Deps: Bump the python-packages group with 7 updates

[dependabot[bot]]

Bumps the python-packages group with 7 updates:

Package	From	To
coverage	7.5.0	7.5.1
babel	2.14.0	2.15.0
bcrypt	4.1.2	4.1.3
cryptography	42.0.5	42.0.6
jinja2	3.1.3	3.1.4
pygments	2.17.2	2.18.0
ruff	0.4.2	0.4.3

Updates coverage from 7.5.0 to 7.5.1

Changelog

Sourced from coverage's changelog.

Version 7.5.1 — 2024-05-04

• Fix: a pragma comment on the continuation lines of a multi-line statement now excludes the statement and its body, the same as if the pragma is on the first line. This closes issue 754. The fix was contributed by Daniel Diniz <pull 1773_>.

• Fix: very complex source files like this one <resolvent_lookup_>_ could cause a maximum recursion error when creating an HTML report. This is now fixed, closing issue 1774_.

• HTML report improvements:

  • Support files (JavaScript and CSS) referenced by the HTML report now have hashes added to their names to ensure updated files are used instead of stale cached copies.

  • Missing branch coverage explanations that said "the condition was never false" now read "the condition was always true" because it's easier to understand.

  • Column sort order is remembered better as you move between the index pages, fixing issue 1766. Thanks, Daniel Diniz <pull 1768_>.

.. _resolvent_lookup: https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py .. _issue 754: nedbat/coveragepy#754 .. _issue 1766: nedbat/coveragepy#1766 .. _pull 1768: nedbat/coveragepy#1768 .. _pull 1773: nedbat/coveragepy#1773 .. _issue 1774: nedbat/coveragepy#1774

.. _changes_7-5-0:

Commits

• be938ea docs: sample HTML for 7.5.1
• 02c66d7 docs: prep for 7.5.1
• 5fa9f67 fix: avoid max recursion errors in ast code. #1774
• 34af01d build: easier to run metasmoke on desired python version
• 6b0cac5 perf: cache _human_key to speed html report by about 10%
• fdc0ee8 docs: oops, typo
• 60e6cb4 docs: changelog for #754 and #1773
• 277c8c4 fix: '# pragma: no branch' in multiline if statements. #754 (#1773)
• 34d3eb7 docs: update changelog for #1786. Thanks, Daniel Diniz
• 2bb5ef2 fix(html): make HTML column sorting consistent across index pages (fix #1766)...
• Additional commits viewable in compare view

Updates babel from 2.14.0 to 2.15.0

Release notes

Sourced from babel's releases.

v2.15.0

The changelog below is auto-generated by GitHub.

The binary artifacts attached to this GitHub release were generated by the GitHub Actions workflow.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Drop support for Python 3.7 (EOL since June 2023) by @​akx in python-babel/babel#1048
• Upgrade GitHub Actions by @​cclauss in python-babel/babel#1054
• Improve .po IO by @​akx in python-babel/babel#1068
• Use CLDR 44 by @​akx in python-babel/babel#1071
• Allow alternative space characters as group separator when parsing numbers by @​ronnix in python-babel/babel#1007
• Include Unicode license in locale-data and in documentation by @​akx in python-babel/babel#1074
• Encode support for the "fall back to short format" logic for time delta formatting by @​akx in python-babel/babel#1075
• Prepare for 2.15.0 release by @​akx in python-babel/babel#1079

New Contributors

• @​cclauss made their first contribution in python-babel/babel#1054
• @​ronnix made their first contribution in python-babel/babel#1007

Full Changelog: https://github.com/python-babel/babel/compare/v2.14.0...v2.15.0

Changelog

Sourced from babel's changelog.

Version 2.15.0

Python version support

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)
Features

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)

Infrastructure


Upgrade GitHub Actions (:gh:1054) (@​cclauss's first contribution)
The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@​akx)

Commits

• 40b194f Prepare for 2.15.0 release (#1079)
• c2e6c6e Encode support for the "fall back to short format" logic for time delta forma...
• 1a03526 Include Unicode license in locale-data and in documentation (#1074)
• c0fb56e Allow alternative space characters as group separator when parsing numbers (#...
• fe82fbc Use CLDR 44 and adjust tests to match new data (#1071)
• e0d1018 Improve .po IO (#1068)
• 40e60a1 Upgrade GitHub Actions (#1054)
• 2a1709a Drop support for Python 3.7 (EOL since June 2023) (#1048)
• See full diff in compare view

