Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] allow-dependencies-licenses not respected after changing from == to >= with Python #812

Open
altendky opened this issue Aug 12, 2024 · 0 comments
Open

[BUG] allow-dependencies-licenses not respected after changing from == to >= with Python #812

altendky opened this issue Aug 12, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@altendky
Copy link

altendky commented Aug 12, 2024
edited
Loading

Details

Describe the bug
I made a PR to change my Poetry-defined Python project dependencies from using == to >= and now dependency-review-action is complaining about pylint's GPL license despite it being in the allow-dependencies-licenses list.

To Reproduce
For now anyways, see screenshots and exampes below.

Expected behavior
I expect the allow configuration to avoid complaints about the pylint license.

Screenshots
image
image

Action version
What version of the action are you using in your workflow?
v4 (v4.3.4)

Examples
https://github.com/Chia-Network/chia-blockchain/actions/runs/11036776910/job/30656244385?pr=18305

full debug log 
2024-09-25T16:04:27.0034799Z ##[debug]Starting: dependency-review
2024-09-25T16:04:27.0063159Z ##[debug]Cleaning runner temp folder: /home/runner/work/_temp
2024-09-25T16:04:27.0315302Z ##[debug]Starting: Set up job
2024-09-25T16:04:27.0315984Z Current runner version: '2.319.1'
2024-09-25T16:04:27.0335895Z ##[group]Operating System
2024-09-25T16:04:27.0336576Z Ubuntu
2024-09-25T16:04:27.0336934Z 22.04.5
2024-09-25T16:04:27.0337223Z LTS
2024-09-25T16:04:27.0337640Z ##[endgroup]
2024-09-25T16:04:27.0338007Z ##[group]Runner Image
2024-09-25T16:04:27.0338638Z Image: ubuntu-22.04
2024-09-25T16:04:27.0339238Z Version: 20240922.1.0
2024-09-25T16:04:27.0340250Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240922.1/images/ubuntu/Ubuntu2204-Readme.md
2024-09-25T16:04:27.0341646Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240922.1
2024-09-25T16:04:27.0342598Z ##[endgroup]
2024-09-25T16:04:27.0342993Z ##[group]Runner Image Provisioner
2024-09-25T16:04:27.0343431Z 2.0.384.1
2024-09-25T16:04:27.0344041Z ##[endgroup]
2024-09-25T16:04:27.0358982Z ##[group]GITHUB_TOKEN Permissions
2024-09-25T16:04:27.0360660Z Contents: read
2024-09-25T16:04:27.0361303Z Metadata: read
2024-09-25T16:04:27.0361686Z ##[endgroup]
2024-09-25T16:04:27.0364786Z Secret source: Actions
2024-09-25T16:04:27.0365577Z ##[debug]Primary repository: Chia-Network/chia-blockchain
2024-09-25T16:04:27.0366277Z Prepare workflow directory
2024-09-25T16:04:27.0431037Z ##[debug]Creating pipeline directory: '/home/runner/work/chia-blockchain'
2024-09-25T16:04:27.0434196Z ##[debug]Creating workspace directory: '/home/runner/work/chia-blockchain/chia-blockchain'
2024-09-25T16:04:27.0435813Z ##[debug]Update context data
2024-09-25T16:04:27.0439578Z ##[debug]Evaluating job-level environment variables
2024-09-25T16:04:27.0921913Z ##[debug]Evaluating job container
2024-09-25T16:04:27.0925841Z ##[debug]Evaluating job service containers
2024-09-25T16:04:27.0928091Z ##[debug]Evaluating job defaults
2024-09-25T16:04:27.0998303Z Prepare all required actions
2024-09-25T16:04:27.1156466Z Getting action download info
2024-09-25T16:04:27.2895319Z Download action repository 'actions/checkout@v4' (SHA:692973e3d937129bcbf40652eb9f2f61becf3332)
2024-09-25T16:04:27.2924654Z ##[debug]Copied action archive '/opt/actionarchivecache/actions_checkout/692973e3d937129bcbf40652eb9f2f61becf3332.tar.gz' to '/home/runner/work/_actions/_temp_bb9db0f2-9e13-4f94-bee8-b8ba548bb97e/9e1795de-eeb2-42ea-aba2-8970de9b009d.tar.gz'
2024-09-25T16:04:27.3564982Z ##[debug]Unwrap 'actions-checkout-692973e' to '/home/runner/work/_actions/actions/checkout/v4'
2024-09-25T16:04:27.3713951Z ##[debug]Archive '/home/runner/work/_actions/_temp_bb9db0f2-9e13-4f94-bee8-b8ba548bb97e/9e1795de-eeb2-42ea-aba2-8970de9b009d.tar.gz' has been unzipped into '/home/runner/work/_actions/actions/checkout/v4'.
2024-09-25T16:04:27.3841285Z Download action repository 'actions/dependency-review-action@v4' (SHA:5a2ce3f5b92ee19cbb1541a4984c76d921601d7c)
2024-09-25T16:04:27.8231050Z ##[debug]Download 'https://api.github.com/repos/actions/dependency-review-action/tarball/5a2ce3f5b92ee19cbb1541a4984c76d921601d7c' to '/home/runner/work/_actions/_temp_dfa29719-a318-43a4-bdf3-1165c000304e/132f7eb9-0529-4e1d-b0a0-2699fd43322b.tar.gz'
2024-09-25T16:04:27.8577216Z ##[debug]Unwrap 'actions-dependency-review-action-5a2ce3f' to '/home/runner/work/_actions/actions/dependency-review-action/v4'
2024-09-25T16:04:27.8703139Z ##[debug]Archive '/home/runner/work/_actions/_temp_dfa29719-a318-43a4-bdf3-1165c000304e/132f7eb9-0529-4e1d-b0a0-2699fd43322b.tar.gz' has been unzipped into '/home/runner/work/_actions/actions/dependency-review-action/v4'.
2024-09-25T16:04:27.8767412Z ##[debug]action.yml for action: '/home/runner/work/_actions/actions/checkout/v4/action.yml'.
2024-09-25T16:04:27.9647617Z ##[debug]action.yml for action: '/home/runner/work/_actions/actions/dependency-review-action/v4/action.yml'.
2024-09-25T16:04:27.9843465Z ##[debug]Set step '__actions_checkout' display name to: 'Checkout Repository'
2024-09-25T16:04:27.9846304Z ##[debug]Set step '__actions_dependency-review-action' display name to: 'Dependency Review'
2024-09-25T16:04:27.9847864Z Complete job name: dependency-review
2024-09-25T16:04:27.9861293Z ##[debug]Collect running processes for tracking orphan processes.
2024-09-25T16:04:28.0084834Z ##[debug]Finishing: Set up job
2024-09-25T16:04:28.0281921Z ##[debug]Evaluating condition for step: 'Checkout Repository'
2024-09-25T16:04:28.0328023Z ##[debug]Evaluating: success()
2024-09-25T16:04:28.0333833Z ##[debug]Evaluating success:
2024-09-25T16:04:28.0357106Z ##[debug]=> true
2024-09-25T16:04:28.0364176Z ##[debug]Result: true
2024-09-25T16:04:28.0398102Z ##[debug]Starting: Checkout Repository
2024-09-25T16:04:28.0513620Z ##[debug]Register post job cleanup for action: actions/checkout@v4
2024-09-25T16:04:28.0619581Z ##[debug]Loading inputs
2024-09-25T16:04:28.0627523Z ##[debug]Evaluating: github.repository
2024-09-25T16:04:28.0629116Z ##[debug]Evaluating Index:
2024-09-25T16:04:28.0631402Z ##[debug]..Evaluating github:
2024-09-25T16:04:28.0632679Z ##[debug]..=> Object
2024-09-25T16:04:28.0644865Z ##[debug]..Evaluating String:
2024-09-25T16:04:28.0646025Z ##[debug]..=> 'repository'
2024-09-25T16:04:28.0650032Z ##[debug]=> 'Chia-Network/chia-blockchain'
2024-09-25T16:04:28.0651984Z ##[debug]Result: 'Chia-Network/chia-blockchain'
2024-09-25T16:04:28.0654909Z ##[debug]Evaluating: github.token
2024-09-25T16:04:28.0655464Z ##[debug]Evaluating Index:
2024-09-25T16:04:28.0656028Z ##[debug]..Evaluating github:
2024-09-25T16:04:28.0656523Z ##[debug]..=> Object
2024-09-25T16:04:28.0656926Z ##[debug]..Evaluating String:
2024-09-25T16:04:28.0657487Z ##[debug]..=> 'token'
2024-09-25T16:04:28.0658369Z ##[debug]=> '***'
2024-09-25T16:04:28.0659189Z ##[debug]Result: '***'
2024-09-25T16:04:28.0674744Z ##[debug]Loading env
2024-09-25T16:04:28.0766076Z ##[group]Run actions/checkout@v4
2024-09-25T16:04:28.0766731Z with:
2024-09-25T16:04:28.0767310Z   repository: Chia-Network/chia-blockchain
2024-09-25T16:04:28.0768066Z   token: ***
2024-09-25T16:04:28.0768709Z   ssh-strict: true
2024-09-25T16:04:28.0769148Z   ssh-user: git
2024-09-25T16:04:28.0769516Z   persist-credentials: true
2024-09-25T16:04:28.0770064Z   clean: true
2024-09-25T16:04:28.0770466Z   sparse-checkout-cone-mode: true
2024-09-25T16:04:28.0770922Z   fetch-depth: 1
2024-09-25T16:04:28.0771401Z   fetch-tags: false
2024-09-25T16:04:28.0771812Z   show-progress: true
2024-09-25T16:04:28.0772173Z   lfs: false
2024-09-25T16:04:28.0772614Z   submodules: false
2024-09-25T16:04:28.0773022Z   set-safe-directory: true
2024-09-25T16:04:28.0773422Z ##[endgroup]
2024-09-25T16:04:28.2575328Z ##[debug]GITHUB_WORKSPACE = '/home/runner/work/chia-blockchain/chia-blockchain'
2024-09-25T16:04:28.2577099Z ##[debug]qualified repository = 'Chia-Network/chia-blockchain'
2024-09-25T16:04:28.2578000Z ##[debug]ref = 'refs/pull/18305/merge'
2024-09-25T16:04:28.2579306Z ##[debug]commit = '88aad60bd30bfb078647a5cb57587e4cd100e1e8'
2024-09-25T16:04:28.2580092Z ##[debug]clean = true
2024-09-25T16:04:28.2580819Z ##[debug]filter = undefined
2024-09-25T16:04:28.2581482Z ##[debug]fetch depth = 1
2024-09-25T16:04:28.2582194Z ##[debug]fetch tags = false
2024-09-25T16:04:28.2582815Z ##[debug]show progress = true
2024-09-25T16:04:28.2583567Z ##[debug]lfs = false
2024-09-25T16:04:28.2584179Z ##[debug]submodules = false
2024-09-25T16:04:28.2584928Z ##[debug]recursive submodules = false
2024-09-25T16:04:28.2585596Z ##[debug]GitHub Host URL = 
2024-09-25T16:04:28.2587015Z ::add-matcher::/home/runner/work/_actions/actions/checkout/v4/dist/problem-matcher.json
2024-09-25T16:04:28.2689435Z ##[debug]Added matchers: 'checkout-git'. Problem matchers scan action output for known warning or error strings and report these inline.
