update: bump the pip-packages group across 1 directory with 8 updates

[dependabot]

Bumps the pip-packages group with 8 updates in the / directory:

Package	From	To
pyyaml	6.0.1	6.0.2
semgrep	1.81.0	1.92.0
mkdocs-material	9.5.30	9.5.41
mike	2.1.2	2.1.3
bandit	1.7.9	1.7.10
black	24.4.2	24.10.0
pylint	3.2.6	3.3.1
pytest	8.3.2	8.3.3

Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

• Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

6.0.2rc1

• Support for extension build with Cython 3.x
• Support for Python 3.13
• Added PyPI wheels for musllinux on aarch64

Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

Commits

• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• See full diff in compare view

Updates semgrep from 1.81.0 to 1.92.0

Release notes

Sourced from semgrep's releases.

Release v1.92.0

1.92.0 - 2024-10-17

Added

• Pro: taint-mode: Semgrep has now basic support to track taint through callbacks, when they lead to a sink, e.g.:

  function unsafe_callback(x) {
    sink(x); // finding here now !
  }
  function withCallback(val, callback) {
  
  callback(val);
  
  }
  withCallback(taint, unsafe_callback); (code-7476)
  
  

• New subcommand dump-cst for tree-sitter languages available via semgrep show. This shows the concrete syntax tree for a given file. (code-7653)

• Pro only: Updated C# parser supporting all versions of the language up to 13.0 (.NET 9) (saf-1610)

• Added support for the Move-on-sui language! (sui)

• Pro-only: semgrep test now supports the --pro flag to not only use pro languages but also run the tests with the --pro-intrafile engine flag. If a finding is detected only by the pro engine, please use proruleid: instead of ruleid: and if an OSS finding is actually a false positive for the pro engine, please add the prook: to your test annotation. (test_pro)

Fixed

• pro: dataflow: Fixed a bug that could cause a class constructor to not be analyzed in the correct dependency order, potentially leading to FNs. (code-7649)

• Display an ✘ instead of a ✔ in the scan status print out when scanning with Semgrep OSS code is not enabled. (grow-422)

• semgrep will no longer randomly segfault when --trace is on with -j > 2 (saf-1590)

• Previously, semgrep fails when --trace-endpoint is specified, but --trace is not.

  Now, we relax this requirement a bit. In this case, we disable tracing, print out a warning, and continue to scan. (sms-550)

Release v1.91.0

1.91.0 - 2024-10-10

Added

• Type inference in the Pro engine has been improved for class fields in

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.92.0 - 2024-10-17

Added

• Pro: taint-mode: Semgrep has now basic support to track taint through callbacks, when they lead to a sink, e.g.:

  function unsafe_callback(x) {
    sink(x); // finding here now !
  }
  function withCallback(val, callback) {
  
  callback(val);
  
  }
  withCallback(taint, unsafe_callback); (code-7476)
  
  

• New subcommand dump-cst for tree-sitter languages available via semgrep show. This shows the concrete syntax tree for a given file. (code-7653)

• Pro only: Updated C# parser supporting all versions of the language up to 13.0 (.NET 9) (saf-1610)

• Added support for the Move-on-sui language! (sui)

• Pro-only: semgrep test now supports the --pro flag to not only use pro languages but also run the tests with the --pro-intrafile engine flag. If a finding is detected only by the pro engine, please use proruleid: instead of ruleid: and if an OSS finding is actually a false positive for the pro engine, please add the prook: to your test annotation. (test_pro)

Fixed

• pro: dataflow: Fixed a bug that could cause a class constructor to not be analyzed in the correct dependency order, potentially leading to FNs. (code-7649)

• Display an ✘ instead of a ✔ in the scan status print out when scanning with Semgrep OSS code is not enabled. (grow-422)

• semgrep will no longer randomly segfault when --trace is on with -j > 2 (saf-1590)

• Previously, semgrep fails when --trace-endpoint is specified, but --trace is not.

