github-actions[bot]
commented
3 weeks ago Dependency Review
The following issues were found:
- ✅ 0 vulnerable package(s)
- ❌ 3 package(s) with incompatible licenses
- ✅ 0 package(s) with invalid SPDX license definitions
- ✅ 0 package(s) with unknown licenses.
Snapshot Warnings
⚠️: No snapshots were found for the head SHA 30f1b87e237fe5417343c36762c125f10ef02969.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.
License Issues
poetry.lock
| Package | Version | License | Issue Type |
| idna | 3.8 | BSD-2-Clause AND BSD-3-Clause | Incompatible License |
| uvicorn | 0.30.6 | BSD-2-Clause AND BSD-3-Clause | Incompatible License |
| websockets | 13.0 | BSD-2-Clause AND BSD-3-Clause | Incompatible License |
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, MIT, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense
OpenSSF Scorecard
| Package | Version | Score | Details | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| pip/idna | 3.8 | :green_circle: 7 | Details
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pip/importlib-metadata | 8.4.0 | :green_circle: 6.4 | Details
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pip/soupsieve | 2.6 | :green_circle: 6.1 | Details
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pip/uvicorn | 0.30.6 | :green_circle: 6.1 | Details
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pip/websockets | 13.0 | :green_circle: 5.6 | Details
|
Scanned Manifest Files
poetry.lock
- idna@3.8
- importlib-metadata@8.4.0
- soupsieve@2.6
- uvicorn@0.30.6
- websockets@13.0
- idna@3.7
- importlib-metadata@8.2.0
- soupsieve@2.5
- uvicorn@0.30.5
- websockets@12.0
Bumps the python-packages group with 5 updates in the / directory:
3.73.88.2.08.4.02.52.60.30.50.30.612.013.0Updates
idnafrom 3.7 to 3.8Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
784c6f4Release v3.828c7c9eTypo fixa2b41c3Pin remainder of Github Actions flagged in code scanning1f613c5More Github Action dependency pinninga87e2b6Update OSSF scorecard to latest version12d4dd1Merge pull request #182 from kjd/github-pypi-actionse1a1541Pin Github Actions dependenciesc109d3aMerge branch 'master' into github-pypi-actionsf8a8de4Do not try to build/send packages to TestPyPI for now613bddeUpdate regexp to move global flag to start of expressionUpdates
importlib-metadatafrom 8.2.0 to 8.4.0Changelog
Sourced from importlib-metadata's changelog.
Commits
1616cb3Finalize71b4678Add news fragment.ebcdcfdRemove workaround for python/typeshed#10328.2c43cfeMerge pull request #499 from danielhollas/defer-inspecta7aaf72Use third-person imperative voice and link to issue in comment.e99c105Restore single-expression logic.debb516Don't use global var3c8e1ecFinalize5035755Merge pull request #498 from python/feature/entry-points-disallow-dist-match6d9b766Remove MetadataPathFinder regardless of its position.Updates
soupsievefrom 2.5 to 2.6Release notes
Sourced from soupsieve's releases.
Commits
f974ea7Update token (#273)1a67e46Officially support Python 3.13 and update build environment (#271)25631bdfix Adjacent sibling combinator example (#272)e0d4979Improve pseudo-class error message (#270)c811bdfAdd support for nesting ampersand (#269)dc71495Fix typo in README.md (#267)Updates
uvicornfrom 0.30.5 to 0.30.6Release notes
Sourced from uvicorn's releases.
Changelog
Sourced from uvicorn's changelog.
Commits
7dc027dVersion 0.30.6 (#2428)587a1ccfix: upgrade is not websocket and dependencies are installed, should not warn...cee31a6test(signal): add sleep to ensure shutdown completion (#2427)eba64efci: timeout for test suite runs to 30 minutes (#2426)0f513d2Remove signal testing order dependency (#2382)Updates
websocketsfrom 12.0 to 13.0Release notes
Sourced from websockets's releases.
Commits
323adefMigrate to actions/upload-artifact@v4.f9c20d0Avoid deleting .so files in .direnv or equivalent.4d0e0e1Build sdist and arch-independent wheel with build.0019943Release version 13.0.12fa8bcComplete changelog with changes since 12.0.9d355bfRemove unnecessary code paths in keepalive().453e55aStandardize on raise AssertionError(...).9e5b91bImprove documentation of latency.8eaa5a2Document & test process_response modifying the response.09b1d8dFix tests on Python < 3.10.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show