2024-09-25T16:04:28.2700436Z Syncing repository: Chia-Network/chia-blockchain
2024-09-25T16:04:28.2702372Z ::group::Getting Git version info
2024-09-25T16:04:28.2704318Z ##[group]Getting Git version info
2024-09-25T16:04:28.2705541Z Working directory is '/home/runner/work/chia-blockchain/chia-blockchain'
2024-09-25T16:04:28.2707631Z ##[debug]Getting git version
2024-09-25T16:04:28.2708368Z [command]/usr/bin/git version
2024-09-25T16:04:28.2709412Z git version 2.46.1
2024-09-25T16:04:28.2710449Z ##[debug]0
2024-09-25T16:04:28.2711412Z ##[debug]git version 2.46.1
2024-09-25T16:04:28.2712093Z ##[debug]
2024-09-25T16:04:28.2713547Z ##[debug]Set git useragent to: git/2.46.1 (github-actions-checkout)
2024-09-25T16:04:28.2714511Z ::endgroup::
2024-09-25T16:04:28.2715008Z ##[endgroup]
2024-09-25T16:04:28.2725980Z ::add-mask::***
2024-09-25T16:04:28.2727734Z Temporarily overriding HOME='/home/runner/work/_temp/150b9bdb-d241-4275-a0c0-8619806aa27e' before making global git config changes
2024-09-25T16:04:28.2729209Z Adding repository directory to the temporary git global config as a safe directory
2024-09-25T16:04:28.2730251Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/chia-blockchain/chia-blockchain
2024-09-25T16:04:28.2747270Z ##[debug]0
2024-09-25T16:04:28.2748151Z ##[debug]
2024-09-25T16:04:28.2752487Z Deleting the contents of '/home/runner/work/chia-blockchain/chia-blockchain'
2024-09-25T16:04:28.2756002Z ::group::Initializing the repository
2024-09-25T16:04:28.2756690Z ##[group]Initializing the repository
2024-09-25T16:04:28.2760336Z [command]/usr/bin/git init /home/runner/work/chia-blockchain/chia-blockchain
2024-09-25T16:04:28.2816538Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-09-25T16:04:28.2817848Z hint: is subject to change. To configure the initial branch name to use in all
2024-09-25T16:04:28.2818956Z hint: of your new repositories, which will suppress this warning, call:
2024-09-25T16:04:28.2819664Z hint:
2024-09-25T16:04:28.2820783Z hint: 	git config --global init.defaultBranch <name>
2024-09-25T16:04:28.2821357Z hint:
2024-09-25T16:04:28.2822129Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-09-25T16:04:28.2823991Z hint: 'development'. The just-created branch can be renamed via this command:
2024-09-25T16:04:28.2825230Z hint:
2024-09-25T16:04:28.2825950Z hint: 	git branch -m <name>
2024-09-25T16:04:28.2827612Z Initialized empty Git repository in /home/runner/work/chia-blockchain/chia-blockchain/.git/
2024-09-25T16:04:28.2829574Z ##[debug]0
2024-09-25T16:04:28.2831488Z ##[debug]Initialized empty Git repository in /home/runner/work/chia-blockchain/chia-blockchain/.git/
2024-09-25T16:04:28.2832856Z ##[debug]
2024-09-25T16:04:28.2835395Z [command]/usr/bin/git remote add origin https://github.com/Chia-Network/chia-blockchain
2024-09-25T16:04:28.2866176Z ##[debug]0
2024-09-25T16:04:28.2867406Z ##[debug]
2024-09-25T16:04:28.2868778Z ::endgroup::
2024-09-25T16:04:28.2869397Z ##[endgroup]
2024-09-25T16:04:28.2870858Z ::group::Disabling automatic garbage collection
2024-09-25T16:04:28.2871955Z ##[group]Disabling automatic garbage collection
2024-09-25T16:04:28.2873299Z [command]/usr/bin/git config --local gc.auto 0
2024-09-25T16:04:28.2904524Z ##[debug]0
2024-09-25T16:04:28.2905782Z ##[debug]
2024-09-25T16:04:28.2906872Z ::endgroup::
2024-09-25T16:04:28.2907273Z ##[endgroup]
2024-09-25T16:04:28.2908139Z ::group::Setting up auth
2024-09-25T16:04:28.2909265Z ##[group]Setting up auth
2024-09-25T16:04:28.2912652Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-09-25T16:04:28.2939165Z ##[debug]1
2024-09-25T16:04:28.2943598Z ##[debug]
2024-09-25T16:04:28.2945079Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-09-25T16:04:28.3234187Z ##[debug]0
2024-09-25T16:04:28.3235127Z ##[debug]
2024-09-25T16:04:28.3238987Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-09-25T16:04:28.3263143Z ##[debug]1
2024-09-25T16:04:28.3263954Z ##[debug]
2024-09-25T16:04:28.3267884Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-09-25T16:04:28.3482161Z ##[debug]0
2024-09-25T16:04:28.3483043Z ##[debug]
2024-09-25T16:04:28.3490746Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-09-25T16:04:28.3525404Z ##[debug]0
2024-09-25T16:04:28.3526234Z ##[debug]
2024-09-25T16:04:28.3533167Z ::endgroup::
2024-09-25T16:04:28.3533630Z ##[endgroup]
2024-09-25T16:04:28.3534368Z ::group::Fetching the repository
2024-09-25T16:04:28.3534806Z ##[group]Fetching the repository
2024-09-25T16:04:28.3541827Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +88aad60bd30bfb078647a5cb57587e4cd100e1e8:refs/remotes/pull/18305/merge
2024-09-25T16:04:28.8252123Z From https://github.com/Chia-Network/chia-blockchain
2024-09-25T16:04:28.8253484Z  * [new ref]         88aad60bd30bfb078647a5cb57587e4cd100e1e8 -> pull/18305/merge
2024-09-25T16:04:28.8278815Z ##[debug]0
2024-09-25T16:04:28.8279993Z ##[debug]
2024-09-25T16:04:28.8280964Z ::endgroup::
2024-09-25T16:04:28.8281580Z ##[endgroup]
2024-09-25T16:04:28.8282617Z ::group::Determining the checkout info
2024-09-25T16:04:28.8283419Z ##[group]Determining the checkout info
2024-09-25T16:04:28.8284728Z ::endgroup::
2024-09-25T16:04:28.8285305Z ##[endgroup]
2024-09-25T16:04:28.8287174Z [command]/usr/bin/git sparse-checkout disable
2024-09-25T16:04:28.8322515Z ##[debug]0
2024-09-25T16:04:28.8323524Z ##[debug]
2024-09-25T16:04:28.8327432Z [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
2024-09-25T16:04:28.8355278Z ##[debug]0
2024-09-25T16:04:28.8356272Z ##[debug]
2024-09-25T16:04:28.8362978Z ::group::Checking out the ref
2024-09-25T16:04:28.8363637Z ##[group]Checking out the ref
2024-09-25T16:04:28.8364799Z [command]/usr/bin/git checkout --progress --force refs/remotes/pull/18305/merge
2024-09-25T16:04:28.9238288Z Note: switching to 'refs/remotes/pull/18305/merge'.
2024-09-25T16:04:28.9239400Z 
2024-09-25T16:04:28.9240289Z You are in 'detached HEAD' state. You can look around, make experimental
2024-09-25T16:04:28.9242133Z changes and commit them, and you can discard any commits you make in this
2024-09-25T16:04:28.9243663Z state without impacting any branches by switching back to a branch.