  Now, we relax this requirement a bit. In this case, we disable tracing, print out a warning, and continue to scan. (sms-550)

1.91.0 - 2024-10-10

Added

• Type inference in the Pro engine has been improved for class fields in TypeScript that are assigned a new instance but lack an explicit type

... (truncated)

Commits

• 458d3d0 chore: release version 1.92.0
• f3693besemgrep/semgrep-proprietary#2435
• 8dac090semgrep/semgrep-proprietary#2430
• 8711f0a Cron - update semgrep-rules and semgrep-rules-pro submodules (semgrep/semgrep...
• e28ad6esemgrep/semgrep-proprietary#10589
• 159c76esemgrep/semgrep-proprietary#2386
• bfe4e41 opt(memory): Discard irrelevant rules according to targeting. (semgrep/semgre...
• f8419c2 chore(ux): Use conditional to show / hide the Semgrep OSS status (semgrep/sem...
• cb5bc61 Adding support for Move on Sui to semgrep (#10589)
• d69e1a0 Fix List_.map in libs/python-str-rep and adjust precommit exclude (semgrep/se...
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.30 to 9.5.41

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.41

• Fixed #7619: Improved tooltip on logo disappears after instant navigation
• Fixed #7616: Race condition in built-in privacy plugin when inlining assets
• Fixed #7615: Comments and "Was this page helpful?" visible when printing

mkdocs-material-9.5.40

• Updated Latvian translations
• Fixed #7597: Social cards not using site name on home page

Thanks go to @​pekkaklarck and @​klejejs for their contributions

mkdocs-material-9.5.39

• Fixed #7226: not staying on page when using mike's canonical versioning

Thanks go to @​ilyagr for their contributions

mkdocs-material-9.5.38

• Added Albanian translations

Thanks go to @​gerardkraja for their contributions

mkdocs-material-9.5.37

• Added 4th and 5th level ordered list styles
• Fixed #7548: Tags have no spacing in search

mkdocs-material-9.5.36

• Fixed #7544: Social cards incorrectly rendering HTML entities
• Fixed #7542: Improved support for setting custom list styles

mkdocs-material-9.5.35

• Fixed #7498: Search not showing for Vietnamese language

mkdocs-material-9.5.34

• Updated Mermaid.js to version 11 (latest)

Thanks go to @​manselmi for their contributions

mkdocs-material-9.5.33

• Fixed #7453: Incorrect position of tooltip when sorting table

mkdocs-material-9.5.32

• Fixed RXSS vulnerability via deep link in search results
• Added support for fetching latest release from GitLab

Thanks go to @​joaopalmeiro for their contributions

mkdocs-material-9.5.31

• Fixed #7405: DockerHub missing images > 9.5.27 due to change in Alpine/APK

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.41 (2024-10-15)

• Fixed #7619: Improved tooltip on logo disappears after instant navigation
• Fixed #7616: Race condition in built-in privacy plugin when inlining assets
• Fixed #7615: Comments and "Was this page helpful?" visible when printing

mkdocs-material-9.5.40 (2024-10-10)

• Updated Latvian translations
• Fixed #7597: Social cards not using site name on home page

mkdocs-material-9.5.39+insiders-4.53.14 (2024-09-29)

• Fixed #7567: Empty headlines when using typeset plugin with anchorlinks

mkdocs-material-9.5.39 (2024-09-29)

• Fixed #7226: not staying on page when using mike's canonical versioning

mkdocs-material-9.5.38 (2024-09-26)

• Added Albanian translations

mkdocs-material-9.5.37 (2024-09-25)

• Added 4th and 5th level ordered list styles
• Fixed #7548: Tags have no spacing in search

mkdocs-material-9.5.36 (2024-09-21)

• Fixed #7544: Social cards incorrectly rendering HTML entities
• Fixed #7542: Improved support for setting custom list styles

mkdocs-material-9.5.35 (2024-09-18)

• Fixed #7498: Search not showing for Vietnamese language

mkdocs-material-9.5.34+insiders-4.53.13 (2024-09-14)

• Fixed #7520: Social plugin errors for generated files (MkDocs 1.6+)

mkdocs-material-9.5.34 (2024-08-31)

• Updated Mermaid.js to version 11 (latest)

mkdocs-material-9.5.33 (2024-08-23)