Updates bcrypt from 4.1.2 to 4.1.3

Commits

• 35e5a6f Bump version for 4.1.3 release (#791)
• d99d1e5 Bump autocfg from 1.2.0 to 1.3.0 in /src/_bcrypt (#790)
• 0775d47 allow testing with pytest 8.2.0 (#786)
• 97d09ac Bump base64 from 0.22.0 to 0.22.1 in /src/_bcrypt (#787)
• ee4a9a8 use ubuntu rolling in arm64 CI (#784)
• 7d2474f Bump libc from 0.2.153 to 0.2.154 in /src/_bcrypt (#783)
• 7a252dd Try blocking pytest 8.2.0 (#785)
• 297a915 Remove brew install rust from macOS CI (#782)
• 6b3f99e Bump parking_lot_core from 0.9.9 to 0.9.10 in /src/_bcrypt (#778)
• c88b310 Bump parking_lot from 0.12.1 to 0.12.2 in /src/_bcrypt (#780)
• Additional commits viewable in compare view

Updates cryptography from 42.0.5 to 42.0.6

Changelog

Sourced from cryptography's changelog.

42.0.6 - 2024-05-04

* Fixed compilation when using LibreSSL 3.9.1.
.. _v42-0-5:

Commits

• cfad004 Prepare backports for 42.0.6 release (#10929)
• See full diff in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates pygments from 2.17.2 to 2.18.0

Release notes

Sourced from pygments's releases.

2.18.0

• New lexers:

  • Janet (#2557)
  • Lean 4 (#2618, #2626)
  • Luau (#2605)
  • Mojo (#2691, #2515)
  • org-mode (#2628, #2636)
  • Promela (#2620)
  • Soong / Android.bp (#2659)
  • Tact (#2571)
  • Typst (#2596)

• Updated lexers:

  • Awk: recognize ternary operator (#2687)
  • Bash: add openrc alias (#2599, #2371)
  • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
  • DNS zone files: Fix comment parsing (#2595)
  • Hy: Support unicode literals (#1126)
  • Inform6: Update to Inform 6.42 (#2644)
  • lean: Fix name handling (#2614)
  • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
  • Macaulay2: Update to 1.23 (#2655)
  • Python: fix highlighting of soft keywords before None/True/False
  • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
  • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
  • Spice: Add keywords (#2621)
  • SQL Explain: allow negative numbers (#2610)
  • Swift: Support multiline strings (#2681)
  • ThingsDB: add constants and new functions; support template strings (#2624)
  • UL4: support nested <?doc?> and <?note?> tags (#2597)
  • VHDL: support multi-line comments of VHDL-2008 (#2622)
  • Wikitext: Remove kk-* in variant_langs (#2647)
  • Xtend: Add val and var (#2602)

• New styles:

  • Coffee (#2609)

• Make background colors in the image formatter work with Pillow 10.0 (#2623)

• Require Python 3.8. As a result, the importlib-metadata package is no longer needed for fast plugin discovery on Python 3.7. The plugins extra (used as, e.g., pip install pygments[plugins])

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.18.0

(released May 4th, 2024)

• New lexers:

  • Janet (#2557)
  • Lean 4 (#2618, #2626)
  • Luau (#2605)
  • Mojo (#2691, #2515)
  • org-mode (#2628, #2636)
  • Promela (#2620)
  • Soong / Android.bp (#2659)
  • Tact (#2571)
  • Typst (#2596)

• Updated lexers:

  • Awk: recognize ternary operator (#2687)
  • Bash: add openrc alias (#2599, #2371)
  • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
  • DNS zone files: Fix comment parsing (#2595)
  • Hy: Support unicode literals (#1126)
  • Inform6: Update to Inform 6.42 (#2644)
  • lean: Fix name handling (#2614)
  • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
  • Macaulay2: Update to 1.23 (#2655)
  • Python: fix highlighting of soft keywords before None/True/False
  • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
  • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
  • Spice: Add keywords (#2621)
  • SQL Explain: allow negative numbers (#2610)
  • Swift: Support multiline strings (#2681)
  • ThingsDB: add constants and new functions; support template strings (#2624)
  • UL4: support nested <?doc?> and <?note?> tags (#2597)
  • VHDL: support multi-line comments of VHDL-2008 (#2622)
  • Wikitext: Remove kk-* in variant_langs (#2647)
  • Xtend: Add val and var (#2602)

• New styles:

  • Coffee (#2609)

• Make background colors in the image formatter work with Pillow 10.0 (#2623)

... (truncated)