2024-09-25T16:04:28.9244533Z 
2024-09-25T16:04:28.9245240Z If you want to create a new branch to retain commits you create, you may
2024-09-25T16:04:28.9246962Z do so (now or later) by using -c with the switch command. Example:
2024-09-25T16:04:28.9247795Z 
2024-09-25T16:04:28.9248201Z   git switch -c <new-branch-name>
2024-09-25T16:04:28.9248892Z 
2024-09-25T16:04:28.9249312Z Or undo this operation with:
2024-09-25T16:04:28.9249788Z 
2024-09-25T16:04:28.9250022Z   git switch -
2024-09-25T16:04:28.9250436Z 
2024-09-25T16:04:28.9251074Z Turn off this advice by setting config variable advice.detachedHead to false
2024-09-25T16:04:28.9252020Z 
2024-09-25T16:04:28.9253213Z HEAD is now at 88aad60 Merge af0d32fdf68848a8597adf7b1231d54672e82a7d into bffb7b11c37f107b08ed2b8e2858d9376fb8faee
2024-09-25T16:04:28.9254621Z ##[debug]0
2024-09-25T16:04:28.9255311Z ##[debug]
2024-09-25T16:04:28.9255909Z ::endgroup::
2024-09-25T16:04:28.9256200Z ##[endgroup]
2024-09-25T16:04:28.9284245Z ##[debug]0
2024-09-25T16:04:28.9285628Z ##[debug]commit 88aad60bd30bfb078647a5cb57587e4cd100e1e8
2024-09-25T16:04:28.9286173Z ##[debug]Author: Kyle Altendorf <[email protected]>
2024-09-25T16:04:28.9286649Z ##[debug]Date:   Wed Sep 25 12:00:44 2024 -0400
2024-09-25T16:04:28.9287152Z ##[debug]
2024-09-25T16:04:28.9287853Z ##[debug]    Merge af0d32fdf68848a8597adf7b1231d54672e82a7d into bffb7b11c37f107b08ed2b8e2858d9376fb8faee
2024-09-25T16:04:28.9289093Z ##[debug]
2024-09-25T16:04:28.9289676Z [command]/usr/bin/git log -1 --format='%H'
2024-09-25T16:04:28.9311071Z '88aad60bd30bfb078647a5cb57587e4cd100e1e8'
2024-09-25T16:04:28.9316063Z ##[debug]0
2024-09-25T16:04:28.9317213Z ##[debug]'88aad60bd30bfb078647a5cb57587e4cd100e1e8'
2024-09-25T16:04:28.9317908Z ##[debug]
2024-09-25T16:04:28.9320654Z ##[debug]Unsetting HOME override
2024-09-25T16:04:28.9329659Z ::remove-matcher owner=checkout-git::
2024-09-25T16:04:28.9348865Z ##[debug]Removed matchers: 'checkout-git'
2024-09-25T16:04:28.9395174Z ##[debug]Node Action run completed with exit code 0
2024-09-25T16:04:28.9513398Z ##[debug]Save intra-action state isPost = true
2024-09-25T16:04:28.9514093Z ##[debug]Save intra-action state setSafeDirectory = true
2024-09-25T16:04:28.9514872Z ##[debug]Save intra-action state repositoryPath = /home/runner/work/chia-blockchain/chia-blockchain
2024-09-25T16:04:28.9525494Z ##[debug]Finishing: Checkout Repository
2024-09-25T16:04:28.9538184Z ##[debug]Evaluating condition for step: 'Dependency Review'
2024-09-25T16:04:28.9541277Z ##[debug]Evaluating: success()
2024-09-25T16:04:28.9541857Z ##[debug]Evaluating success:
2024-09-25T16:04:28.9542531Z ##[debug]=> true
2024-09-25T16:04:28.9543164Z ##[debug]Result: true
2024-09-25T16:04:28.9544204Z ##[debug]Starting: Dependency Review
2024-09-25T16:04:28.9596580Z ##[debug]Loading inputs
2024-09-25T16:04:28.9627174Z ##[debug]Evaluating: github.token
2024-09-25T16:04:28.9627720Z ##[debug]Evaluating Index:
2024-09-25T16:04:28.9628148Z ##[debug]..Evaluating github:
2024-09-25T16:04:28.9628753Z ##[debug]..=> Object
2024-09-25T16:04:28.9629212Z ##[debug]..Evaluating String:
2024-09-25T16:04:28.9629634Z ##[debug]..=> 'token'
2024-09-25T16:04:28.9630327Z ##[debug]=> '***'
2024-09-25T16:04:28.9630929Z ##[debug]Result: '***'
2024-09-25T16:04:28.9641834Z ##[debug]Loading env
2024-09-25T16:04:28.9648163Z ##[group]Run actions/dependency-review-action@v4
2024-09-25T16:04:28.9648750Z with:
2024-09-25T16:04:28.9649335Z   allow-dependencies-licenses: pkg:pypi/pylint, pkg:pypi/pyinstaller
2024-09-25T16:04:28.9650519Z   deny-licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later
2024-09-25T16:04:28.9651696Z   repo-token: ***
2024-09-25T16:04:28.9652032Z ##[endgroup]
2024-09-25T16:04:30.2230917Z ##[debug]Filtered Changes: [{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":">= 24.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":">= 3.10.2","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":">= 0.7.0","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":">= 0.20.0","package_url":"","license":null,"source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":">= 4.3.0","package_url":"","license":null,"source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":">= 4.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":">= 24.8.0","package_url":"","license":null,"source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":">= 1.34.143","package_url":"","license":null,"source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":">= 0.13.0","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":">= 1.5.1","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":">= 2.0.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":">= 1.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":">= 8.1.7","package_url":"","license":null,"source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":">= 0.9.10","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":">= 0.4.9","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":">= 0.1.43","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":">= 0.4.6","package_url":"","license":null,"source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":">= 6.8.2","package_url":"","license":null,"source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":">= 7.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":">= 43.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":">= 9.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":">= 2.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":">= 3.15.4","package_url":"","license":null,"source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":">= 7.1.1","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":">= 0.3.1","package_url":"","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":">= 6.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":">= 5.13.2","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":">= 25.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":">= 1.3.9","package_url":"","license":null,"source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":">= 5.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":">= 2.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":">= 1.11.1","package_url":"","license":null,"source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":">= 24.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":">= 24.2","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":">= 6.9.0","package_url":"","license":null,"source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":">= 3.2.6","package_url":"","license":null,"source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":">= 8.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":">= 5.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":">= 3.14.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":">= 1.6.6","package_url":"","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":">= 3.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":">= 3.16.0","package_url":"","license":null,"source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":">= 6.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":">= 1.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":">= 75.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":">= 2.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":">= 4.11.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":">= 4.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":"24.1.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":"3.10.2","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":"0.7.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":"0.20.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":"4.3.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":"4.1.4","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":"24.8.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":"1.34.143","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":"1.2.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":"0.13.0","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":"1.5.1","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":"2.0.4","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":"1.1.4","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":"8.1.7","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":"0.9.10","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":"0.4.9","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":"0.1.43","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":"0.4.6","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":"6.8.2","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":"0.9.25","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":"7.6.1","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":"43.0.1","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0 OR (Apache-2.0 AND BSD-3-Clause)","source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":"9.0.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":"0.9.25","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause","source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":"2.6.1","package_url":"pkg:pypi/[email protected]","license":"ISC","source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":"3.15.4","package_url":"pkg:pypi/[email protected]","license":"Unlicense","source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":"7.1.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":"0.3.1","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":"6.4.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":"5.13.2","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":"25.2.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":"1.3.9","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":"5.2.2","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":"2.2.2","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":"1.11.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":"24.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0 OR (Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause)","source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":"24.2","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":"1.2.1","package_url":"pkg:pypi/[email protected]","license":"LGPL-3.0-or-later","source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":"6.9.0","package_url":"pkg:pypi/[email protected]","license":"GPL-2.0-only","source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":"3.2.6","package_url":"pkg:pypi/[email protected]","license":"GPL-2.0-only AND GPL-2.0-or-later","source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":"8.3.3","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":"5.0.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":"3.14.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":"1.6.6","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":"3.6.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":"3.16.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":"6.0.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":"1.3.3","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":"75.1.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":"2.4.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":"4.11.0","package_url":"pkg:pypi/[email protected]","license":"Python-2.0","source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":"4.0.1","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]}]
2024-09-25T16:04:30.2330608Z ##[debug]Config Deny Packages: {"fail_on_severity":"low","fail_on_scopes":["runtime"],"deny_licenses":["AGPL-1.0-only","AGPL-1.0-or-later","AGPL-1.0-or-later","AGPL-3.0-or-later","GPL-1.0-only","GPL-1.0-or-later","GPL-2.0-only","GPL-2.0-or-later","GPL-3.0-only","GPL-3.0-or-later"],"allow_dependencies_licenses":["pkg:pypi/pylint","pkg:pypi/pyinstaller"],"allow_ghsas":[],"deny_packages":[],"deny_groups":[],"license_check":true,"vulnerability_check":true,"retry_on_snapshot_warnings":false,"retry_on_snapshot_warnings_timeout":120,"show_openssf_scorecard":true,"warn_on_openssf_scorecard_level":3,"comment_summary_in_pr":"never","warn_only":false}
2024-09-25T16:04:30.2333436Z Dependency review did not detect any denied packages
2024-09-25T16:04:30.7383540Z ##[debug]Couldn't get scorecard data for github.com/aio-libs/aiohttp-cors
2024-09-25T16:04:31.5550164Z ##[debug]Getting deps.dev data for chia_rs >= 0.13.0
2024-09-25T16:04:32.3150176Z ##[debug]Getting deps.dev data for clvm_tools >= 0.4.9
2024-09-25T16:04:32.3373965Z ##[debug]Getting deps.dev data for clvm_tools_rs >= 0.1.43
2024-09-25T16:04:32.8200311Z ##[debug]Getting deps.dev data for concurrent_log_handler >= 0.9.25
2024-09-25T16:04:33.7887690Z ##[debug]Couldn't get scorecard data for github.com/tox-dev/filelock
2024-09-25T16:04:34.0665411Z ##[debug]Couldn't get scorecard data for github.com/richardkiss/hsms
2024-09-25T16:04:34.8197381Z ##[debug]Couldn't get scorecard data for github.com/transmission/miniupnpc
2024-09-25T16:04:37.4321398Z ::group::Vulnerabilities
2024-09-25T16:04:37.4322126Z ##[group]Vulnerabilities
2024-09-25T16:04:37.4323693Z Dependency review did not detect any vulnerable packages with severity level "low" or higher.
2024-09-25T16:04:37.4330140Z ##[debug]found 17 unknown licenses
2024-09-25T16:04:37.4331587Z ##[debug]0 licenses could not be validated
2024-09-25T16:04:37.4332852Z ::group::Licenses
2024-09-25T16:04:37.4333491Z ##[group]Licenses
2024-09-25T16:04:37.4333947Z 
2024-09-25T16:04:37.4334372Z The following dependencies have incompatible licenses:
2024-09-25T16:04:37.4336273Z �[1mpyproject.toml » pylint@>= 3.2.6�[22m – License: �[31mGPL-2.0�[39m
2024-09-25T16:04:37.4373688Z ##[error]Dependency review detected incompatible licenses.
