16:04:37.6097831Z ##[debug]
pyproject.toml
  • aiofiles@>= 24.1.0
  • aiohttp@>= 3.10.2
  • aiohttp_cors@>= 0.7.0
  • aiosqlite@>= 0.20.0
  • anyio@>= 4.3.0
  • bitstring@>= 4.1.4
  • black@>= 24.8.0
  • boto3@>= 1.34.143
  • build@>= 1.2.1
  • chia_rs@>= 0.13.0
  • chiabip158@>= 1.5.1
  • chiapos@>= 2.0.4
  • chiavdf@>= 1.1.4
  • click@>= 8.1.7
  • clvm@>= 0.9.10
  • clvm_tools@>= 0.4.9
  • clvm_tools_rs@>= 0.1.43
  • colorama@>= 0.4.6
  • colorlog@>= 6.8.2
  • concurrent_log_handler@>= 0.9.25
  • coverage@>= 7.6.1
  • cryptography@>= 43.0.1
  • diff-cover@>= 9.0.0
  • dnslib@>= 0.9.25
  • dnspython@>= 2.6.1
  • filelock@>= 3.15.4
  • flake8@>= 7.1.1
  • hsms@>= 0.3.1
  • importlib-resources@>= 6.4.0
  • isort@>= 5.13.2
  • keyring@>= 25.2.1
  • keyrings.cryptfile@>= 1.3.9
  • lxml@>= 5.2.2
  • miniupnpc@>= 2.2.2
  • mypy@>= 1.11.1
  • packaging@>= 24.0
  • pip@>= 24.2
  • py3createtorrent@>= 1.2.1
  • pyinstaller@>= 6.9.0
  • pylint@>= 3.2.6
  • pytest@>= 8.3.3
  • pytest-cov@>= 5.0.0
  • pytest-mock@>= 3.14.0
  • pytest-monitor@>= 1.6.6
  • pytest-xdist@>= 3.6.1
  • pyupgrade@>= 3.16.0
  • pyyaml@>= 6.0.1
  • setproctitle@>= 1.3.3
  • setuptools@>= 75.1.0
  • sortedcontainers@>= 2.4.0
  • typing-extensions@>= 4.11.0
  • watchdog@>= 4.0.1
  • aiofiles@24.1.0
  • aiohttp@3.10.2
  • aiohttp_cors@0.7.0
  • aiosqlite@0.20.0
  • anyio@4.3.0
  • bitstring@4.1.4
  • black@24.8.0
  • boto3@1.34.143
  • build@1.2.1
  • chia_rs@0.13.0
  • chiabip158@1.5.1
  • chiapos@2.0.4
  • chiavdf@1.1.4
  • click@8.1.7
  • clvm@0.9.10
  • clvm_tools@0.4.9
  • clvm_tools_rs@0.1.43
  • colorama@0.4.6
  • colorlog@6.8.2
  • concurrent_log_handler@0.9.25
  • coverage@7.6.1
  • cryptography@43.0.1
  • diff-cover@9.0.0
  • dnslib@0.9.25
  • dnspython@2.6.1
  • filelock@3.15.4
  • flake8@7.1.1
  • hsms@0.3.1
  • importlib-resources@6.4.0
  • isort@5.13.2
  • keyring@25.2.1
  • keyrings.cryptfile@1.3.9
  • lxml@5.2.2
  • miniupnpc@2.2.2
  • mypy@1.11.1
  • packaging@24.0
  • pip@24.2
  • py3createtorrent@1.2.1
  • pyinstaller@6.9.0
  • pylint@3.2.6
  • pytest@8.3.3
  • pytest-cov@5.0.0
  • pytest-mock@3.14.0
  • pytest-monitor@1.6.6
  • pytest-xdist@3.6.1
  • pyupgrade@3.16.0
  • pyyaml@6.0.1
  • setproctitle@1.3.3
  • setuptools@75.1.0
  • sortedcontainers@2.4.0
  • typing-extensions@4.11.0
  • watchdog@4.0.1

