update: bump the pip-packages group across 1 directory with 6 updates

[dependabot[bot]]

Bumps the pip-packages group with 6 updates in the / directory:

Package	From	To
semgrep	1.74.0	1.80.0
mkdocs-material	9.5.25	9.5.29
mike	2.1.1	2.1.2
bandit	1.7.8	1.7.9
pylint	3.2.2	3.2.5
pytest	8.2.1	8.2.2

Updates semgrep from 1.74.0 to 1.80.0

Release notes

Sourced from semgrep's releases.

Release v1.80.0

1.80.0 - 2024-07-18

Added

• OSemgrep now can take --exclude-minified-files to skip minified files. Additionally --no-exclude-minified-files will disable this option. It is off by default. (cdx-460)

• Users are now required to login before using semgrep scan --pro.

  Previously, semgrep will tell the users to log in, but the scan will still continue.

  With this change, semgrep will tell the users to log in and stop the scan. (saf-1137)

Fixed

• The language server no longer scans large or minified files (cdx-460)

• Pro: Improved module resolution for Python. Imports like from a.b import c where c is a module will now be resolved by Semgrep. And, if a module cannot be found in the search path, Semgrep will try to heuristically resolve the module by matching the module specifier against the files that are being scanned. (code-7069)

• A scan can occasionally freeze when using tracing with multiprocesses.

  This change disables tracing when scanning each target file unless the scan runs in a single process. (saf-1143)

• Improved error handling for rules with invalid patterns. Now, scans will still complete and findings from other rules will be reported. (saf-789)

• The "package-lock.json" parser incorrectly assumed that all paths in the "packages" component of "package-lock.json" started with "node_modules/".

  In reality, a dependency can be installed anywhere, so the parser was made more flexible to recognize alternative locations ("node_modules", "lib", etc). (sc-1576)

Release v1.79.0

1.79.0 - 2024-07-10

Added

• Preliminary support for the Move on Aptos language (see https://aptos.dev/move/move-on-aptos for more info on this language). Thanks a lot to Zhiping Liao (ArArgon) and Andrea Cappa for their contributions! (move_on_aptos)
• The language server now reports number of autofixes and ignores triggered throught IDE integrations when metrics are enabled (pdx-autofix-ignore)
• Added support for comparing Golang Pseudo-versions. After replacing calls to the packaging module with some custom logic, Pseudo-versions can now be compared against strict core versions and other pseudo versions accurately. (sc-1601)
• We now perform a git gc as a side-effect of historical scans. (scrt-630)

Fixed

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.80.0 - 2024-07-18

Added

• OSemgrep now can take --exclude-minified-files to skip minified files. Additionally --no-exclude-minified-files will disable this option. It is off by default. (cdx-460)

• Users are now required to login before using semgrep scan --pro.

  Previously, semgrep will tell the users to log in, but the scan will still continue.

  With this change, semgrep will tell the users to log in and stop the scan. (saf-1137)

Fixed

• The language server no longer scans large or minified files (cdx-460)

• Pro: Improved module resolution for Python. Imports like from a.b import c where c is a module will now be resolved by Semgrep. And, if a module cannot be found in the search path, Semgrep will try to heuristically resolve the module by matching the module specifier against the files that are being scanned. (code-7069)

• A scan can occasionally freeze when using tracing with multiprocesses.

  This change disables tracing when scanning each target file unless the scan runs in a single process. (saf-1143)

• Improved error handling for rules with invalid patterns. Now, scans will still complete and findings from other rules will be reported. (saf-789)

• The "package-lock.json" parser incorrectly assumed that all paths in the "packages" component of "package-lock.json" started with "node_modules/".