2024-09-25T16:04:37.4384661Z 
2024-09-25T16:04:37.4385244Z We could not detect a license for the following dependencies:
2024-09-25T16:04:37.4386440Z �[1mpyproject.toml » chia_rs@>= 0.13.0�[22m
2024-09-25T16:04:37.4387631Z �[1mpyproject.toml » clvm_tools@>= 0.4.9�[22m
2024-09-25T16:04:37.4388873Z �[1mpyproject.toml » clvm_tools_rs@>= 0.1.43�[22m
2024-09-25T16:04:37.4389984Z �[1mpyproject.toml » concurrent_log_handler@>= 0.9.25�[22m
2024-09-25T16:04:37.4391235Z �[1mpyproject.toml » aiohttp@>= 3.10.2�[22m
2024-09-25T16:04:37.4392376Z �[1mpyproject.toml » cryptography@>= 43.0.1�[22m
2024-09-25T16:04:37.4393342Z �[1mpyproject.toml » dnspython@>= 2.6.1�[22m
2024-09-25T16:04:37.4394480Z �[1mpyproject.toml » flake8@>= 7.1.1�[22m
2024-09-25T16:04:37.4395371Z �[1mpyproject.toml » lxml@>= 5.2.2�[22m
2024-09-25T16:04:37.4396113Z �[1mpyproject.toml » miniupnpc@>= 2.2.2�[22m
2024-09-25T16:04:37.4397052Z �[1mpyproject.toml » mypy@>= 1.11.1�[22m
2024-09-25T16:04:37.4397861Z �[1mpyproject.toml » packaging@>= 24.0�[22m
2024-09-25T16:04:37.4398963Z �[1mpyproject.toml » py3createtorrent@>= 1.2.1�[22m
2024-09-25T16:04:37.4400210Z �[1mpyproject.toml » pyinstaller@>= 6.9.0�[22m
2024-09-25T16:04:37.4401252Z �[1mpyproject.toml » setproctitle@>= 1.3.3�[22m
2024-09-25T16:04:37.4402264Z �[1mpyproject.toml » sortedcontainers@>= 2.4.0�[22m
2024-09-25T16:04:37.4403523Z �[1mpyproject.toml » typing-extensions@>= 4.11.0�[22m
2024-09-25T16:04:37.4405063Z ::group::Denied
2024-09-25T16:04:37.4405783Z ##[group]Denied
2024-09-25T16:04:37.4406918Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4408855Z ##[debug]Overall score 4.7
2024-09-25T16:04:37.4409889Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4410921Z ##[debug]Overall score 6.9
2024-09-25T16:04:37.4411767Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4412761Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4413662Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4414690Z ##[debug]Overall score 3.9
2024-09-25T16:04:37.4415614Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4416652Z ##[debug]Overall score 5.7
2024-09-25T16:04:37.4417731Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4419007Z ##[debug]Overall score 4.5
2024-09-25T16:04:37.4419915Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4421031Z ##[debug]Overall score 6.5
2024-09-25T16:04:37.4421948Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4423013Z ##[debug]Overall score 7.9
2024-09-25T16:04:37.4423902Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4424980Z ##[debug]Overall score 6
2024-09-25T16:04:37.4425867Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4426942Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4427867Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4429178Z ##[debug]Overall score 6
2024-09-25T16:04:37.4430107Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4431171Z ##[debug]Overall score 6.3
2024-09-25T16:04:37.4432095Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4433164Z ##[debug]Overall score 6.2
2024-09-25T16:04:37.4434089Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4435142Z ##[debug]Overall score 6.8
2024-09-25T16:04:37.4436058Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4437111Z ##[debug]Overall score 5.9
2024-09-25T16:04:37.4438035Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4439269Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4440233Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4441303Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4442282Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4443359Z ##[debug]Overall score 4.3
2024-09-25T16:04:37.4444281Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4445338Z ##[debug]Overall score 4.3
2024-09-25T16:04:37.4446221Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4447350Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4448285Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4449543Z ##[debug]Overall score 8.5
2024-09-25T16:04:37.4450455Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4451563Z ##[debug]Overall score 8.6
2024-09-25T16:04:37.4452476Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4453536Z ##[debug]Overall score 6
2024-09-25T16:04:37.4454395Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4455437Z ##[debug]Overall score 4.6
2024-09-25T16:04:37.4456294Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4457341Z ##[debug]Overall score 6.2
2024-09-25T16:04:37.4458221Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4459472Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4460440Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4461467Z ##[debug]Overall score 6
2024-09-25T16:04:37.4462362Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4463503Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4464549Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4465670Z ##[debug]Overall score 5.9
2024-09-25T16:04:37.4466665Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4467848Z ##[debug]Overall score 3.4
2024-09-25T16:04:37.4468958Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4470022Z ##[debug]Overall score 5.9
2024-09-25T16:04:37.4470963Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4472092Z ##[debug]Overall score 3.9
2024-09-25T16:04:37.4473078Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4474190Z ##[debug]Overall score 6.6
2024-09-25T16:04:37.4475122Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4476475Z ##[debug]Overall score undefined
2024-09-25T16:04:37.4477472Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4478730Z ##[debug]Overall score 6.3
2024-09-25T16:04:37.4479653Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4480727Z ##[debug]Overall score 7.6
2024-09-25T16:04:37.4481637Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4482722Z ##[debug]Overall score 5.9
2024-09-25T16:04:37.4483647Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4484710Z ##[debug]Overall score 3.4
2024-09-25T16:04:37.4485662Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4486961Z ##[debug]Overall score 5.5
2024-09-25T16:04:37.4488001Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4489300Z ##[debug]Overall score 7.2
2024-09-25T16:04:37.4490345Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4491468Z ##[debug]Overall score 6.4
2024-09-25T16:04:37.4492446Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4493562Z ##[debug]Overall score 5.2
2024-09-25T16:04:37.4494545Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4495684Z ##[debug]Overall score 5.5
2024-09-25T16:04:37.4496646Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4497750Z ##[debug]Overall score 4.3
2024-09-25T16:04:37.4498803Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4499968Z ##[debug]Overall score 5.6
2024-09-25T16:04:37.4500933Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4502027Z ##[debug]Overall score 4.8
2024-09-25T16:04:37.4502863Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4503898Z ##[debug]Overall score 6.4
2024-09-25T16:04:37.4504735Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4505728Z ##[debug]Overall score 3.4
2024-09-25T16:04:37.4506576Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4507530Z ##[debug]Overall score 5
2024-09-25T16:04:37.4508367Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4509557Z ##[debug]Overall score 3.4
2024-09-25T16:04:37.4510138Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4510808Z ##[debug]Overall score 7.2
2024-09-25T16:04:37.4511382Z ##[debug]Adding scorecard to summary
2024-09-25T16:04:37.4512039Z ##[debug]Overall score 4.7
2024-09-25T16:04:37.4512591Z ::group::Scorecard
2024-09-25T16:04:37.4513004Z ##[group]Scorecard
2024-09-25T16:04:37.4513394Z pip/aiofiles: OpenSSF Scorecard Score: 4.7
2024-09-25T16:04:37.4513854Z pip/aiohttp: OpenSSF Scorecard Score: 6.9
2024-09-25T16:04:37.4514417Z pip/aiohttp_cors: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4514939Z pip/aiosqlite: OpenSSF Scorecard Score: 3.9
2024-09-25T16:04:37.4515367Z pip/anyio: OpenSSF Scorecard Score: 5.7
2024-09-25T16:04:37.4515888Z pip/bitstring: OpenSSF Scorecard Score: 4.5
2024-09-25T16:04:37.4516355Z pip/black: OpenSSF Scorecard Score: 6.5
2024-09-25T16:04:37.4516764Z pip/boto3: OpenSSF Scorecard Score: 7.9
2024-09-25T16:04:37.4517261Z pip/build: OpenSSF Scorecard Score: 6
2024-09-25T16:04:37.4517741Z pip/chia_rs: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4518190Z pip/chiabip158: OpenSSF Scorecard Score: 6
2024-09-25T16:04:37.4518946Z pip/chiapos: OpenSSF Scorecard Score: 6.3
2024-09-25T16:04:37.4519430Z pip/chiavdf: OpenSSF Scorecard Score: 6.2
2024-09-25T16:04:37.4519843Z pip/click: OpenSSF Scorecard Score: 6.8
2024-09-25T16:04:37.4520349Z pip/clvm: OpenSSF Scorecard Score: 5.9
2024-09-25T16:04:37.4520842Z pip/clvm_tools: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4521336Z pip/clvm_tools_rs: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4521908Z pip/colorama: OpenSSF Scorecard Score: 4.3
2024-09-25T16:04:37.4522390Z pip/colorlog: OpenSSF Scorecard Score: 4.3
2024-09-25T16:04:37.4522932Z pip/concurrent_log_handler: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4523519Z pip/coverage: OpenSSF Scorecard Score: 8.5
2024-09-25T16:04:37.4523992Z pip/cryptography: OpenSSF Scorecard Score: 8.6
2024-09-25T16:04:37.4524559Z pip/diff-cover: OpenSSF Scorecard Score: 6
2024-09-25T16:04:37.4525069Z pip/dnslib: OpenSSF Scorecard Score: 4.6
2024-09-25T16:04:37.4525733Z pip/dnspython: OpenSSF Scorecard Score: 6.2
2024-09-25T16:04:37.4526253Z pip/filelock: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4526770Z pip/flake8: OpenSSF Scorecard Score: 6
2024-09-25T16:04:37.4527227Z pip/hsms: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4527820Z pip/importlib-resources: OpenSSF Scorecard Score: 5.9
2024-09-25T16:04:37.4528367Z pip/isort: OpenSSF Scorecard Score: 3.4
2024-09-25T16:04:37.4529048Z pip/keyring: OpenSSF Scorecard Score: 5.9
2024-09-25T16:04:37.4529583Z pip/keyrings.cryptfile: OpenSSF Scorecard Score: 3.9
2024-09-25T16:04:37.4530253Z pip/lxml: OpenSSF Scorecard Score: 6.6
2024-09-25T16:04:37.4530729Z pip/miniupnpc: OpenSSF Scorecard Score: undefined
2024-09-25T16:04:37.4531231Z pip/mypy: OpenSSF Scorecard Score: 6.3
2024-09-25T16:04:37.4531740Z pip/packaging: OpenSSF Scorecard Score: 7.6
2024-09-25T16:04:37.4532229Z pip/pip: OpenSSF Scorecard Score: 5.9
2024-09-25T16:04:37.4532708Z pip/py3createtorrent: OpenSSF Scorecard Score: 3.4
2024-09-25T16:04:37.4533264Z pip/pyinstaller: OpenSSF Scorecard Score: 5.5
2024-09-25T16:04:37.4533752Z pip/pylint: OpenSSF Scorecard Score: 7.2
2024-09-25T16:04:37.4534205Z pip/pytest: OpenSSF Scorecard Score: 6.4
2024-09-25T16:04:37.4534744Z pip/pytest-cov: OpenSSF Scorecard Score: 5.2
2024-09-25T16:04:37.4535292Z pip/pytest-mock: OpenSSF Scorecard Score: 5.5
2024-09-25T16:04:37.4536213Z pip/pytest-monitor: OpenSSF Scorecard Score: 4.3
2024-09-25T16:04:37.4537153Z pip/pytest-xdist: OpenSSF Scorecard Score: 5.6
2024-09-25T16:04:37.4537866Z pip/pyupgrade: OpenSSF Scorecard Score: 4.8
2024-09-25T16:04:37.4538879Z pip/pyyaml: OpenSSF Scorecard Score: 6.4
2024-09-25T16:04:37.4539671Z pip/setproctitle: OpenSSF Scorecard Score: 3.4
2024-09-25T16:04:37.4540377Z pip/setuptools: OpenSSF Scorecard Score: 5
2024-09-25T16:04:37.4541254Z pip/sortedcontainers: OpenSSF Scorecard Score: 3.4
2024-09-25T16:04:37.4542231Z pip/typing-extensions: OpenSSF Scorecard Score: 7.2
2024-09-25T16:04:37.4542981Z pip/watchdog: OpenSSF Scorecard Score: 4.7
2024-09-25T16:04:37.4543847Z ::group::Dependency Changes
2024-09-25T16:04:37.4544245Z ##[group]Dependency Changes
2024-09-25T16:04:37.4544729Z File: �[1mpyproject.toml�[22m
2024-09-25T16:04:37.4545135Z �[32m+ aiofiles@>= 24.1.0�[39m
2024-09-25T16:04:37.4545542Z �[32m+ aiohttp@>= 3.10.2�[39m
2024-09-25T16:04:37.4546012Z �[32m+ aiohttp_cors@>= 0.7.0�[39m
2024-09-25T16:04:37.4546419Z �[32m+ aiosqlite@>= 0.20.0�[39m
2024-09-25T16:04:37.4546816Z �[32m+ anyio@>= 4.3.0�[39m
2024-09-25T16:04:37.4547271Z �[32m+ bitstring@>= 4.1.4�[39m
