durandtibo / arkas

Library to evaluate ML model performances
https://durandtibo.github.io/arkas/
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Update dependencies and workflows #399

Closed durandtibo closed 5 days ago

github-actions[bot] commented 5 days ago

Dependency Review

The following issues were found:

See the Details below.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
pywin32308NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/anyio 4.6.2.post1 :green_circle: 5.5
Details
CheckScoreReason
Code-Review:green_circle: 4Found 11/24 approved changesets -- score normalized to 4
Maintained:green_circle: 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.0 :green_circle: 8
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
CI-Tests:green_circle: 1021 out of 21 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:warning: 0Found 1/12 approved changesets -- score normalized to 0
Contributors:green_circle: 3project has 1 contributing companies or organizations -- score normalized to 3
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
License:green_circle: 10license file detected
Maintained:green_circle: 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging:green_circle: 10packaging workflow detected
Pinned-Dependencies:green_circle: 4dependency not pinned by hash detected -- score normalized to 4
SAST:green_circle: 10SAST tool is run on all commits
Security-Policy:green_circle: 10security policy file detected
Signed-Releases:green_circle: 105 out of the last 5 releases have a total of 5 signed artifacts.
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/debugpy 1.8.7 :green_circle: 6.1
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1029 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy:green_circle: 10security policy file detected
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
SAST:green_circle: 9SAST tool detected but not run on all commits
Binary-Artifacts:warning: 0binaries present in source code
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
pip/distlib 0.3.9 UnknownUnknown
pip/griffe 1.5.1 :green_circle: 4.4
Details
CheckScoreReason
Code-Review:warning: 0Found 0/30 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
SAST:warning: 0no SAST tool detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
pip/grizz 0.1.0 UnknownUnknown
pip/httpcore 1.0.6 :green_circle: 7.1
Details
CheckScoreReason
Code-Review:green_circle: 9Found 18/20 approved changesets -- score normalized to 9
Maintained:green_circle: 108 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Security-Policy:green_circle: 10security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/iden 0.1.0 UnknownUnknown
pip/jsonschema-specifications 2024.10.1 :green_circle: 5.1
Details
CheckScoreReason
Code-Review:warning: 2Found 1/5 approved changesets -- score normalized to 2
Maintained:green_circle: 1023 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:green_circle: 4security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/markupsafe 3.0.2 :green_circle: 6.7
Details
CheckScoreReason
Code-Review:warning: 0Found 1/20 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:green_circle: 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
Security-Policy:green_circle: 9security policy file detected
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
Signed-Releases:green_circle: 105 out of the last 5 releases have a total of 5 signed artifacts.
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/mkdocstrings-python 1.12.2 :green_circle: 4.4
Details
CheckScoreReason
Code-Review:warning: 0Found 2/30 approved changesets -- score normalized to 0
Maintained:green_circle: 1029 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/objectory 0.2.0 UnknownUnknown
pip/pillow 11.0.0 :green_circle: 7.3
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 6Found 12/18 approved changesets -- score normalized to 6
License:green_circle: 9license file detected
CII-Best-Practices:warning: 2badge detected: InProgress
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Fuzzing:green_circle: 10project is fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts:green_circle: 10no binaries found in the repo
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
pip/psutil 6.1.0 :green_circle: 5.8
Details
CheckScoreReason
Code-Review:warning: 2Found 6/30 approved changesets -- score normalized to 2
Maintained:green_circle: 1025 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Security-Policy:green_circle: 10security policy file detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pymdown-extensions 10.11.2 :green_circle: 5.2
Details
CheckScoreReason
Code-Review:warning: 0Found 2/30 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities:green_circle: 46 existing vulnerabilities detected
pip/pyparsing 3.2.0 :green_circle: 6.6
Details
CheckScoreReason
Code-Review:warning: 0Found 0/30 approved changesets -- score normalized to 0
Maintained:green_circle: 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST:warning: 0no SAST tool detected
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/pywin32 308 :green_circle: 4.7
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 9Found 27/30 approved changesets -- score normalized to 9
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
License:warning: 0license file not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Security-Policy:warning: 0security policy file not detected
Binary-Artifacts:green_circle: 8binaries present in source code
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/pywinpty 2.0.14 UnknownUnknown
pip/ruff 0.7.1 UnknownUnknown
pip/setuptools 75.2.0 :green_circle: 5.2
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 3Found 4/11 approved changesets -- score normalized to 3
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:warning: 2binaries present in source code
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/tinycss2 1.4.0 :green_circle: 4.1
Details
CheckScoreReason
Code-Review:warning: 0Found 1/15 approved changesets -- score normalized to 0
Maintained:warning: 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Security-Policy:warning: 0security policy file not detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/tomli 2.0.2 :green_circle: 5.6
Details
CheckScoreReason
Code-Review:warning: 2Found 6/25 approved changesets -- score normalized to 2
Maintained:green_circle: 99 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/types-python-dateutil 2.9.0.20241003 :green_circle: 6.2
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 10all changesets reviewed
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Fuzzing:warning: 0project is not fuzzed
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Security-Policy:green_circle: 10security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts:green_circle: 10no binaries found in the repo
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
pip/virtualenv 20.27.0 :green_circle: 6.1
Details
CheckScoreReason
Code-Review:green_circle: 5Found 8/16 approved changesets -- score normalized to 5
Maintained:green_circle: 1029 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Binary-Artifacts:green_circle: 6binaries present in source code
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/grizz >= 0.1,< 1.0 UnknownUnknown
pip/iden >= 0.1,< 1.0 UnknownUnknown
pip/objectory >= 0.2,< 1.0 UnknownUnknown

