Deps: Bump the python-packages group with 6 updates

[dependabot[bot]]

Bumps the python-packages group with 6 updates:

Package	From	To
typing-extensions	4.11.0	4.12.0
coverage	7.5.1	7.5.2
anyio	4.3.0	4.4.0
requests	2.32.1	2.32.2
ruff	0.4.4	0.4.5
zipp	3.18.2	3.19.0

Updates typing-extensions from 4.11.0 to 4.12.0

Release notes

Sourced from typing-extensions's releases.

4.12.0

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

There is a single change since 4.12.0rc1:

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Changes included in 4.12.0rc1:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.
  • Fix bug in PEP-696 implementation where a default value for a ParamSpec would be cast to a tuple if a list was provided. Patch by Alex Waygood.
• Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new __static_attributes__ attribute to all classes in Python, which broke some assumptions made by the implementation of typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new __firstlineno__ attribute to all classes.
• Fix AttributeError when using typing_extensions.runtime_checkable in combination with typing.Protocol on Python 3.12.2 or newer. Patch by Alex Waygood.
• At runtime, assert_never now includes the repr of the argument

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.12.0 (May 23, 2024)

This release is mostly the same as 4.12.0rc1 but fixes one more longstanding bug.

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Release 4.12.0rc1 (May 16, 2024)

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

Full changelog:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.
  • Fix bug in PEP-696 implementation where a default value for a ParamSpec would be cast to a tuple if a list was provided. Patch by Alex Waygood.
• Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new __static_attributes__ attribute to all classes in Python, which broke some assumptions made by the implementation of typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new __firstlineno__ attribute to all classes.

... (truncated)

Commits

• f90a8dc Prepare release 4.12.0 (#408)
• 118e1a6 Make sure isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) is u...
• 910141a Add security documentation (#403)
• 0dbc7c9 Prepare release 4.12.0rc1 (#402)
• 1da5d3d Update actions/setup-python (#401)
• 72298f0 4.12.0a2 (#400)
• 465ba78 Fix publish workflow (#399)
• 21fde1f Prepare releaes 4.12.0a1 (#398)
• 63d8277 Add workflow for Trusted Publishing (#395)
• 074d053 Backport PEP-696 specialisation on Python >=3.11.1 (#397)
• Additional commits viewable in compare view

Updates coverage from 7.5.1 to 7.5.2

Changelog

Sourced from coverage's changelog.

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Commits

• 242adea build: don't claim pre-alpha-1 in classifiers
• 7f33622 docs: sample HTML for 7.5.2
• 946fa3a docs: prep for 7.5.2
• 535ddc3 build: pylint can run in parallel
• 60a5d65 docs: explain partial coverage reports on generator expressions (#1789)
• 0700018 docs: changelog for #1788 #1787. Thanks Liam DeVoe
• 364282e fix: catch TokenError on parse (#1788)
• 81089de fix: module docstrings are never counted as statements
• 96bd930 fix: rework exclusion parsing to fix #1779
• 75f9d51 test(build): when running metacov, create json report
• Additional commits viewable in compare view

Updates anyio from 4.3.0 to 4.4.0

Release notes

Sourced from anyio's releases.

4.4.0

• Added the BlockingPortalProvider class to aid with constructing synchronous counterparts to asynchronous interfaces that would otherwise require multiple blocking portals
• Added __slots__ to AsyncResource so that child classes can use __slots__ (#733; PR by Justin Su)
• Added the TaskInfo.has_pending_cancellation() method
• Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() (#706; PR by Dominik Schwabe)
• Fixed two bugs with TaskGroup.start() on asyncio:
  • Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() (#706; PR by Dominik Schwabe)
  • Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled (#685, #710)
• Fixed a race condition that caused crashes when multiple event loops of the same backend were running in separate threads and simultaneously attempted to use AnyIO for their first time (#425; PR by David Jiricek and Ganden Schaffner)
• Fixed cancellation delivery on asyncio incrementing the wrong cancel scope's cancellation counter when cascading a cancel operation to a child scope, thus failing to uncancel the host task (#716)
• Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises KeyError
• Fixed the asyncio backend not respecting the PYTHONASYNCIODEBUG environment variable when setting the debug flag in anyio.run()
• Fixed SocketStream.receive() not detecting EOF on asyncio if there is also data in the read buffer (#701)
• Fixed MemoryObjectStream dropping an item if the item is delivered to a recipient that is waiting to receive an item but has a cancellation pending (#728)
• Emit a ResourceWarning for MemoryObjectReceiveStream and MemoryObjectSendStream that were garbage collected without being closed (PR by Andrey Kazantcev)
• Fixed MemoryObjectSendStream.send() not raising BrokenResourceError when the last corresponding MemoryObjectReceiveStream is closed while waiting to send a falsey item (#731; PR by Ganden Schaffner)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.4.0