2024-09-25T16:04:37.4547656Z �[32m+ black@>= 24.8.0�[39m
2024-09-25T16:04:37.4548057Z �[32m+ boto3@>= 1.34.143�[39m
2024-09-25T16:04:37.4548676Z �[32m+ build@>= 1.2.1�[39m
2024-09-25T16:04:37.4549082Z �[32m+ chia_rs@>= 0.13.0�[39m
2024-09-25T16:04:37.4549491Z �[32m+ chiabip158@>= 1.5.1�[39m
2024-09-25T16:04:37.4549986Z �[32m+ chiapos@>= 2.0.4�[39m
2024-09-25T16:04:37.4550346Z �[32m+ chiavdf@>= 1.1.4�[39m
2024-09-25T16:04:37.4550726Z �[32m+ click@>= 8.1.7�[39m
2024-09-25T16:04:37.4551202Z �[32m+ clvm@>= 0.9.10�[39m
2024-09-25T16:04:37.4551559Z �[32m+ clvm_tools@>= 0.4.9�[39m
2024-09-25T16:04:37.4551975Z �[32m+ clvm_tools_rs@>= 0.1.43�[39m
2024-09-25T16:04:37.4552477Z �[32m+ colorama@>= 0.4.6�[39m
2024-09-25T16:04:37.4552880Z �[32m+ colorlog@>= 6.8.2�[39m
2024-09-25T16:04:37.4553351Z �[32m+ concurrent_log_handler@>= 0.9.25�[39m
2024-09-25T16:04:37.4553881Z �[32m+ coverage@>= 7.6.1�[39m
2024-09-25T16:04:37.4554256Z �[32m+ cryptography@>= 43.0.1�[39m
2024-09-25T16:04:37.4554678Z �[32m+ diff-cover@>= 9.0.0�[39m
2024-09-25T16:04:37.4555154Z �[32m+ dnslib@>= 0.9.25�[39m
2024-09-25T16:04:37.4555519Z �[32m+ dnspython@>= 2.6.1�[39m
2024-09-25T16:04:37.4555920Z �[32m+ filelock@>= 3.15.4�[39m
2024-09-25T16:04:37.4556393Z �[32m+ flake8@>= 7.1.1�[39m
2024-09-25T16:04:37.4556745Z �[32m+ hsms@>= 0.3.1�[39m
2024-09-25T16:04:37.4557173Z �[32m+ importlib-resources@>= 6.4.0�[39m
2024-09-25T16:04:37.4557679Z �[32m+ isort@>= 5.13.2�[39m
2024-09-25T16:04:37.4558041Z �[32m+ keyring@>= 25.2.1�[39m
2024-09-25T16:04:37.4558870Z �[32m+ keyrings.cryptfile@>= 1.3.9�[39m
2024-09-25T16:04:37.4559398Z �[32m+ lxml@>= 5.2.2�[39m
2024-09-25T16:04:37.4559760Z �[32m+ miniupnpc@>= 2.2.2�[39m
2024-09-25T16:04:37.4560187Z �[32m+ mypy@>= 1.11.1�[39m
2024-09-25T16:04:37.4560537Z �[32m+ packaging@>= 24.0�[39m
2024-09-25T16:04:37.4560997Z �[32m+ pip@>= 24.2�[39m
2024-09-25T16:04:37.4561413Z �[32m+ py3createtorrent@>= 1.2.1�[39m
2024-09-25T16:04:37.4561832Z �[32m+ pyinstaller@>= 6.9.0�[39m
2024-09-25T16:04:37.4562329Z �[32m+ pylint@>= 3.2.6�[39m
2024-09-25T16:04:37.4562716Z �[32m+ pytest@>= 8.3.3�[39m
2024-09-25T16:04:37.4563201Z �[32m+ pytest-cov@>= 5.0.0�[39m
2024-09-25T16:04:37.4563730Z �[32m+ pytest-mock@>= 3.14.0�[39m
2024-09-25T16:04:37.4564166Z �[32m+ pytest-monitor@>= 1.6.6�[39m
2024-09-25T16:04:37.4564567Z �[32m+ pytest-xdist@>= 3.6.1�[39m
2024-09-25T16:04:37.4565075Z �[32m+ pyupgrade@>= 3.16.0�[39m
2024-09-25T16:04:37.4565479Z �[32m+ pyyaml@>= 6.0.1�[39m
2024-09-25T16:04:37.4565841Z �[32m+ setproctitle@>= 1.3.3�[39m
2024-09-25T16:04:37.4566351Z �[32m+ setuptools@>= 75.1.0�[39m
2024-09-25T16:04:37.4566782Z �[32m+ sortedcontainers@>= 2.4.0�[39m
2024-09-25T16:04:37.4567257Z �[32m+ typing-extensions@>= 4.11.0�[39m
2024-09-25T16:04:37.4567774Z �[32m+ watchdog@>= 4.0.1�[39m
2024-09-25T16:04:37.4568263Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4569045Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4569558Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4569960Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4570326Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4570763Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4571152Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4571515Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4571952Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4572333Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4572685Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4573137Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4573532Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4573872Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4574295Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4574676Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4575039Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4575517Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4575912Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4576294Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4576801Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4577206Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4577587Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4578042Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4578443Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4579195Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4579707Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4580083Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4580444Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4580958Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4581335Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4581708Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4582214Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4582580Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4582925Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4583375Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4583746Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4584088Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4584590Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4584991Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4585323Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4585779Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4586188Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4586586Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4587062Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4587468Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4587836Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4588284Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4589324Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4589917Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4590459Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4590908Z �[31m- [email protected]�[39m
2024-09-25T16:04:37.4591777Z ##[debug]The comment was too big for the GitHub API. Falling back on a minimum comment
2024-09-25T16:04:37.4592613Z ::endgroup::
2024-09-25T16:04:37.4592888Z ##[endgroup]
2024-09-25T16:04:37.4593450Z ::endgroup::
2024-09-25T16:04:37.4593764Z ##[endgroup]
2024-09-25T16:04:37.4594314Z ::endgroup::
2024-09-25T16:04:37.4594625Z ##[endgroup]
2024-09-25T16:04:37.4595170Z ::endgroup::
2024-09-25T16:04:37.4595570Z ##[endgroup]
2024-09-25T16:04:37.4596079Z ::endgroup::
2024-09-25T16:04:37.4596462Z ##[endgroup]
2024-09-25T16:04:37.4597697Z ##[debug]Node Action run completed with exit code 1
2024-09-25T16:04:37.4953911Z ##[debug]Set output vulnerable-changes = []
2024-09-25T16:04:37.4970750Z ##[debug]Set output invalid-license-changes = {"unlicensed":[{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":">= 0.13.0","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":">= 0.4.9","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":">= 0.1.43","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":">= 3.10.2","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":">= 43.0.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":">= 2.6.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":">= 7.1.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":">= 5.2.2","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":">= 2.2.2","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":">= 1.11.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":">= 24.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":">= 1.2.1","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":">= 6.9.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":">= 1.3.3","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":">= 2.4.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":">= 4.11.0","package_url":"","license":"NOASSERTION","source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]}],"unresolved":[],"forbidden":[{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":">= 3.2.6","package_url":"","license":"GPL-2.0","source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]}]}
2024-09-25T16:04:37.4987322Z ##[debug]Set output denied-changes = []
2024-09-25T16:04:37.5083896Z ##[debug]Set output dependency-changes = [{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":">= 24.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":">= 3.10.2","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":">= 0.7.0","package_url":"","license":null,"source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":">= 0.20.0","package_url":"","license":null,"source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":">= 4.3.0","package_url":"","license":null,"source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":">= 4.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":">= 24.8.0","package_url":"","license":null,"source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":">= 1.34.143","package_url":"","license":null,"source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":">= 0.13.0","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":">= 1.5.1","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":">= 2.0.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":">= 1.1.4","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":">= 8.1.7","package_url":"","license":null,"source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":">= 0.9.10","package_url":"","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":">= 0.4.9","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":">= 0.1.43","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":">= 0.4.6","package_url":"","license":null,"source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":">= 6.8.2","package_url":"","license":null,"source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":">= 7.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":">= 43.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":">= 9.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":">= 0.9.25","package_url":"","license":null,"source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":">= 2.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":">= 3.15.4","package_url":"","license":null,"source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":">= 7.1.1","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":">= 0.3.1","package_url":"","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":">= 6.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":">= 5.13.2","package_url":"","license":null,"source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":">= 25.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":">= 1.3.9","package_url":"","license":null,"source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":">= 5.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":">= 2.2.2","package_url":"","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":">= 1.11.1","package_url":"","license":null,"source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":">= 24.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":">= 24.2","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":">= 1.2.1","package_url":"","license":null,"source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":">= 6.9.0","package_url":"","license":null,"source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":">= 3.2.6","package_url":"","license":null,"source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":">= 8.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":">= 5.0.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":">= 3.14.0","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":">= 1.6.6","package_url":"","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":">= 3.6.1","package_url":"","license":null,"source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":">= 3.16.0","package_url":"","license":null,"source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":">= 6.