• Fixed #7453: Incorrect position of tooltip when sorting table

mkdocs-material-9.5.32 (2024-08-19)

... (truncated)

Commits

• 5eef815 Prepare 9.5.41 release
• 2d2e041 Updated dependencies
• 790b0e8 JSON schema (#7622)
• 649abd2 Fixed tooltip on logo lost on instant navigation
• 0418a22 Updated README.md (#7618)
• e29e124 Fixed feedback visible on print
• 92089c6 Fixed race condition in privacy plugin
• 39d14d5 Fixed comment section appearing in print view
• 6f703c1 Updated dependencies
• 622194e Documentation (#7613)
• Additional commits viewable in compare view

Updates mike from 2.1.2 to 2.1.3

Release notes

Sourced from mike's releases.

v2.1.3

Bug fixes

• When deploying using a deploy prefix, only delete stale versions of the docs within that prefix

Changelog

Sourced from mike's changelog.

v2.1.3 (2024-08-12)

Bug fixes

• When deploying using a deploy prefix, only delete stale versions of the docs within that prefix

---

Commits

• c4e9608 Update version to 2.1.3
• 3b19e27 Announce the previous change
• dd9826a Consult deploy prefix when deleting files during deploy; resolves #227
• 91cf5ee Properly escape parameters in regex
• 90cf131 Update version to 2.2.0.dev0
• See full diff in compare view

Updates bandit from 1.7.9 to 1.7.10

Release notes

Sourced from bandit's releases.

1.7.10

What's Changed

• Bump docker/build-push-action from 5.4.0 to 6.0.0 by @​dependabot in PyCQA/bandit#1147
• Suggested small refactors in assignments by @​ericwb in PyCQA/bandit#1150
• Performance improvement in blacklist function by @​ericwb in PyCQA/bandit#1148
• Add test for usage of FTP_TLS by @​ericwb in PyCQA/bandit#1149
• New check: B113: TrojanSource - Bidirectional control characters by @​Lucas-C in PyCQA/bandit#757
• Bump docker/build-push-action from 6.0.0 to 6.1.0 by @​dependabot in PyCQA/bandit#1152
• feat(plugins): add support for httpx in B113 by @​mkniewallner in PyCQA/bandit#1060
• Nit: remove unused variable by @​ericwb in PyCQA/bandit#1153
• Add recent releases to version choice in bug report by @​ericwb in PyCQA/bandit#1151
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @​dependabot in PyCQA/bandit#1155
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @​dependabot in PyCQA/bandit#1157
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in PyCQA/bandit#1156
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in PyCQA/bandit#1158
• Bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in PyCQA/bandit#1159
• Bump docker/build-push-action from 6.3.0 to 6.5.0 by @​dependabot in PyCQA/bandit#1160
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @​dependabot in PyCQA/bandit#1163
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @​dependabot in PyCQA/bandit#1166
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in PyCQA/bandit#1165
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @​dependabot in PyCQA/bandit#1168
• Use consistent file naming of docs by @​ericwb in PyCQA/bandit#1170
• Pytorch Load / Save Plugin by @​lukehinds in PyCQA/bandit#1114

New Contributors

• @​Lucas-C made their first contribution in PyCQA/bandit#757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

Commits

• 36fd650 Pytorch Load / Save Plugin (#1114)
• 4ac55df Use consistent file naming of docs (#1170)
• 68022aa Bump docker/build-push-action from 6.6.1 to 6.7.0 (#1168)
• 77566a0 Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#1165)
• 221ced6 Bump docker/build-push-action from 6.5.0 to 6.6.1 (#1166)
• 701b7d5 Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#1163)
• 320495c Bump docker/build-push-action from 6.3.0 to 6.5.0 (#1160)
• 90490c7 Bump docker/login-action from 3.2.0 to 3.3.0 (#1159)
• 708ab74 Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#1158)
• 89d2345 Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#1156)
• Additional commits viewable in compare view

Updates black from 24.4.2 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

24.8.0

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)

... (truncated)

Changelog

Sourced from black's changelog.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

24.8.0

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another

... (truncated)