• Added the BlockingPortalProvider class to aid with constructing synchronous counterparts to asynchronous interfaces that would otherwise require multiple blocking portals

• Added __slots__ to AsyncResource so that child classes can use __slots__ ([#733](https://github.com/agronholm/anyio/issues/733) <https://github.com/agronholm/anyio/pull/733>_; PR by Justin Su)

• Added the TaskInfo.has_pending_cancellation() method

• Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() ([#706](https://github.com/agronholm/anyio/issues/706) <https://github.com/agronholm/anyio/issues/706>_; PR by Dominik Schwabe)

• Fixed two bugs with TaskGroup.start() on asyncio:

  • Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() ([#706](https://github.com/agronholm/anyio/issues/706) <https://github.com/agronholm/anyio/issues/706>_; PR by Dominik Schwabe)
  • Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled ([#685](https://github.com/agronholm/anyio/issues/685) <https://github.com/agronholm/anyio/issues/685>, [#710](https://github.com/agronholm/anyio/issues/710) <https://github.com/agronholm/anyio/issues/710>)

• Fixed a race condition that caused crashes when multiple event loops of the same backend were running in separate threads and simultaneously attempted to use AnyIO for their first time ([#425](https://github.com/agronholm/anyio/issues/425) <https://github.com/agronholm/anyio/issues/425>_; PR by David Jiricek and Ganden Schaffner)

• Fixed cancellation delivery on asyncio incrementing the wrong cancel scope's cancellation counter when cascading a cancel operation to a child scope, thus failing to uncancel the host task ([#716](https://github.com/agronholm/anyio/issues/716) <https://github.com/agronholm/anyio/issues/716>_)

• Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises KeyError

• Fixed the asyncio backend not respecting the PYTHONASYNCIODEBUG environment variable when setting the debug flag in anyio.run()

• Fixed SocketStream.receive() not detecting EOF on asyncio if there is also data in the read buffer ([#701](https://github.com/agronholm/anyio/issues/701) <https://github.com/agronholm/anyio/issues/701>_)

• Fixed MemoryObjectStream dropping an item if the item is delivered to a recipient that is waiting to receive an item but has a cancellation pending ([#728](https://github.com/agronholm/anyio/issues/728) <https://github.com/agronholm/anyio/issues/728>_)

• Emit a ResourceWarning for MemoryObjectReceiveStream and MemoryObjectSendStream that were garbage collected without being closed (PR by Andrey Kazantcev)

• Fixed MemoryObjectSendStream.send() not raising BrokenResourceError when the last corresponding MemoryObjectReceiveStream is closed while waiting to send a falsey item ([#731](https://github.com/agronholm/anyio/issues/731) <https://github.com/agronholm/anyio/issues/731>_; PR by Ganden Schaffner)

... (truncated)

Commits

• 053e8f0 Bumped up the version
• e7f750b Fixed memory object stream sometimes dropping sent items (#735)
• 9f5f14b Fixed task group getting cancelled if start() gets cancelled (#717)
• 8b648bc Adjusted the pull request template
• 3ff5e9a Rearranged changelog items
• 541d1f8 [pre-commit.ci] pre-commit autoupdate (#734)
• 8a07690 Fix MemoryObjectSendStream.send(falsey) not raising BrokenResourceError w...
• 4b3de97 Adjust the headings in the PR template
• dfc44cf Added __slots__ to AsyncResource (#733)
• 96920b0 Fix typo in PR template (#730)
• Additional commits viewable in compare view

Updates requests from 2.32.1 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• See full diff in compare view

Updates ruff from 0.4.4 to 0.4.5

Release notes

Sourced from ruff's releases.

v0.4.5

Changes

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

• Add --preview to the README (#11395)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.5

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

... (truncated)

Commits

• 550aa87 Bump version to v0.4.5 (#11502)
• 3c22a3b Minor edits to ruff server docs (#11500)
• 6263923 Update documentation for ruff server with new migration guide (#11499)
• 94abea4 ruff server: Fix multiple issues with Neovim and Helix (#11497)
• 519a650 Mark quotes as unnecessary for non-evaluated annotations (#11485)
• 573facd Fix automatic configuration reloading for text and notebook documents (#11492)
• 3cb2e67 ruff.applyFormat now formats an entire notebook document (#11493)
• f0046ab Move has_comments to CommentRanges (#11495)
• 5bb9720 Avoid multiline quotes warning with quote-style = preserve (#11490)
• 9ff18bf Simplify Neovim docs for the LSP setup (#11489)
• Additional commits viewable in compare view

