Deps: Bump the python-packages group with 7 updates

[dependabot]

Bumps the python-packages group with 7 updates:

Package	From	To
paramiko	3.4.0	3.4.1
lxml	5.2.2	5.3.0
furo	2024.7.18	2024.8.6
babel	2.15.0	2.16.0
cffi	1.16.0	1.17.0
ruff	0.5.6	0.5.7
zipp	3.19.2	3.20.0

Updates paramiko from 3.4.0 to 3.4.1

Commits

• a498e03 Cut 3.4.1
• fed3813 Merge branch '3.3' into 3.4
• 01fb98f Cut 3.3.2
• 02242c5 Merge branch '3.3' into 3.4
• 8e6aa00 Changelog re #2419, fixes #2419, closes #2421
• 5ca3df2 fix: Update the import path for TripleDES Cipher
• 8253561 Merge branch '3.3' into 3.4
• df62762 Changelog re #2420, closes #2420
• 4c5e1a9 Fix detection of SHA1 signing support
• 23589f0 I really gotta add some local pre-push hooks back...
• Additional commits viewable in compare view

Updates lxml from 5.2.2 to 5.3.0

Changelog

Sourced from lxml's changelog.

5.3.0 (2024-08-10)

Features added

• GH#421: Nested CDATA sections are no longer rejected but split on output to represent ]]> correctly. Patch by Gertjan Klein.

Bugs fixed

• LP#2060160: Attribute values serialised differently in xmlfile.element() and xmlfile.write().

• LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes. Patch by David Lakin.

Other changes

• LP#2067707: The strip_cdata option in HTMLParser() turned out to be useless and is now deprecated.

• Binary wheels use the library versions libxml2 2.12.9 and libxslt 1.1.42.

• Windows binary wheels use the library versions libxml2 2.11.8 and libxslt 1.1.39.

• Built with Cython 3.0.11.

Commits

• 475f4ab Update release date.
• e356a1e Build: Add some debug output.
• 8345680 Build: Retry library downloads on failures.
• 2fe6c90 CI: Test oldest officially supported library versions again (the slightly new...
• 00335a1 Build: Improve download regexes.
• f3da47d Prepare release of lxml 5.3.0.
• 3119703 Add missing global name to "all" in lxml.etree.
• 9de6180 Build: Upgrade cibuildwheel version also for the matrix setup.
• 54e36cb Build: Upgrade libxslt to latest (1.1.42).
• d4f56ee Build: Slightly increase the oldest libxslt version that we test against to w...
• Additional commits viewable in compare view

Updates furo from 2024.7.18 to 2024.8.6

Changelog

Sourced from furo's changelog.

Changelog

2024.08.06 -- Energetic Eminence

• ✨ Add support for Sphinx 8
• ✨ Add smoother transitions between breakpoints
• Increase specificity of table-wrapper selector
• Avoid page breaks inside paragraphs

2024.07.18 -- Dull Denim

• Improve how icons are handled and aligned.
• Improve scroll event handler.
• Hide the copybutton by default.
• Fix source_view_link configuration handling.
• Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

• ✨ Add new custom icons for auto mode, reflecting the currently active theme.
• ✨ Add a view this page button.
• ✨ Add colours and highlighting to "version modified" API helpers.
• ✨ Add release information to various customisation knobs.
• Make all icons bigger and use a thinner stroke with them.

2024.04.27 -- Bold Burgundy

• Add a skip to content link.
• Add --font-stack--headings.
• Add :visited colour and enforce uniform contrast between light/dark.
• Add an offset of :target to reduce back-to-top overlap.
• Improve dark mode colours.
• Fix outstanding colour contrast warnings on Firefox.
• Fix bad indent in footnotes.
• Tweak handling of default configuration options in a more resilient manner.
• Tweak length and sizing of API source links.
• Stop search engine indexing on search page.