  In reality, a dependency can be installed anywhere, so the parser was made more flexible to recognize alternative locations ("node_modules", "lib", etc). (sc-1576)

1.79.0 - 2024-07-10

Added

• Preliminary support for the Move on Aptos language (see https://aptos.dev/move/move-on-aptos for more info on this language). Thanks a lot to Zhiping Liao (ArArgon) and Andrea Cappa for their contributions! (move_on_aptos)
• The language server now reports number of autofixes and ignores triggered throught IDE integrations when metrics are enabled (pdx-autofix-ignore)
• Added support for comparing Golang Pseudo-versions. After replacing calls to the packaging module with some custom logic, Pseudo-versions can now be compared against strict core versions and other pseudo versions accurately. (sc-1601)
• We now perform a git gc as a side-effect of historical scans. (scrt-630)

Fixed

... (truncated)

Commits

• 198228f chore: Bump version to 1.80.0
• f1881a5 bug(sca): package-lock parser handles NPM packages not inside node_modules/...
• f10224asemgrep/semgrep-proprietary#1
• 5bba89a feat: require authentication before using pro features (semgrep/semgrep-propr...
• 39fb290 Switch to Nat's RPC instead of semgrep-core -dump_contributions (semgrep/semg...
• 41efa66semgrep/semgrep-proprietary#1867
• e8bbe59semgrep/semgrep-proprietary#1753
• 7b4b49e refactoring: cleanup Git_wrapper.ml, remove get_ prefix (semgrep/semgrep-prop...
• ee7bb2csemgrep/semgrep-proprietary#1836
• 9f659afsemgrep/semgrep-proprietary#1803
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.25 to 9.5.29

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.29

• Updated Galician translations
• Fixed #7362: Annotations in figure captions rendering incorrectly

Thanks go to @​mmontes11 for their contributions

mkdocs-material-9.5.28

• Fixed #7313: Improved tooltips mounted in sidebar when feature is disabled

mkdocs-material-9.5.27

• Updated Estonian translations

Thanks to @​Eilyre for their contributions

mkdocs-material-9.5.26

• Fixed #7232: Tab switches on scroll when linking tabs (9.5.19 regression)
• Fixed #7230: Blog author avatar broken when referring to local file

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.29 (2024-07-14)

• Updated Galician translations
• Fixed #7362: Annotations in figure captions rendering incorrectly

mkdocs-material-9.5.28 (2024-07-02)

• Fixed #7313: Improved tooltips mounted in sidebar when feature is disabled

mkdocs-material-9.5.27 (2024-06-16)

• Updated Estonian translations

mkdocs-material-9.5.26 (2024-06-06)

• Fixed #7232: Tab switches on scroll when linking tabs (9.5.19 regression)
• Fixed #7230: Blog author avatar broken when referring to local file

mkdocs-material-9.5.25+insiders-4.53.11 (2024-05-27)

• Fixed projects plugin crashing when serving before building subprojects

mkdocs-material-9.5.25 (2024-05-27)

• Fixed #7209: Tags plugin crashing on numeric tags

mkdocs-material-9.5.24+insiders-4.53.10 (2024-05-20)

• Fixed projects plugin crashing in serve mode when disabled
• Fixed projects plugin crashing when building nested projects

mkdocs-material-9.5.24+insiders-4.53.9 (2024-05-20)

• Fixed #7191: Tags listings not rendering when toc_depth is changed

mkdocs-material-9.5.24 (2024-05-20)

• Fixed #7187: Version selector title rendering issue

mkdocs-material-9.5.23 (2024-05-15)

• Fixed #7183: Edge case in anchor navigation when using instant navigation
• Fixed #6436: Version selector not showing version alias

mkdocs-material-9.5.22 (2024-05-12)

• Fixed #7170: Copy button adds empty lines for line spans (9.5.18 regression)
• Fixed #7160: Version switching doesn't stay on page (9.5.5 regression)
• Fixed #5619: Links in Mermaid.js diagrams not discernible

... (truncated)

Commits

• 4f8081c Prepare 9.5.29 release
• 33452c9 Fixed annotations in figure captions
• 672c403 Documentation (#7361)
• c7c8fcb Updated Galician translations
• 5d1f77c Documentation
• f5fea7c Updated dependencies
• be7ab8a Added npm run fix to fix ESLint errors (#7337)
• 36e5263 Documentation
• 73d50aa Updated premium sponsors
• 1b78c2c Prepare 9.5.28 release
• Additional commits viewable in compare view