2024-09-25T16:04:37.6107104Z ##[debug] 2024-09-25T16:04:37.6109820Z ##[debug]Finishing: Dependency Review 2024-09-25T16:04:37.6128229Z ##[debug]Evaluating condition for step: 'Post Checkout Repository' 2024-09-25T16:04:37.6130812Z ##[debug]Evaluating: always() 2024-09-25T16:04:37.6131225Z ##[debug]Evaluating always: 2024-09-25T16:04:37.6132041Z ##[debug]=> true 2024-09-25T16:04:37.6132487Z ##[debug]Result: true 2024-09-25T16:04:37.6133174Z ##[debug]Starting: Post Checkout Repository 2024-09-25T16:04:37.6166821Z ##[debug]Loading inputs 2024-09-25T16:04:37.6167719Z ##[debug]Evaluating: github.repository 2024-09-25T16:04:37.6168104Z ##[debug]Evaluating Index: 2024-09-25T16:04:37.6168440Z ##[debug]..Evaluating github: 2024-09-25T16:04:37.6168955Z ##[debug]..=> Object 2024-09-25T16:04:37.6169219Z ##[debug]..Evaluating String: 2024-09-25T16:04:37.6169516Z ##[debug]..=> 'repository' 2024-09-25T16:04:37.6169865Z ##[debug]=> 'Chia-Network/chia-blockchain' 2024-09-25T16:04:37.6170262Z ##[debug]Result: 'Chia-Network/chia-blockchain' 2024-09-25T16:04:37.6171921Z ##[debug]Evaluating: github.token 2024-09-25T16:04:37.6172277Z ##[debug]Evaluating Index: 2024-09-25T16:04:37.6172559Z ##[debug]..Evaluating github: 2024-09-25T16:04:37.6172861Z ##[debug]..=> Object 2024-09-25T16:04:37.6173132Z ##[debug]..Evaluating String: 2024-09-25T16:04:37.6173410Z ##[debug]..=> 'token' 2024-09-25T16:04:37.6173867Z ##[debug]=> '' 2024-09-25T16:04:37.6174253Z ##[debug]Result: '' 2024-09-25T16:04:37.6183234Z ##[debug]Loading env 2024-09-25T16:04:37.6187828Z Post job cleanup. 2024-09-25T16:04:37.7112417Z ##[debug]Getting git version 2024-09-25T16:04:37.7126819Z [command]/usr/bin/git version 2024-09-25T16:04:37.7162730Z git version 2.46.1 2024-09-25T16:04:37.7185267Z ##[debug]0 2024-09-25T16:04:37.7186055Z ##[debug]git version 2.46.1 2024-09-25T16:04:37.7186539Z ##[debug] 2024-09-25T16:04:37.7187726Z ##[debug]Set git useragent to: git/2.46.1 (github-actions-checkout) 2024-09-25T16:04:37.7191291Z ::add-mask::*** 2024-09-25T16:04:37.7213329Z Temporarily overriding HOME='/home/runner/work/_temp/cda30151-6a69-4e9d-acb1-05492fd958a6' before making global git config changes 2024-09-25T16:04:37.7215046Z Adding repository directory to the temporary git global config as a safe directory 2024-09-25T16:04:37.7219799Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/chia-blockchain/chia-blockchain 2024-09-25T16:04:37.7250904Z ##[debug]0 2024-09-25T16:04:37.7251613Z ##[debug] 2024-09-25T16:04:37.7258284Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand 2024-09-25T16:04:37.7283605Z ##[debug]1 2024-09-25T16:04:37.7284306Z ##[debug] 2024-09-25T16:04:37.7289857Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-09-25T16:04:37.7522377Z ##[debug]0 2024-09-25T16:04:37.7522850Z ##[debug] 2024-09-25T16:04:37.7528020Z [command]/usr/bin/git config --local --name-only --get-regexp http.https\:\/\/github.com\/.extraheader 2024-09-25T16:04:37.7547801Z http.https://github.com/.extraheader 2024-09-25T16:04:37.7554423Z ##[debug]0 2024-09-25T16:04:37.7555278Z ##[debug]http.https://github.com/.extraheader 2024-09-25T16:04:37.7555946Z ##[debug] 2024-09-25T16:04:37.7561135Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-09-25T16:04:37.7587033Z ##[debug]0 2024-09-25T16:04:37.7587705Z ##[debug] 2024-09-25T16:04:37.7593631Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https\:\/\/github.com\/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-09-25T16:04:37.7810420Z ##[debug]0 2024-09-25T16:04:37.7810949Z ##[debug] 2024-09-25T16:04:37.7811392Z ##[debug]Unsetting HOME override 2024-09-25T16:04:37.7876757Z ##[debug]Node Action run completed with exit code 0 2024-09-25T16:04:37.7879897Z ##[debug]Finishing: Post Checkout Repository 2024-09-25T16:04:37.8037833Z ##[debug]Starting: Complete job 2024-09-25T16:04:37.8039605Z Uploading runner diagnostic logs 2024-09-25T16:04:37.8087266Z ##[debug]Starting diagnostic file upload. 2024-09-25T16:04:37.8087688Z ##[debug]Setting up diagnostic log folders. 2024-09-25T16:04:37.8090160Z ##[debug]Creating diagnostic log files folder. 2024-09-25T16:04:37.8107276Z ##[debug]Copying 1 worker diagnostic logs. 2024-09-25T16:04:37.8124163Z ##[debug]Copying 1 runner diagnostic logs. 2024-09-25T16:04:37.8125752Z ##[debug]Zipping diagnostic files. 2024-09-25T16:04:37.8185973Z ##[debug]Uploading diagnostic metadata file. 2024-09-25T16:04:37.8206420Z ##[debug]Diagnostic file upload complete. 2024-09-25T16:04:37.8207081Z Completed runner diagnostic log upload 2024-09-25T16:04:37.8207452Z Cleaning up orphan processes 2024-09-25T16:04:37.8535461Z ##[debug]Finishing: Complete job 2024-09-25T16:04:37.8648374Z ##[debug]Finishing: dependency-review


</details>

<details>
<summary>workflow source</summary>

```yaml
# Managed by repo-content-updater
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: "🚨 Dependency Review"
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: "Checkout Repository"
        uses: actions/checkout@v4

      - name: "Dependency Review"
        uses: actions/dependency-review-action@v4
        with:
          allow-dependencies-licenses: pkg:pypi/pylint, pkg:pypi/pyinstaller
          deny-licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later

https://github.com/Chia-Network/chia-blockchain/actions/runs/10356234775/workflow?pr=18305