2024.01.29 -- Amazing Amethyst

... (truncated)

Commits

• 1bbf4ee Prepare release: 2024.08.06
• bcb22c3 Update changelog
• e633f02 Improve the selector for sidebar
• d2fa2e0 [pre-commit.ci] pre-commit autoupdate (#821)
• 05a2d63 Add smoother transitions between breakpoints
• d261d3b [pre-commit.ci] pre-commit autoupdate (#810)
• 2d3b6ba Add support for Sphinx 8
• bf98041 Increase specificity of table-wrapper selector
• fc6337c Fix the figures
• fd3f422 Avoid page breaks inside paragraphs
• Additional commits viewable in compare view

Updates babel from 2.15.0 to 2.16.0

Release notes

Sourced from babel's releases.

Version 2.16.0

The changelog below is auto-generated by GitHub.

Please see CHANGELOG.rst for additional details.

What's Changed

• Upgrade GitHub Actions versions to avoid deprecation warnings by @​akx in python-babel/babel#1080
• Replace deprecated ast.Str with ast.Constant by @​tomasr8 in python-babel/babel#1083
• Fix #1094 by @​john-psina in python-babel/babel#1095
• CI fixes by @​akx in python-babel/babel#1097
• Upgrade to CLDR 45 by @​tomasr8 in python-babel/babel#1077
• Make pgettext search plurals when translation is not found by @​tomasr8 in python-babel/babel#1085
• Fix for #832 by @​Edwin18 in python-babel/babel#1052
• Support list format fallbacks by @​akx in python-babel/babel#1099
• Improve Codecov configuration by @​akx in python-babel/babel#1103
• Avoid crashing on importing localtime when TZ is malformed by @​akx in python-babel/babel#1100
• Allow parsing .po files that have an extant but empty Language header by @​akx in python-babel/babel#1101
• Add a mention to the docs that format_skeleton(..., fuzzy=True) may raise by @​tomasr8 in python-babel/babel#1106
• Allow falling back to modifier-less locale data by @​akx in python-babel/babel#1104
• Allow use of importlib.metadata for finding entrypoints by @​akx in python-babel/babel#1102
• Test on Python 3.13 beta releases by @​akx in python-babel/babel#1107
• Normalize package name to lower-case in setup.py by @​akx in python-babel/babel#1110
• Do not allow substituting alternates or drafts in derived locales by @​akx in python-babel/babel#1113
• Two hyperlinks (to CLDR) and some typos by @​buhtz in python-babel/babel#1115
• Initial support for reading mapping configuration as TOML by @​akx in python-babel/babel#1108
• Prepare for 2.16.0 release by @​akx in python-babel/babel#1116

New Contributors

• @​tomasr8 made their first contribution in python-babel/babel#1083
• @​john-psina made their first contribution in python-babel/babel#1095
• @​Edwin18 made their first contribution in python-babel/babel#1052
• @​buhtz made their first contribution in python-babel/babel#1115

Full Changelog: python-babel/babel@v2.15.0...v2.16.0

Changelog

Sourced from babel's changelog.

Version 2.16.0

Features

* CLDR: Upgrade to CLDR 45 by @tomasr8 in :gh:`1077`
* Lists: Support list format fallbacks by @akx in :gh:`1099`
* Messages: Initial support for reading mapping configuration as TOML by @akx in :gh:`1108`
Bugfixes

• CLDR: Do not allow substituting alternates or drafts in derived locales by @​akx in :gh:1113
• Core: Allow falling back to modifier-less locale data by @​akx in :gh:1104
• Core: Allow use of importlib.metadata for finding entrypoints by @​akx in :gh:1102
• Dates: Avoid crashing on importing localtime when TZ is malformed by @​akx in :gh:1100
• Messages: Allow parsing .po files that have an extant but empty Language header by @​akx in :gh:1101
• Messages: Fix --ignore-dirs being incorrectly read (#1094) by @​john-psina and @​Edwin18 in :gh:1052 and :gh:1095
• Messages: Make pgettext search plurals when translation is not found by @​tomasr8 in :gh:1085

Infrastructure

* Replace deprecated `ast.Str` with `ast.Constant` by @tomasr8 in :gh:`1083`
* CI fixes by @akx in :gh:`1080`, :gh:`1097`, :gh:`1103`, :gh:`1107`
* Test on Python 3.13 beta releases by @akx in
* Normalize package name to lower-case in setup.py by @akx in :gh:`1110`
Documentation