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":">= 1.3.3","package_url":"","license":null,"source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":">= 75.1.0","package_url":"","license":null,"source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":">= 2.4.0","package_url":"","license":null,"source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":">= 4.11.0","package_url":"","license":null,"source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":">= 4.0.1","package_url":"","license":null,"source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiofiles","version":"24.1.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Tinche/aiofiles","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp","version":"3.10.2","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiohttp_cors","version":"0.7.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/aio-libs/aiohttp-cors","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"aiosqlite","version":"0.20.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/omnilib/aiosqlite","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"anyio","version":"4.3.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/agronholm/anyio","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"bitstring","version":"4.1.4","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/scott-griffiths/bitstring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"black","version":"24.8.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/psf/black","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"boto3","version":"1.34.143","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/boto/boto3","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"build","version":"1.2.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pypa/build","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chia_rs","version":"0.13.0","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiabip158","version":"1.5.1","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/Chia-Network/chiabip158","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiapos","version":"2.0.4","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiapos","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"chiavdf","version":"1.1.4","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Chia-Network/chiavdf","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"click","version":"8.1.7","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/pallets/click","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm","version":"0.9.10","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/Chia-Network/clvm","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools","version":"0.4.9","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"clvm_tools_rs","version":"0.1.43","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorama","version":"0.4.6","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/tartley/colorama","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"colorlog","version":"6.8.2","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/borntyping/python-colorlog","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"concurrent_log_handler","version":"0.9.25","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":null,"scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"coverage","version":"7.6.1","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/nedbat/coveragepy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"cryptography","version":"43.0.1","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0 OR (Apache-2.0 AND BSD-3-Clause)","source_repository_url":"https://github.com/pyca/cryptography","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"diff-cover","version":"9.0.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/Bachmann1234/diff_cover","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnslib","version":"0.9.25","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause","source_repository_url":"https://github.com/paulc/dnslib","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"dnspython","version":"2.6.1","package_url":"pkg:pypi/[email protected]","license":"ISC","source_repository_url":"https://github.com/rthalley/dnspython","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"filelock","version":"3.15.4","package_url":"pkg:pypi/[email protected]","license":"Unlicense","source_repository_url":"https://github.com/tox-dev/filelock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"flake8","version":"7.1.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/PyCQA/flake8","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"hsms","version":"0.3.1","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/richardkiss/hsms","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"importlib-resources","version":"6.4.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/python/importlib_resources","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"isort","version":"5.13.2","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/PyCQA/isort","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyring","version":"25.2.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/jaraco/keyring","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"keyrings.cryptfile","version":"1.3.9","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/frispete/keyrings.cryptfile","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"lxml","version":"5.2.2","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/lxml/lxml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"miniupnpc","version":"2.2.2","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/transmission/miniupnpc","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"mypy","version":"1.11.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/python/mypy","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"packaging","version":"24.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0 OR (Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause)","source_repository_url":"https://github.com/pypa/packaging","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pip","version":"24.2","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pypa/pip","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"py3createtorrent","version":"1.2.1","package_url":"pkg:pypi/[email protected]","license":"LGPL-3.0-or-later","source_repository_url":"https://github.com/rsnitsch/py3createtorrent","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyinstaller","version":"6.9.0","package_url":"pkg:pypi/[email protected]","license":"GPL-2.0-only","source_repository_url":"https://github.com/pyinstaller/pyinstaller","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pylint","version":"3.2.6","package_url":"pkg:pypi/[email protected]","license":"GPL-2.0-only AND GPL-2.0-or-later","source_repository_url":"https://github.com/pylint-dev/pylint","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest","version":"8.3.3","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-cov","version":"5.0.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-cov","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-mock","version":"3.14.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-mock","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-monitor","version":"1.6.6","package_url":"pkg:pypi/[email protected]","license":null,"source_repository_url":"https://github.com/CFMTech/pytest-monitor","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pytest-xdist","version":"3.6.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pytest-dev/pytest-xdist","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyupgrade","version":"3.16.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/asottile/pyupgrade","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"pyyaml","version":"6.0.1","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/yaml/pyyaml","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setproctitle","version":"1.3.3","package_url":"pkg:pypi/[email protected]","license":"BSD-2-Clause AND BSD-3-Clause","source_repository_url":"https://github.com/dvarrazzo/py-setproctitle","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"setuptools","version":"75.1.0","package_url":"pkg:pypi/[email protected]","license":"MIT","source_repository_url":"https://github.com/pypa/setuptools","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"sortedcontainers","version":"2.4.0","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/grantjenks/python-sortedcontainers","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"typing-extensions","version":"4.11.0","package_url":"pkg:pypi/[email protected]","license":"Python-2.0","source_repository_url":"https://github.com/python/typing","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"pyproject.toml","ecosystem":"pip","name":"watchdog","version":"4.0.1","package_url":"pkg:pypi/[email protected]","license":"Apache-2.0","source_repository_url":"https://github.com/gorakhargosh/watchdog","scope":"runtime","vulnerabilities":[]}]
2024-09-25T16:04:37.5365884Z ##[debug]Set output comment-content = <h1>Dependency Review</h1>
2024-09-25T16:04:37.5367847Z ##[debug]The following issues were found:<ul><li>✅ 0 vulnerable package(s)</li><li>❌ 1 package(s) with incompatible licenses</li><li>✅ 0 package(s) with invalid SPDX license definitions</li><li>⚠️ 17 package(s) with unknown licenses.</li></ul>
2024-09-25T16:04:37.5370602Z ##[debug]See the Details below.<h2>License Issues</h2>
2024-09-25T16:04:37.5371222Z ##[debug]<h4><em>pyproject.toml</em></h4>
2024-09-25T16:04:37.5386068Z ##[debug]<table><tr><td>Package</td><td>Version</td><td>License</td><td>Issue Type</td></tr><tr><td><a href="https://github.com/pylint-dev/pylint">pylint</a></td><td>>= 3.2.6</td><td>GPL-2.0</td><td>Incompatible License</td></tr><tr><td>chia_rs</td><td>>= 0.13.0</td><td>Null</td><td>Unknown License</td></tr><tr><td>clvm_tools</td><td>>= 0.4.9</td><td>Null</td><td>Unknown License</td></tr><tr><td>clvm_tools_rs</td><td>>= 0.1.43</td><td>Null</td><td>Unknown License</td></tr><tr><td>concurrent_log_handler</td><td>>= 0.9.25</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/aio-libs/aiohttp">aiohttp</a></td><td>>= 3.10.2</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/pyca/cryptography">cryptography</a></td><td>>= 43.0.1</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/rthalley/dnspython">dnspython</a></td><td>>= 2.6.1</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/PyCQA/flake8">flake8</a></td><td>>= 7.1.1</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/lxml/lxml">lxml</a></td><td>>= 5.2.2</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/transmission/miniupnpc">miniupnpc</a></td><td>>= 2.2.2</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/python/mypy">mypy</a></td><td>>= 1.11.1</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/pypa/packaging">packaging</a></td><td>>= 24.0</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/rsnitsch/py3createtorrent">py3createtorrent</a></td><td>>= 1.2.1</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/pyinstaller/pyinstaller">pyinstaller</a></td><td>>= 6.9.0</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/dvarrazzo/py-setproctitle">setproctitle</a></td><td>>= 1.3.3</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/grantjenks/python-sortedcontainers">sortedcontainers</a></td><td>>= 2.4.0</td><td>Null</td><td>Unknown License</td></tr><tr><td><a href="https://github.com/python/typing">typing-extensions</a></td><td>>= 4.11.0</td><td>Null</td><td>Unknown License</td></tr></table>
2024-09-25T16:04:37.5397048Z ##[debug]<blockquote><strong>Denied Licenses</strong>: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later</blockquote>
2024-09-25T16:04:37.5398444Z ##[debug]<blockquote><strong>Excluded from license check</strong>: pkg:pypi/pylint, pkg:pypi/pyinstaller</blockquote>
2024-09-25T16:04:37.5399295Z ##[debug]<h2>OpenSSF Scorecard</h2>