Updates zipp from 3.18.2 to 3.19.0

Changelog

Sourced from zipp's changelog.

v3.19.0

Features

• Implement is_symlink. (#117)

Commits

• 608f90a Finalize
• 3a22d72 Merge pull request #118 from jaraco/feature/is-symlink
• dc5fe8f Implement is_symlink.
• 387dcea Revise test to capture new expectation.
• 8f09d15 Expand the alpharep fixture to include a symlink.
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 01902b823584768b2648d7d2f37c0cc89bc83384.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
typing-extensions	4.12.0	Null	Unknown License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, GPL-3.0-or-later, LGPL-2.1, EPL-2.0, Python-2.0, GPL-2.0-or-later, GPL-2.0-only, GPL-3.0-or-later AND LGPL-2.1-only, GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only, GPL-2.0 AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later, MIT, ISC, Unlicense, Apache-2.0, BSD-3-Clause, BSD-2-Clause, BSD-2-Clause AND MIT, MPL-2.0, CC-BY-4.0, CC-BY-3.0, CC-BY-SA-4.0, CC0-1.0, BSD-2-Clause AND BSD-3-Clause, BSD-3-Clause AND BSD-3-Clause-Clear, MIT OR Apache-2.0, MIT AND Python-2.0, (Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT), (MIT OR Apache-2.0) AND Unicode-DFS-2016, OFL-1.1, Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1, BlueOak-1.0.0, BSL-1.0, Python-2.0.1, MIT AND PSF-2.0, CAL-1.0

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/anyio	4.4.0	:green_circle: 5.6	Details Check Score Reason Code-Review :green_circle: 5 Found 11/20 approved changesets -- score normalized to 5 Maintained :green_circle: 10 25 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :warning: 0 security policy file not detected Packaging :green_circle: 10 packaging workflow detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/coverage	7.5.2	:green_circle: 8.4	Details Check Score Reason Code-Review :warning: 2 Found 6/30 approved changesets -- score normalized to 2 Maintained :green_circle: 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :green_circle: 5 badge detected: Passing License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 10 no binaries found in the repo Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1
pip/requests	2.32.2	:green_circle: 8.8	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies :green_circle: 10 all dependencies are pinned Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :green_circle: 10 SAST tool is run on all commits
pip/ruff	0.4.5	Unknown	Unknown
pip/typing-extensions	4.12.0	:green_circle: 6.4	Details Check Score Reason Code-Review :green_circle: 6 Found 19/30 approved changesets -- score normalized to 6 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :warning: 0 security policy file not detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/zipp	3.19.0	:green_circle: 6.6	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 0 Found 0/28 approved changesets -- score normalized to 0 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/anyio	4.3.0	:green_circle: 5.6	Details Check Score Reason Code-Review :green_circle: 5 Found 11/20 approved changesets -- score normalized to 5 Maintained :green_circle: 10 25 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :warning: 0 security policy file not detected Packaging :green_circle: 10 packaging workflow detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/coverage	7.5.1	:green_circle: 8.4	Details Check Score Reason Code-Review :warning: 2 Found 6/30 approved changesets -- score normalized to 2 Maintained :green_circle: 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :green_circle: 5 badge detected: Passing License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 10 no binaries found in the repo Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1
pip/requests	2.32.1	:green_circle: 8.8	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies :green_circle: 10 all dependencies are pinned Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :green_circle: 10 SAST tool is run on all commits
pip/ruff	0.4.4	Unknown	Unknown
pip/typing-extensions	4.11.0	:green_circle: 6.4	Details Check Score Reason Code-Review :green_circle: 6 Found 19/30 approved changesets -- score normalized to 6 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :warning: 0 security policy file not detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/zipp	3.18.2	:green_circle: 6.6	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 0 Found 0/28 approved changesets -- score normalized to 0 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

poetry.lock

• anyio@4.4.0
• coverage@7.5.2
• requests@2.32.2
• ruff@0.4.5
• typing-extensions@4.12.0
• zipp@3.19.0
• anyio@4.3.0
• coverage@7.5.1
• requests@2.32.1
• ruff@0.4.4
• typing-extensions@4.11.0
• zipp@3.18.2

[github-actions[bot]]

Conventional Commits Report

Type	Number
Dependencies	1

:rocket: Conventional commits found.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 97.85%. Comparing base (d994b17) to head (01902b8).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1145 +/- ## ========================================== - Coverage 97.85% 97.85% -0.01% ========================================== Files 61 61 Lines 4299 4292 -7 Branches 1047 1047 ========================================== - Hits 4207 4200 -7 Misses 72 72 Partials 20 20 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.