* Add a mention to the docs that `format_skeleton(..., fuzzy=True)` may raise by @tomasr8 in :gh:`1106`
* Two hyperlinks (to CLDR) and some typos by @buhtz in :gh:`1115`
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/python-babel/babel/commit/cf7d22369cf40a8218cff1d3dc823eefa174aee0&quot;&gt;&lt;code&gt;cf7d223&lt;/code&gt;&lt;/a> Prepare for 2.16.0 release (<a href="https://redirect.github.com/python-babel/babel/issues/1116&quot;&gt;#1116&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/d26a669826d6c963dfdc21ae09e8cd5659fc95e2&quot;&gt;&lt;code&gt;d26a669&lt;/code&gt;&lt;/a> Initial support for reading mapping configuration as TOML (<a href="https://redirect.github.com/python-babel/babel/issues/1108&quot;&gt;#1108&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/34ed517de44cf3c3002f3b69713b1693d329646d&quot;&gt;&lt;code&gt;34ed517&lt;/code&gt;&lt;/a> Two hyperlinks (to CLDR) and some typos (<a href="https://redirect.github.com/python-babel/babel/issues/1115&quot;&gt;#1115&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/b4ba84382f3ce7bdf0e5a68e7108a21f4e8e7926&quot;&gt;&lt;code&gt;b4ba843&lt;/code&gt;&lt;/a> Do not allow substituting alternates or drafts in derived locales (<a href="https://redirect.github.com/python-babel/babel/issues/1113&quot;&gt;#1113&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/d3346ee33b13f50af582e31ae5c337aa409dda11&quot;&gt;&lt;code&gt;d3346ee&lt;/code&gt;&lt;/a> Normalize package name to lower-case in setup.py (<a href="https://redirect.github.com/python-babel/babel/issues/1110&quot;&gt;#1110&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/a32f15ecec23d5d5049100fd8e65606be7ad12a1&quot;&gt;&lt;code&gt;a32f15e&lt;/code&gt;&lt;/a> Test on Python 3.13 beta releases (<a href="https://redirect.github.com/python-babel/babel/issues/1107&quot;&gt;#1107&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/4d3fd0e0198185cd023f4d3cd1495bda211867f4&quot;&gt;&lt;code&gt;4d3fd0e&lt;/code&gt;&lt;/a> Allow use of importlib.metadata for finding entrypoints (<a href="https://redirect.github.com/python-babel/babel/issues/1102&quot;&gt;#1102&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/42d793cb4408a296e5618e1bce8d176fc588ce57&quot;&gt;&lt;code&gt;42d793c&lt;/code&gt;&lt;/a> Allow falling back to modifier-less locale data when modified data is missing...</li>

<li><a href="https://github.com/python-babel/babel/commit/32f41c22d589d7f187448be477affe1cfbcbc59d&quot;&gt;&lt;code&gt;32f41c2&lt;/code&gt;&lt;/a> Improve docs for <code>format_skeleton</code> (<a href="https://redirect.github.com/python-babel/babel/issues/1106&quot;&gt;#1106&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/2ebc47e63211df8b7636ed8e74bb99ac5bd36c25&quot;&gt;&lt;code&gt;2ebc47e&lt;/code&gt;&lt;/a> Allow parsing .po files that have an extant but empty Language header (<a href="https://redirect.github.com/python-babel/babel/issues/1101&quot;&gt;#1101&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.15.0...v2.16.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates cffi from 1.16.0 to 1.17.0

Release notes
Sourced from cffi's releases.

v1.17.0

Add support for Python 3.13.

Free-threaded CPython builds (i.e. python3.13t and the 3.13t ABI) are not currently supported.


In API mode, when you get a function from a C library by writing
fn = lib.myfunc, you get an object of a special type for performance
reasons, instead of a <cdata 'C-function-type'>.  Before version 1.17
you could only call such objects.  You could write
ffi.addressof(lib, "myfunc") in order to get a real <cdata> object,
based on the idea that in these cases in C you'd usually write &myfunc
instead of myfunc.  In version 1.17, the special object
lib.myfunc can now be passed in many places where CFFI expects
a regular <cdata> object.  For example, you can now pass
it as a callback to a C function call, or write it inside a C
structure field of the correct pointer-to-function type, or use
ffi.cast() or ffi.typeof() on it.