Commits

• d7d11f6 Last steps for 2.18 release.
• ec7bfd2 Fix Janet version_added.
• ea9c823 Update CHANGES.
• 338d366 Merge pull request #2670 from Kodiologist/hylex
• 4d1371b Lock down the pytest version.
• 8dd97e0 Improve docs.
• 26179d6 Fix deprecated variable usage in tests.
• ad125ca Prepare 2.18 release.
• 24deeb9 Lock the ruff version in tox.ini.
• c9165cf Fix format string usage.
• Additional commits viewable in compare view

Updates ruff from 0.4.2 to 0.4.3

Release notes

Sourced from ruff's releases.

v0.4.3

Changes

Enhancements

• Add support for PEP 696 syntax (#11120)

Preview features

• [refurb] Use function range for reimplemented-operator diagnostics (#11271)
• [refurb] Ignore methods in reimplemented-operator (FURB118) (#11270)
• [refurb] Implement fstring-number-format (FURB116) (#10921)
• [ruff] Implement redirected-noqa (RUF101) (#11052)
• [pyflakes] Distinguish between first-party and third-party imports for fix suggestions (#11168)

Rule changes

• [flake8-bugbear] Ignore non-abstract class attributes when enforcing B024 (#11210)
• [flake8-logging] Include inline instantiations when detecting loggers (#11154)
• [pylint] Also emit PLR0206 for properties with variadic parameters (#11200)
• [ruff] Detect duplicate codes as part of unused-noqa (RUF100) (#10850)

Formatter

• Avoid multiline expression if format specifier is present (#11123)

LSP

• Write ruff server setup guide for Helix (#11183)
• ruff server no longer hangs after shutdown (#11222)
• ruff server reads from a configuration TOML file in the user configuration directory if no local configuration exists (#11225)
• ruff server respects per-file-ignores configuration (#11224)
• ruff server: Support a custom TOML configuration file (#11140)
• ruff server: Support setting to prioritize project configuration over editor configuration (#11086)

Bug fixes

• Avoid debug assertion around NFKC renames (#11249)
• [pyflakes] Prioritize redefined-while-unused over unused-import (#11173)
• [ruff] Respect async expressions in comprehension bodies (#11219)
• [pygrep_hooks] Fix blanket-noqa panic when last line has noqa with no newline (PGH004) (#11108)
• [perflint] Ignore list-copy recommendations for async for loops (#11250)
• [pyflakes] Improve invalid-print-syntax documentation (#11171)

Performance

• Avoid allocations for isort module names (#11251)
• Build a separate ARM wheel for macOS (#11149)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.3

Enhancements

• Add support for PEP 696 syntax (#11120)

Preview features

• [refurb] Use function range for reimplemented-operator diagnostics (#11271)
• [refurb] Ignore methods in reimplemented-operator (FURB118) (#11270)
• [refurb] Implement fstring-number-format (FURB116) (#10921)
• [ruff] Implement redirected-noqa (RUF101) (#11052)
• [pyflakes] Distinguish between first-party and third-party imports for fix suggestions (#11168)

Rule changes

• [flake8-bugbear] Ignore non-abstract class attributes when enforcing B024 (#11210)
• [flake8-logging] Include inline instantiations when detecting loggers (#11154)
• [pylint] Also emit PLR0206 for properties with variadic parameters (#11200)
• [ruff] Detect duplicate codes as part of unused-noqa (RUF100) (#10850)

Formatter

• Avoid multiline expression if format specifier is present (#11123)

LSP

• Write ruff server setup guide for Helix (#11183)
• ruff server no longer hangs after shutdown (#11222)
• ruff server reads from a configuration TOML file in the user configuration directory if no local configuration exists (#11225)
• ruff server respects per-file-ignores configuration (#11224)
• ruff server: Support a custom TOML configuration file (#11140)
• ruff server: Support setting to prioritize project configuration over editor configuration (#11086)

Bug fixes

• Avoid debug assertion around NFKC renames (#11249)
• [pyflakes] Prioritize redefined-while-unused over unused-import (#11173)
• [ruff] Respect async expressions in comprehension bodies (#11219)
• [pygrep_hooks] Fix blanket-noqa panic when last line has noqa with no newline (PGH004) (#11108)
• [perflint] Ignore list-copy recommendations for async for loops (#11250)
• [pyflakes] Improve invalid-print-syntax documentation (#11171)

Performance

• Avoid allocations for isort module names (#11251)
• Build a separate ARM wheel for macOS (#11149)