Updates mike from 2.1.1 to 2.1.2

Release notes

Sourced from mike's releases.

v2.1.2

Bug fixes

• Remove ambiguity of some Git commands so that file and branch names don't collide

Changelog

Sourced from mike's changelog.

v2.1.2 (2024-06-23)

Bug fixes

• Remove ambiguity of some Git commands so that file and branch names don't collide

---

Commits

• 62aaeaf Update version to 2.1.2
• 3f7d756 Use "--" to disambiguate Git arguments in a few more places; resolves #218
• 5e6970d Belatedly update copyright year
• 9291efb Update version to 2.2.0.dev0
• See full diff in compare view

Updates bandit from 1.7.8 to 1.7.9

Release notes

Sourced from bandit's releases.

1.7.9

What's Changed

• Bump docker/build-push-action from 5.1.0 to 5.2.0 by @​dependabot in PyCQA/bandit#1117
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1119
• New logo for Bandit based on raccoon by @​ericwb in PyCQA/bandit#1121
• Start testing on Python 3.13 by @​ericwb in PyCQA/bandit#1122
• Bump docker/build-push-action from 5.2.0 to 5.3.0 by @​dependabot in PyCQA/bandit#1123
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @​dependabot in PyCQA/bandit#1124
• Bump docker/login-action from 3.0.0 to 3.1.0 by @​dependabot in PyCQA/bandit#1125
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1126
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1127
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @​dependabot in PyCQA/bandit#1130
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1131
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @​dependabot in PyCQA/bandit#1132
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1133
• Updates banner logo so it renders well in dark mode by @​ericwb in PyCQA/bandit#1134
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1135
• Add a sponsor section to README by @​ericwb in PyCQA/bandit#1137
• Ensure sarif extra is included as part of doc build by @​ericwb in PyCQA/bandit#1139
• Bump docker/login-action from 3.1.0 to 3.2.0 by @​dependabot in PyCQA/bandit#1142
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1143
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1145
• Guard against empty call argument list by @​ericwb in PyCQA/bandit#1146
• Bump docker/build-push-action from 5.3.0 to 5.4.0 by @​dependabot in PyCQA/bandit#1144
• Support configfile in .bandit file by @​bersbersbers in PyCQA/bandit#1052

New Contributors

• @​pre-commit-ci made their first contribution in PyCQA/bandit#1119
• @​bersbersbers made their first contribution in PyCQA/bandit#1052

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9

Commits

• 691f465 Support configfile in .bandit file (#1052)
• f1a397e Bump docker/build-push-action from 5.3.0 to 5.4.0 (#1144)
• 049eba0 Guard against empty call argument list (#1146)
• ad56c78 [pre-commit.ci] pre-commit autoupdate (#1145)
• 2dd4cb5 [pre-commit.ci] pre-commit autoupdate (#1143)
• 313cae7 Bump docker/login-action from 3.1.0 to 3.2.0 (#1142)
• 3fa1e25 Ensure sarif extra is included as part of doc build (#1139)
• 8b659fb Add a sponsor section to README (#1137)
• 30cada5 [pre-commit.ci] pre-commit autoupdate (#1135)
• dbb4161 Updates banner logo so it renders well in dark mode (#1134)
• Additional commits viewable in compare view

Updates pylint from 3.2.2 to 3.2.5

Commits

• ae730ac Bump pylint to 3.2.5, update changelog (#9756)
• be7b5cc [unreachable-code] Fix the false positive in python 3.8 (#9753) (#9755)
• 6c3ab77 [release] Fix 3.2.4 release date following issue with twine 5.1.0 (#9749) (#9...
• 425ad66 Bump pylint to 3.2.4, update changelog (#9746)
• c41c35a [possibly-used-before-assignment] Avoid FP for typing.NoReturn & Never (#9714...
• 22e4d36 [symilar] Rename the unittest file that had a typo.
• 3cf313a [symilar] Fix the short form options that weren't being processed properly
• e13544f [symilar] Fix crash when giving bad options to symilar
• c3e2579 [unnecessary-list-index-lookup] Fix crashes for uninferrable 'start' value in...
• 6b66ca6 [undefined-variable] Fix a crash for undefined lineno in annotations (#9705) ...
• Additional commits viewable in compare view

Updates pytest from 8.2.1 to 8.2.2

Release notes

Sourced from pytest's releases.