Full Changelog: https://github.com/python-cffi/cffi/compare/v1.16.0...v1.17.0
v1.17.0rc1

Add support for Python 3.13.
In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a  object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.
Build wheels for musllinux aarch64.




Commits

74731f9 Release 1.17.0 (#108)
181fa00 1.17.0rc1 release (#80)
772528e Add 3.13 to trove classifiers (#72)
e36042d 1.17.0b1 prep (#79)
39bdab2 avoid null-pointer-subtraction error (#78)
d7f750b Mention the systemd issue with old-style callbacks (#74)
56f7609 Build aarch64 musllinux wheel (#69)
e59ec8f Win32: pass the flags from dlopen() to LoadLibraryEx() (#65)
0619e5e remove binary cruft (#63)
640e89f rearrange code to make PyPy testing happier (#59)
Additional commits viewable in compare view




Updates ruff from 0.5.6 to 0.5.7

Release notes
Sourced from ruff's releases.

0.5.7
Release Notes
Preview features

[flake8-comprehensions] Account for list and set comprehensions in unnecessary-literal-within-tuple-call (C409) (#12657)
[flake8-pyi] Add autofix for future-annotations-in-stub (PYI044) (#12676)
[flake8-return] Avoid syntax error when auto-fixing RET505 with mixed indentation (space and tabs) (#12740)
[pydoclint] Add docstring-missing-yields (DOC402) and docstring-extraneous-yields (DOC403) (#12538)
[pydoclint] Avoid DOC201 if docstring begins with "Return", "Returns", "Yield", or "Yields" (#12675)
[pydoclint] Deduplicate collected exceptions after traversing function bodies (DOC501) (#12642)
[pydoclint] Ignore DOC errors for stub functions (#12651)
[pydoclint] Teach rules to understand reraised exceptions as being explicitly raised (DOC501, DOC502) (#12639)
[ruff] Implement incorrectly-parenthesized-tuple-in-subscript (RUF031) (#12480)
[ruff] Mark RUF023 fix as unsafe if __slots__ is not a set and the binding is used elsewhere (#12692)

Rule changes

[refurb] Add autofix for implicit-cwd (FURB177) (#12708)
[ruff] Add autofix for zip-instead-of-pairwise (RUF007) (#12663)
[tryceratops] Add BaseException to raise-vanilla-class rule (TRY002) (#12620)

Server

Ignore non-file workspace URL; Ruff will display a warning notification in this case (#12725)

CLI

Fix cache invalidation for nested pyproject.toml files (#12727)

Bug fixes

[flake8-async] Fix false positives with multiple async with items (ASYNC100) (#12643)
[flake8-bandit] Avoid false-positives for list concatenations in SQL construction (S608) (#12720)
[flake8-bugbear] Treat return as equivalent to break (B909) (#12646)
[flake8-comprehensions] Set comprehensions not a violation for sum in unnecessary-comprehension-in-call (C419) (#12691)
[flake8-simplify] Parenthesize conditions based on precedence when merging if arms (SIM114) (#12737)
[pydoclint] Try both 'Raises' section styles when convention is unspecified (DOC501) (#12649)

Contributors

@​AlexWaygood
@​DavideRagazzon
@​InSyncWithFoo
@​MichaReiser
@​augustelalande
@​bluetech
@​carljm
@​cclauss
@​charliermarsh
@​dhruvmanila



... (truncated)


Changelog
Sourced from ruff's changelog.