Commits

• 1e91a09 Bump version to v0.4.3 (#11274)
• d0f51c6 Remove remaining ruff_shrinking references (#11272)
• 8dd3811 Use function range for reimplemented-operator diagnostics (#11271)
• 894cd13 [refurb] Ignore methods in reimplemented-operator (FURB118) (#11270)
• f3284fd Remove unnecessary check for RUF020 enabled (#11268)
• 82dd5e6 [red-knot] resolve class members (#11256)
• 6a1e555 Upgrade to Rust 1.78 (#11260)
• 349a4cf Remove trailing reference section (#11257)
• dfbeca5 ruff server no longer hangs after shutdown (#11222)
• 9e69cd6 Rephrase rationale for pytest-incorrect-pytest-import (#11255)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA fd84c669a38cec98489b1a73d737b8c614e3c607.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
cryptography	42.0.6	Null	Unknown License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, GPL-3.0-or-later, LGPL-2.1, EPL-2.0, Python-2.0, GPL-2.0-or-later, GPL-2.0-only, GPL-3.0-or-later AND LGPL-2.1-only, GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only, GPL-2.0 AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later, MIT, ISC, Unlicense, Apache-2.0, BSD-3-Clause, BSD-2-Clause, BSD-2-Clause AND MIT, MPL-2.0, CC-BY-4.0, CC-BY-3.0, CC-BY-SA-4.0, CC0-1.0, BSD-2-Clause AND BSD-3-Clause, BSD-3-Clause AND BSD-3-Clause-Clear, MIT OR Apache-2.0, MIT AND Python-2.0, (Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT), (MIT OR Apache-2.0) AND Unicode-DFS-2016, OFL-1.1, Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1, BlueOak-1.0.0, BSL-1.0, Python-2.0.1, MIT AND PSF-2.0, CAL-1.0

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/babel	2.15.0	:green_circle: 5.7	Details Check Score Reason Code-Review :green_circle: 5 Found 15/26 approved changesets -- score normalized to 5 Maintained :green_circle: 10 5 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :green_circle: 10 project is fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/bcrypt	4.1.3	:green_circle: 6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 2 dependency not pinned by hash detected -- score normalized to 2
pip/coverage	7.5.1	:green_circle: 8.3	Details Check Score Reason Code-Review :warning: 1 Found 3/30 approved changesets -- score normalized to 1 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 10 license file detected CII-Best-Practices :green_circle: 5 badge detected: Passing Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1
pip/cryptography	42.0.6	:green_circle: 8.5	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases :warning: -1 no releases found License :green_circle: 9 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
pip/jinja2	3.1.4	:green_circle: 6.9	Details Check Score Reason Code-Review :warning: 0 Found 0/20 approved changesets -- score normalized to 0 Maintained :green_circle: 10 20 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 9 2 out of the last 2 releases have a total of 2 signed artifacts. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pygments	2.18.0	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 3 Found 6/18 approved changesets -- score normalized to 3 Maintained :green_circle: 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/ruff	0.4.3	Unknown	Unknown
pip/babel	2.14.0	:green_circle: 5.7	Details Check Score Reason Code-Review :green_circle: 5 Found 15/26 approved changesets -- score normalized to 5 Maintained :green_circle: 10 5 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :green_circle: 10 project is fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/bcrypt	4.1.2	:green_circle: 6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 2 dependency not pinned by hash detected -- score normalized to 2
pip/coverage	7.5.0	:green_circle: 8.3	Details Check Score Reason Code-Review :warning: 1 Found 3/30 approved changesets -- score normalized to 1 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 10 license file detected CII-Best-Practices :green_circle: 5 badge detected: Passing Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1
pip/cryptography	42.0.5	:green_circle: 8.5	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases :warning: -1 no releases found License :green_circle: 9 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
pip/jinja2	3.1.3	:green_circle: 6.9	Details Check Score Reason Code-Review :warning: 0 Found 0/20 approved changesets -- score normalized to 0 Maintained :green_circle: 10 20 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :green_circle: 9 2 out of the last 2 releases have a total of 2 signed artifacts. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/pygments	2.17.2	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 3 Found 6/18 approved changesets -- score normalized to 3 Maintained :green_circle: 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/ruff	0.4.2	Unknown	Unknown

Scanned Manifest Files

poetry.lock

• babel@2.15.0
• bcrypt@4.1.3
• coverage@7.5.1
• cryptography@42.0.6
• jinja2@3.1.4
• pygments@2.18.0
• ruff@0.4.3
• babel@2.14.0
• bcrypt@4.1.2
• coverage@7.5.0
• cryptography@42.0.5
• jinja2@3.1.3
• pygments@2.17.2
• ruff@0.4.2

[github-actions[bot]]

Conventional Commits Report

Type	Number
Dependencies	1

:rocket: Conventional commits found.