2024-09-25T16:04:37.5399661Z ##[debug]<details><summary>Scorecard details</summary>
2024-09-25T16:04:37.5400195Z ##[debug]<table><tr><th>Package</th><th>Version</th><th>Score</th><th>Details</th></tr>
2024-09-25T16:04:37.5400935Z ##[debug]<tr><td><a href="https://github.com/Tinche/aiofiles"> pip/aiofiles </a></td><td>>= 24.1.0</td>
2024-09-25T16:04:37.5407882Z ##[debug]      <td>:green_circle: 4.7</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 3</td><td>Found 6/18 approved changesets -- score normalized to 3</td></tr><tr><td>Maintained</td><td>:warning: 2</td><td>0 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 8</td><td>2 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5415148Z ##[debug]<tr><td><a href="https://github.com/aio-libs/aiohttp"> pip/aiohttp </a></td><td>>= 3.10.2</td>
2024-09-25T16:04:37.5422359Z ##[debug]      <td>:green_circle: 6.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 5</td><td>Found 15/28 approved changesets -- score normalized to 5</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5429837Z ##[debug]<tr><td><a href="https://github.com/aio-libs/aiohttp-cors"> pip/aiohttp_cors </a></td><td>>= 0.7.0</td>
2024-09-25T16:04:37.5430488Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5431109Z ##[debug]<tr><td><a href="https://github.com/omnilib/aiosqlite"> pip/aiosqlite </a></td><td>>= 0.20.0</td>
2024-09-25T16:04:37.5437858Z ##[debug]      <td>:green_circle: 3.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 5</td><td>Found 3/6 approved changesets -- score normalized to 5</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5445007Z ##[debug]<tr><td><a href="https://github.com/agronholm/anyio"> pip/anyio </a></td><td>>= 4.3.0</td>
2024-09-25T16:04:37.5452068Z ##[debug]      <td>:green_circle: 5.7</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 6</td><td>Found 13/21 approved changesets -- score normalized to 6</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>29 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5459549Z ##[debug]<tr><td><a href="https://github.com/scott-griffiths/bitstring"> pip/bitstring </a></td><td>>= 4.1.4</td>
2024-09-25T16:04:37.5466190Z ##[debug]      <td>:green_circle: 4.5</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 0/30 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>1 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>no SAST tool detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 2</td><td>dependency not pinned by hash detected -- score normalized to 2</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5473149Z ##[debug]<tr><td><a href="https://github.com/psf/black"> pip/black </a></td><td>>= 24.8.0</td>
2024-09-25T16:04:37.5480378Z ##[debug]      <td>:green_circle: 6.5</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 7</td><td>Found 21/27 approved changesets -- score normalized to 7</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5487796Z ##[debug]<tr><td><a href="https://github.com/boto/boto3"> pip/boto3 </a></td><td>>= 1.34.143</td>
2024-09-25T16:04:37.5494662Z ##[debug]      <td>:green_circle: 7.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 0/30 approved changesets -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool detected: CodeQL</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Pinned-Dependencies</td><td>:green_circle: 10</td><td>all dependencies are pinned</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5501847Z ##[debug]<tr><td><a href="https://github.com/pypa/build"> pip/build </a></td><td>>= 1.2.1</td>
2024-09-25T16:04:37.5508922Z ##[debug]      <td>:green_circle: 6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 9</td><td>Found 13/14 approved changesets -- score normalized to 9</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>20 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5515988Z ##[debug]<tr><td> pip/chia_rs </td><td>>= 0.13.0</td>
2024-09-25T16:04:37.5516382Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5517020Z ##[debug]<tr><td><a href="https://github.com/Chia-Network/chiabip158"> pip/chiabip158 </a></td><td>>= 1.5.1</td>
2024-09-25T16:04:37.5523744Z ##[debug]      <td>:green_circle: 6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>Maintained</td><td>:warning: 2</td><td>3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 6</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5530689Z ##[debug]<tr><td><a href="https://github.com/Chia-Network/chiapos"> pip/chiapos </a></td><td>>= 2.0.4</td>
2024-09-25T16:04:37.5537294Z ##[debug]      <td>:green_circle: 6.3</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>Branch-Protection</td><td>:warning: 1</td><td>branch protection is not maximal on development and all release branches</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5544083Z ##[debug]<tr><td><a href="https://github.com/Chia-Network/chiavdf"> pip/chiavdf </a></td><td>>= 1.1.4</td>
2024-09-25T16:04:37.5550865Z ##[debug]      <td>:green_circle: 6.2</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 6</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5557969Z ##[debug]<tr><td><a href="https://github.com/pallets/click"> pip/click </a></td><td>>= 8.1.7</td>
2024-09-25T16:04:37.5565058Z ##[debug]      <td>:green_circle: 6.8</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 1</td><td>Found 2/13 approved changesets -- score normalized to 1</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>21 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:green_circle: 10</td><td>4 out of the last 4 releases have a total of 4 signed artifacts.</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 3</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:green_circle: 5</td><td>dependency not pinned by hash detected -- score normalized to 5</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 9</td><td>security policy file detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5572294Z ##[debug]<tr><td><a href="https://github.com/Chia-Network/clvm"> pip/clvm </a></td><td>>= 0.9.10</td>
2024-09-25T16:04:37.5579008Z ##[debug]      <td>:green_circle: 5.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>Maintained</td><td>:warning: 2</td><td>3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 6</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:green_circle: 8</td><td>SAST tool is not run on all commits -- score normalized to 8</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5585856Z ##[debug]<tr><td> pip/clvm_tools </td><td>>= 0.4.9</td>
2024-09-25T16:04:37.5586262Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5586680Z ##[debug]<tr><td> pip/clvm_tools_rs </td><td>>= 0.1.43</td>
2024-09-25T16:04:37.5587192Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5587795Z ##[debug]<tr><td><a href="https://github.com/tartley/colorama"> pip/colorama </a></td><td>>= 0.4.6</td>
2024-09-25T16:04:37.5594547Z ##[debug]      <td>:green_circle: 4.3</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 3</td><td>Found 5/16 approved changesets -- score normalized to 3</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5601536Z ##[debug]<tr><td><a href="https://github.com/borntyping/python-colorlog"> pip/colorlog </a></td><td>>= 6.8.2</td>
2024-09-25T16:04:37.5608404Z ##[debug]      <td>:green_circle: 4.3</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 1</td><td>Found 3/29 approved changesets -- score normalized to 1</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5615647Z ##[debug]<tr><td> pip/concurrent_log_handler </td><td>>= 0.9.25</td>
2024-09-25T16:04:37.5616217Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5616834Z ##[debug]<tr><td><a href="https://github.com/nedbat/coveragepy"> pip/coverage </a></td><td>>= 7.6.1</td>
2024-09-25T16:04:37.5623679Z ##[debug]      <td>:green_circle: 8.5</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 2/27 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>CII-Best-Practices</td><td>:green_circle: 5</td><td>badge detected: Passing</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Pinned-Dependencies</td><td>:green_circle: 5</td><td>dependency not pinned by hash detected -- score normalized to 5</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5630730Z ##[debug]<tr><td><a href="https://github.com/pyca/cryptography"> pip/cryptography </a></td><td>>= 43.0.1</td>
2024-09-25T16:04:37.5637543Z ##[debug]      <td>:green_circle: 8.6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Pinned-Dependencies</td><td>:green_circle: 4</td><td>dependency not pinned by hash detected -- score normalized to 4</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5644926Z ##[debug]<tr><td><a href="https://github.com/Bachmann1234/diff_cover"> pip/diff-cover </a></td><td>>= 9.0.0</td>
2024-09-25T16:04:37.5651859Z ##[debug]      <td>:green_circle: 6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 5</td><td>Found 6/12 approved changesets -- score normalized to 5</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5660792Z ##[debug]<tr><td><a href="https://github.com/paulc/dnslib"> pip/dnslib </a></td><td>>= 0.9.25</td>
2024-09-25T16:04:37.5673072Z ##[debug]      <td>:green_circle: 4.6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 2</td><td>Found 5/23 approved changesets -- score normalized to 2</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>5 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5686364Z ##[debug]<tr><td><a href="https://github.com/rthalley/dnspython"> pip/dnspython </a></td><td>>= 2.6.1</td>
2024-09-25T16:04:37.5699501Z ##[debug]      <td>:green_circle: 6.2</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 1</td><td>Found 5/30 approved changesets -- score normalized to 1</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:green_circle: 9</td><td>SAST tool detected but not run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5713012Z ##[debug]<tr><td><a href="https://github.com/tox-dev/filelock"> pip/filelock </a></td><td>>= 3.15.4</td>
2024-09-25T16:04:37.5714155Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5715202Z ##[debug]<tr><td><a href="https://github.com/PyCQA/flake8"> pip/flake8 </a></td><td>>= 7.1.1</td>
2024-09-25T16:04:37.5725498Z ##[debug]      <td>:green_circle: 6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 5</td><td>Found 5/10 approved changesets -- score normalized to 5</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>5 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5733298Z ##[debug]<tr><td><a href="https://github.com/richardkiss/hsms"> pip/hsms </a></td><td>>= 0.3.1</td>
2024-09-25T16:04:37.5733924Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5734629Z ##[debug]<tr><td><a href="https://github.com/python/importlib_resources"> pip/importlib-resources </a></td><td>>= 6.4.0</td>
2024-09-25T16:04:37.5741620Z ##[debug]      <td>:green_circle: 5.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 0/28 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5748601Z ##[debug]<tr><td><a href="https://github.com/PyCQA/isort"> pip/isort </a></td><td>>= 5.13.2</td>
2024-09-25T16:04:37.5755179Z ##[debug]      <td>:green_circle: 3.4</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 7</td><td>Found 10/14 approved changesets -- score normalized to 7</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 8</td><td>binaries present in source code</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:warning: 0</td><td>11 existing vulnerabilities detected</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5762452Z ##[debug]<tr><td><a href="https://github.com/jaraco/keyring"> pip/keyring </a></td><td>>= 25.2.1</td>
2024-09-25T16:04:37.5769290Z ##[debug]      <td>:green_circle: 5.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 2/25 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5776363Z ##[debug]<tr><td><a href="https://github.com/frispete/keyrings.cryptfile"> pip/keyrings.cryptfile </a></td><td>>= 1.3.9</td>