0.5.7
Preview features

[flake8-comprehensions] Account for list and set comprehensions in unnecessary-literal-within-tuple-call (C409) (#12657)
[flake8-pyi] Add autofix for future-annotations-in-stub (PYI044) (#12676)
[flake8-return] Avoid syntax error when auto-fixing RET505 with mixed indentation (space and tabs) (#12740)
[pydoclint] Add docstring-missing-yields (DOC402) and docstring-extraneous-yields (DOC403) (#12538)
[pydoclint] Avoid DOC201 if docstring begins with "Return", "Returns", "Yield", or "Yields" (#12675)
[pydoclint] Deduplicate collected exceptions after traversing function bodies (DOC501) (#12642)
[pydoclint] Ignore DOC errors for stub functions (#12651)
[pydoclint] Teach rules to understand reraised exceptions as being explicitly raised (DOC501, DOC502) (#12639)
[ruff] Implement incorrectly-parenthesized-tuple-in-subscript (RUF031) (#12480)
[ruff] Mark RUF023 fix as unsafe if __slots__ is not a set and the binding is used elsewhere (#12692)

Rule changes

[refurb] Add autofix for implicit-cwd (FURB177) (#12708)
[ruff] Add autofix for zip-instead-of-pairwise (RUF007) (#12663)
[tryceratops] Add BaseException to raise-vanilla-class rule (TRY002) (#12620)

Server

Ignore non-file workspace URL; Ruff will display a warning notification in this case (#12725)

CLI

Fix cache invalidation for nested pyproject.toml files (#12727)

Bug fixes

[flake8-async] Fix false positives with multiple async with items (ASYNC100) (#12643)
[flake8-bandit] Avoid false-positives for list concatenations in SQL construction (S608) (#12720)
[flake8-bugbear] Treat return as equivalent to break (B909) (#12646)
[flake8-comprehensions] Set comprehensions not a violation for sum in unnecessary-comprehension-in-call (C419) (#12691)
[flake8-simplify] Parenthesize conditions based on precedence when merging if arms (SIM114) (#12737)
[pydoclint] Try both 'Raises' section styles when convention is unspecified (DOC501) (#12649)




Commits

221ea66 Bump version to 0.5.7 (#12756)
d28c5af [red-knot] Remove mentions of Ruff from the CLI help (#12752)
f1de08c [red-knot] Merge the semantic and module-resolver crates (#12751)
33e9a6a SIM110: any() is ~3x slower than the code it replaces (#12746)
f577e03 [ruff] Ignore empty tuples for `incorrectly-parenthesized-tuple-in-subscript ...
f537335 Remove all useEffect usages (#12659)
2daa914 Gracefully handle errors in CLI (#12747)
6d9205e [ruff_linter] - Use LibCST in adjust_indentation for mixed whitespace (#1...
df7345e Exit with an error if there are check failures (#12735)
dc6aafe Setup tracing and document tracing usage (#12730)
Additional commits viewable in compare view




Updates zipp from 3.19.2 to 3.20.0

Changelog
Sourced from zipp's changelog.

v3.20.0
Features

Made the zipfile compatibility overlay available as zipp.compat.overlay.

v3.19.3
Bugfixes

Also match directories in Path.glob. (#121)




Commits

c5a33b2 Finalize
f7f1cb3 Made the zipfile compatibility overlay available as zipp.compat.overlay.
9be5e12 Finalize
1184111 Narrow the versions under which Traversable is imported from importlib.abc. F...
579be51 Merge pull request #122 from jaraco/bugfix/121-glob-dirs
5d89a1c Also match directories in Path.glob.
6f900ed Add failing test capturing missed expectation.
21c6bfd Merge https://github.com/jaraco/skeleton
ab34814 Re-enable preview, this time not for one specific feature, but for all featur...
05d8b14 Merge https://github.com/jaraco/skeleton
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 2843a14.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
babel	2.16.0	BSD-2-Clause AND BSD-3-Clause	Incompatible License
lxml	5.3.0	Null	Unknown License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, MIT, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/babel	2.16.0	🟢 5.8	Details Check Score Reason Code-Review 🟢 6 Found 16/26 approved changesets -- score normalized to 6 Maintained 🟢 10 23 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/cffi	1.17.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 Maintained 🟢 10 13 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/furo	2024.8.6	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Maintained 🟢 10 24 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/lxml	5.3.0	🟢 6.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 2/27 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/paramiko	3.4.1	🟢 5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/29 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/ruff	0.5.7	Unknown	Unknown
pip/zipp	3.20.0	🟢 6.6	Details Check Score Reason Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

poetry.lock

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.