Commits

• 1b2427a Prepare release 24.10.0 (#4471)
• a22b1eb Add mypyc 3.13 wheel build (#4449)
• b7d0e72 Bump AndreMiras/coveralls-python-action from 65c1672f0b8a201702d86c81b79187df...
• f1a2f92 Include --unstable in cache key (#4466)
• 8d9d18c Fix skipping Jupyter cells with unknown %% magic (#4462)
• bbfdba3 Fix docs CI: use venv for uv to fix 'failed to create directory' (#4460)
• 8fb2add Use builtin generics (#4458)
• 2a45cec Fix crashes with comments in parentheses (#4453)
• b4d6d86 Drop Python 3.8 support (#4452)
• ac018c1 Require newer aiohttp for blackd (#4451)
• Additional commits viewable in compare view

Updates pylint from 3.2.6 to 3.3.1

Commits

• 76bce72 Bump pylint to 3.3.1, update changelog (#9954)
• 55ee816 Bump astroid to 3.3.4 (#9951) (#9952)
• 6350dfa Bump pylint to 3.3.0, update changelog
• 78f3dfa Bump astroid to 3.3.3 (#9939)
• b28c1f6 Add check for unnecessary-default-type-args (#9938)
• bd97b93 [doc framework] Assert that the good and bad example exists in the doc (#9936)
• 7aa4436 Fix duplicate workflow step ids (#9934)
• 0950916 [pre-commit] Add codespell, and fix some existing typos (#9912)
• 3b4a7f9 Add details.rst for c-extension-no-member (#9933)
• 7d60c27 Explicitly save cache in primer jobs
• Additional commits viewable in compare view

Updates pytest from 8.3.2 to 8.3.3

Release notes

Sourced from pytest's releases.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

• #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

• #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

• #12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.

• #12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by Avasam{.interpreted-text role="user"}

• #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.

• #6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in assert condition, msg).

• #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option.

  -- by GTowers1{.interpreted-text role="user"}

Improved documentation

• #12663: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.
• #12678: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.

Miscellaneous internal changes

• #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks.

Commits

• d0f136f build(deps): Bump pypa/gh-action-pypi-publish from 1.10.0 to 1.10.1 (#12790)
• 972f307 Prepare release version 8.3.3
• 0dabdcf Include co-authors in release announcement (#12795) (#12797)
• a9910a4 Do not discover properties when iterating fixtures (#12781) (#12788)
• 0f10b6b Fix issue with slashes being turned into backslashes on Windows (#12760) (#12...
• 300d13d Merge pull request #12785 from pytest-dev/patchback/backports/8.3.x/57cccf7f4...
• e5d32c7 Merge pull request #12784 from svenevs/fix/docs-example-parametrize-minor-typo
• bc913d1 Streamline checks for verbose option (#12706) (#12778)
• 01cfcc9 Fix typos and introduce codespell pre-commit hook (#12769) (#12774)
• 4873394 doc: Remove past training (#12772) (#12773)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 438e683.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/astroid	3.3.5	🟢 7.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/bandit	1.7.10	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Maintained 🟢 10 18 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/black	24.10.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 7 Found 22/28 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/mike	2.1.3	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 8 5 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 no SAST tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
pip/mkdocs-material	9.5.41	🟢 5.5	Details Check Score Reason Code-Review 🟢 3 Found 11/29 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pylint	3.3.1	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices 🟢 5 badge detected: Passing License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/pytest	8.3.3	🟢 6.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pyyaml	6.0.2	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Maintained 🟢 10 2 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/rich	13.5.3	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 5/9 approved changesets -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/semgrep	1.92.0	Unknown	Unknown
pip/PyYAML	6.0.2	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Maintained 🟢 10 2 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/semgrep	1.92.0	Unknown	Unknown

Scanned Manifest Files

poetry.lock

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

pyproject.toml

• [email protected]
• [email protected]
• [email protected]
• [email protected]

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	18	18	0%	5–32
app.py	81	4	95%	117, 177–178, 209
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	202	26	87%

Tests	Skipped	Failures	Errors	Time
18	0 💤	0 ❌	0 🔥	1.697s ⏱️

[dependabot]

Superseded by #397.