8.2.2

pytest 8.2.2 (2024-06-04)

Bug Fixes

• #12355: Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters.
• #12367: Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown.
• #12381: Fix possible "Directory not empty" crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0.

Improved Documentation

• #12290: Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme.
• #12356: Added a subsection to the documentation for debugging flaky tests to mention lack of thread safety in pytest as a possible source of flakyness.
• #12363: The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results.

Commits

• 329d371 Prepare release version 8.2.2
• 214d098 Merge pull request #12414 from bluetech/backport-12409
• 153a436 [8.2.x] fixtures: fix catastrophic performance problem in reorder_items
• b41d5a5 Merge pull request #12412 from pytest-dev/backport-12408-to-8.2.x
• 9bb73d7 [8.2.x] cacheprovider: fix "Directory not empty" crash from cache directory c...
• 4569a01 [8.2.x] doc: Update trainings/events (#12402)
• 1d103e5 [8.2.x] Clarify pytest_ignore_collect docs (#12386)
• 240a252 [8.2.x] Add html_baseurl to sphinx conf.py (#12372)
• a5ee3c4 Merge pull request #12370 from pytest-dev/backport-12368-to-8.2.x
• f7358ae [8.2.x] unittest: fix class instances no longer released on test teardown sin...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 2718d97b09b0d559e0a48daadf3ecc0a0005e600.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/bandit	1.7.9	:green_circle: 6.6	Details Check Score Reason Code-Review :green_circle: 9 Found 11/12 approved changesets -- score normalized to 9 Maintained :green_circle: 10 22 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1 Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/deprecated	1.2.14	:green_circle: 4.4	Details Check Score Reason Code-Review :warning: 1 Found 3/29 approved changesets -- score normalized to 1 Maintained :warning: 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected SAST :green_circle: 8 SAST tool detected but not run on all commits
pip/googleapis-common-protos	1.63.2	:green_circle: 8.3	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Token-Permissions :warning: -1 No tokens found Dangerous-Workflow :warning: -1 no workflows found Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :green_circle: 10 project is fuzzed Pinned-Dependencies :green_circle: 6 dependency not pinned by hash detected -- score normalized to 6 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :green_circle: 8 SAST tool is not run on all commits -- score normalized to 8
pip/mike	2.1.2	:green_circle: 4	Details Check Score Reason Code-Review :warning: 0 Found 0/30 approved changesets -- score normalized to 0 Maintained :green_circle: 10 10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo SAST :warning: 0 no SAST tool detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Security-Policy :warning: 0 security policy file not detected
pip/mkdocs-material	9.5.29	:green_circle: 5.3	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 7/29 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Packaging :green_circle: 10 packaging workflow detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-api	1.25.0	:green_circle: 6.9	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 10 security policy file detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-exporter-otlp-proto-common	1.25.0	:green_circle: 6.9	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 10 security policy file detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-exporter-otlp-proto-http	1.25.0	:green_circle: 6.9	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 10 security policy file detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-instrumentation	0.46b0	:green_circle: 6.6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 6 4 existing vulnerabilities detected SAST :green_circle: 7 SAST tool detected but not run on all commits
pip/opentelemetry-instrumentation-requests	0.46b0	:green_circle: 6.6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 6 4 existing vulnerabilities detected SAST :green_circle: 7 SAST tool detected but not run on all commits
pip/opentelemetry-proto	1.25.0	:green_circle: 6.9	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 10 security policy file detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-sdk	1.25.0	:green_circle: 6.9	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 10 security policy file detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-semantic-conventions	0.46b0	:green_circle: 6.9	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 10 security policy file detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/opentelemetry-util-http	0.46b0	:green_circle: 6.6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 6 4 existing vulnerabilities detected SAST :green_circle: 7 SAST tool detected but not run on all commits
pip/protobuf	4.25.3	:green_circle: 6.9	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 9 25 out of 26 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :warning: 1 found 27 unreviewed changesets out of 30 -- score normalized to 1 Contributors :green_circle: 10 13 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :green_circle: 10 project is fuzzed License :green_circle: 9 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed or have provenance Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 7 3 existing vulnerabilities detected
pip/pylint	3.2.5	:green_circle: 7.3	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :green_circle: 5 badge detected: Passing License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 9 security policy file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 9 SAST tool detected but not run on all commits Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/pytest	8.2.2	:green_circle: 6.4	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/semgrep	1.80.0	Unknown	Unknown
pip/setuptools	71.0.3	:green_circle: 6.1	Details Check Score Reason Code-Review :green_circle: 5 Found 7/13 approved changesets -- score normalized to 5 Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Binary-Artifacts :warning: 0 binaries present in source code Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing :green_circle: 10 project is fuzzed
pip/wrapt	1.16.0	:green_circle: 3.4	Details Check Score Reason Code-Review :warning: 0 Found 0/30 approved changesets -- score normalized to 0 Maintained :warning: 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 no SAST tool detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
pip/bandit	1.7.8	:green_circle: 6.6	Details Check Score Reason Code-Review :green_circle: 9 Found 11/12 approved changesets -- score normalized to 9 Maintained :green_circle: 10 22 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1 Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/mike	2.1.1	:green_circle: 4	Details Check Score Reason Code-Review :warning: 0 Found 0/30 approved changesets -- score normalized to 0 Maintained :green_circle: 10 10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo SAST :warning: 0 no SAST tool detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Security-Policy :warning: 0 security policy file not detected
pip/mkdocs-material	9.5.25	:green_circle: 5.3	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 7/29 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Packaging :green_circle: 10 packaging workflow detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/pylint	3.2.2	:green_circle: 7.3	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :green_circle: 5 badge detected: Passing License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 9 security policy file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 9 SAST tool detected but not run on all commits Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/pytest	8.2.1	:green_circle: 6.4	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/semgrep	1.74.0	Unknown	Unknown
pip/semgrep	1.80.0	Unknown	Unknown
pip/semgrep	1.74.0	Unknown	Unknown