Scanned Manifest Files

poetry.lock
  • anyio@4.6.2.post1
  • charset-normalizer@3.4.0
  • debugpy@1.8.7
  • distlib@0.3.9
  • griffe@1.5.1
  • grizz@0.1.0
  • httpcore@1.0.6
  • iden@0.1.0
  • jsonschema-specifications@2024.10.1
  • markupsafe@3.0.2
  • mkdocstrings-python@1.12.2
  • objectory@0.2.0
  • pillow@11.0.0
  • psutil@6.1.0
  • pymdown-extensions@10.11.2
  • pyparsing@3.2.0
  • pywin32@308
  • pywinpty@2.0.14
  • ruff@0.7.1
  • setuptools@75.2.0
  • tinycss2@1.4.0
  • tomli@2.0.2
  • types-python-dateutil@2.9.0.20241003
  • virtualenv@20.27.0
  • anyio@4.6.0
  • charset-normalizer@3.3.2
  • debugpy@1.8.6
  • distlib@0.3.8
  • griffe@1.3.1
  • grizz@0.0.5
  • httpcore@1.0.5
  • iden@0.0.4
  • jsonschema-specifications@2023.12.1
  • markupsafe@2.1.5
  • mkdocstrings-python@1.11.1
  • objectory@0.1.2
  • pillow@10.4.0
  • psutil@6.0.0
  • pymdown-extensions@10.11
  • pyparsing@3.1.4
  • pywin32@306
  • pywinpty@2.0.13
  • ruff@0.7.0
  • setuptools@75.1.0
  • tinycss2@1.3.0
  • tomli@2.0.1
  • types-python-dateutil@2.9.0.20240906
  • virtualenv@20.26.6
pyproject.toml
  • grizz@>= 0.1,< 1.0
  • iden@>= 0.1,< 1.0
  • objectory@>= 0.2,< 1.0
  • grizz@>= 0.0.5,< 1.0
  • iden@>= 0.0.4,< 1.0
  • objectory@>= 0.1,< 0.2
codecov-commenter commented 5 days ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (473176e) to head (f753862). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #399 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 95 95 Lines 2393 2393 Branches 144 144 ========================================= Hits 2393 2393 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.