Scanned Manifest Files

poetry.lock

• bandit@1.7.9
• deprecated@1.2.14
• googleapis-common-protos@1.63.2
• mike@2.1.2
• mkdocs-material@9.5.29
• opentelemetry-api@1.25.0
• opentelemetry-exporter-otlp-proto-common@1.25.0
• opentelemetry-exporter-otlp-proto-http@1.25.0
• opentelemetry-instrumentation@0.46b0
• opentelemetry-instrumentation-requests@0.46b0
• opentelemetry-proto@1.25.0
• opentelemetry-sdk@1.25.0
• opentelemetry-semantic-conventions@0.46b0
• opentelemetry-util-http@0.46b0
• protobuf@4.25.3
• pylint@3.2.5
• pytest@8.2.2
• semgrep@1.80.0
• setuptools@71.0.3
• wrapt@1.16.0
• bandit@1.7.8
• mike@2.1.1
• mkdocs-material@9.5.25
• pylint@3.2.2
• pytest@8.2.1
• semgrep@1.74.0

pyproject.toml

• semgrep@1.80.0
• semgrep@1.74.0

[github-actions[bot]]

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	18	18	0%	5–32
app.py	81	4	95%	117, 177–178, 209
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	202	26	87%

Tests	Skipped	Failures	Errors	Time
18	0 :zzz:	0 :x:	0 :fire:	2.192s :stopwatch:

[dependabot[bot]]

Superseded by #318.