2024-09-25T16:04:37.5783268Z ##[debug]      <td>:green_circle: 3.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 5</td><td>Found 8/15 approved changesets -- score normalized to 5</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5790390Z ##[debug]<tr><td><a href="https://github.com/lxml/lxml"> pip/lxml </a></td><td>>= 5.2.2</td>
2024-09-25T16:04:37.5797691Z ##[debug]      <td>:green_circle: 6.6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 2/27 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 1</td><td>dependency not pinned by hash detected -- score normalized to 1</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5805746Z ##[debug]<tr><td><a href="https://github.com/transmission/miniupnpc"> pip/miniupnpc </a></td><td>>= 2.2.2</td>
2024-09-25T16:04:37.5806391Z ##[debug]      <td> Unknown</td><td>Unknown</td></tr>
2024-09-25T16:04:37.5806950Z ##[debug]<tr><td><a href="https://github.com/python/mypy"> pip/mypy </a></td><td>>= 1.11.1</td>
2024-09-25T16:04:37.5814018Z ##[debug]      <td>:green_circle: 6.3</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 8</td><td>Found 23/28 approved changesets -- score normalized to 8</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5821399Z ##[debug]<tr><td><a href="https://github.com/pypa/packaging"> pip/packaging </a></td><td>>= 24.0</td>
2024-09-25T16:04:37.5828334Z ##[debug]      <td>:green_circle: 7.6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 8</td><td>Found 21/26 approved changesets -- score normalized to 8</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>15 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:green_circle: 9</td><td>security policy file detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 4</td><td>binaries present in source code</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:green_circle: 10</td><td>all dependencies are pinned</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 9</td><td>1 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:green_circle: 10</td><td>SAST tool is run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5835516Z ##[debug]<tr><td><a href="https://github.com/pypa/pip"> pip/pip </a></td><td>>= 24.2</td>
2024-09-25T16:04:37.5846892Z ##[debug]      <td>:green_circle: 5.9</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 2</td><td>badge detected: InProgress</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Security-Policy</td><td>:green_circle: 9</td><td>security policy file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 3</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Binary-Artifacts</td><td>:warning: 0</td><td>binaries present in source code</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5859755Z ##[debug]<tr><td><a href="https://github.com/rsnitsch/py3createtorrent"> pip/py3createtorrent </a></td><td>>= 1.2.1</td>
2024-09-25T16:04:37.5867242Z ##[debug]      <td>:green_circle: 3.4</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 0/11 approved changesets -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5874363Z ##[debug]<tr><td><a href="https://github.com/pyinstaller/pyinstaller"> pip/pyinstaller </a></td><td>>= 6.9.0</td>
2024-09-25T16:04:37.5881459Z ##[debug]      <td>:green_circle: 5.5</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:warning: 0</td><td>binaries present in source code</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5888880Z ##[debug]<tr><td><a href="https://github.com/pylint-dev/pylint"> pip/pylint </a></td><td>>= 3.2.6</td>
2024-09-25T16:04:37.5895530Z ##[debug]      <td>:green_circle: 7.2</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 9</td><td>Found 19/20 approved changesets -- score normalized to 9</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>CII-Best-Practices</td><td>:green_circle: 5</td><td>badge detected: Passing</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 9</td><td>security policy file detected</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 8</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>SAST</td><td>:green_circle: 9</td><td>SAST tool detected but not run on all commits</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5902458Z ##[debug]<tr><td><a href="https://github.com/pytest-dev/pytest"> pip/pytest </a></td><td>>= 8.3.3</td>
2024-09-25T16:04:37.5909534Z ##[debug]      <td>:green_circle: 6.4</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 9</td><td>Found 10/11 approved changesets -- score normalized to 9</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Branch-Protection</td><td>:green_circle: 8</td><td>branch protection is not maximal on development and all release branches</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 9</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5916812Z ##[debug]<tr><td><a href="https://github.com/pytest-dev/pytest-cov"> pip/pytest-cov </a></td><td>>= 5.0.0</td>
2024-09-25T16:04:37.5924054Z ##[debug]      <td>:green_circle: 5.2</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>14 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>Code-Review</td><td>:warning: 2</td><td>Found 6/22 approved changesets -- score normalized to 2</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 5</td><td>5 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5931242Z ##[debug]<tr><td><a href="https://github.com/pytest-dev/pytest-mock"> pip/pytest-mock </a></td><td>>= 3.14.0</td>
2024-09-25T16:04:37.5938394Z ##[debug]      <td>:green_circle: 5.5</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 2</td><td>Found 1/4 approved changesets -- score normalized to 2</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>20 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5945979Z ##[debug]<tr><td><a href="https://github.com/CFMTech/pytest-monitor"> pip/pytest-monitor </a></td><td>>= 1.6.6</td>
2024-09-25T16:04:37.5952725Z ##[debug]      <td>:green_circle: 4.3</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 2</td><td>Found 3/15 approved changesets -- score normalized to 2</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: -1</td><td>No tokens found</td></tr><tr><td>Dangerous-Workflow</td><td>:warning: -1</td><td>no workflows found</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: -1</td><td>no dependencies found</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 9</td><td>1 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:green_circle: 7</td><td>SAST tool is not run on all commits -- score normalized to 7</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5959678Z ##[debug]<tr><td><a href="https://github.com/pytest-dev/pytest-xdist"> pip/pytest-xdist </a></td><td>>= 3.6.1</td>
2024-09-25T16:04:37.5966698Z ##[debug]      <td>:green_circle: 5.6</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>20 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>Code-Review</td><td>:green_circle: 10</td><td>all changesets reviewed</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: 0</td><td>Project has not signed or included provenance with any releases.</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5974071Z ##[debug]<tr><td><a href="https://github.com/asottile/pyupgrade"> pip/pyupgrade </a></td><td>>= 3.16.0</td>
2024-09-25T16:04:37.5980774Z ##[debug]      <td>:green_circle: 4.8</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 1</td><td>Found 1/6 approved changesets -- score normalized to 1</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>13 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: -1</td><td>no dependencies found</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.5987555Z ##[debug]<tr><td><a href="https://github.com/yaml/pyyaml"> pip/pyyaml </a></td><td>>= 6.0.1</td>
2024-09-25T16:04:37.5999612Z ##[debug]      <td>:green_circle: 6.4</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 2</td><td>Found 7/30 approved changesets -- score normalized to 2</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>2 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.6012922Z ##[debug]<tr><td><a href="https://github.com/dvarrazzo/py-setproctitle"> pip/setproctitle </a></td><td>>= 1.3.3</td>
2024-09-25T16:04:37.6024696Z ##[debug]      <td>:green_circle: 3.4</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 2/26 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.6032157Z ##[debug]<tr><td><a href="https://github.com/pypa/setuptools"> pip/setuptools </a></td><td>>= 75.1.0</td>
2024-09-25T16:04:37.6039047Z ##[debug]      <td>:green_circle: 5</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>Code-Review</td><td>:warning: 1</td><td>Found 2/15 approved changesets -- score normalized to 1</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Binary-Artifacts</td><td>:warning: 2</td><td>binaries present in source code</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:green_circle: 10</td><td>project is fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.6046057Z ##[debug]<tr><td><a href="https://github.com/grantjenks/python-sortedcontainers"> pip/sortedcontainers </a></td><td>>= 2.4.0</td>
2024-09-25T16:04:37.6053110Z ##[debug]      <td>:green_circle: 3.4</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 1/30 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:warning: 0</td><td>0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr></table></details></td></tr>
2024-09-25T16:04:37.6060352Z ##[debug]<tr><td><a href="https://github.com/python/typing"> pip/typing-extensions </a></td><td>>= 4.11.0</td>
2024-09-25T16:04:37.6067356Z ##[debug]      <td>:green_circle: 7.2</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:green_circle: 7</td><td>Found 21/29 approved changesets -- score normalized to 7</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 9</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Branch-Protection</td><td>:warning: -1</td><td>internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration</td></tr><tr><td>Token-Permissions</td><td>:green_circle: 10</td><td>GitHub workflow tokens follow principle of least privilege</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Packaging</td><td>:warning: -1</td><td>packaging workflow not detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Security-Policy</td><td>:green_circle: 10</td><td>security policy file detected</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr></table></details></td></tr>
2024-09-25T16:04:37.6074788Z ##[debug]<tr><td><a href="https://github.com/gorakhargosh/watchdog"> pip/watchdog </a></td><td>>= 4.0.1</td>
2024-09-25T16:04:37.6081716Z ##[debug]      <td>:green_circle: 4.7</td><td><details><summary>Details</summary><table><tr><th>Check</th><th>Score</th><th>Reason</th></tr><tr><td>Code-Review</td><td>:warning: 0</td><td>Found 2/30 approved changesets -- score normalized to 0</td></tr><tr><td>Maintained</td><td>:green_circle: 10</td><td>30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10</td></tr><tr><td>CII-Best-Practices</td><td>:warning: 0</td><td>no effort to earn an OpenSSF best practices badge detected</td></tr><tr><td>License</td><td>:green_circle: 10</td><td>license file detected</td></tr><tr><td>Signed-Releases</td><td>:warning: -1</td><td>no releases found</td></tr><tr><td>Dangerous-Workflow</td><td>:green_circle: 10</td><td>no dangerous workflow patterns detected</td></tr><tr><td>Binary-Artifacts</td><td>:green_circle: 10</td><td>no binaries found in the repo</td></tr><tr><td>Token-Permissions</td><td>:warning: 0</td><td>detected GitHub workflow tokens with excessive permissions</td></tr><tr><td>Pinned-Dependencies</td><td>:warning: 0</td><td>dependency not pinned by hash detected -- score normalized to 0</td></tr><tr><td>Branch-Protection</td><td>:warning: 0</td><td>branch protection not enabled on development/release branches</td></tr><tr><td>Security-Policy</td><td>:warning: 0</td><td>security policy file not detected</td></tr><tr><td>Vulnerabilities</td><td>:green_circle: 10</td><td>0 existing vulnerabilities detected</td></tr><tr><td>Fuzzing</td><td>:warning: 0</td><td>project is not fuzzed</td></tr><tr><td>SAST</td><td>:warning: 0</td><td>SAST tool is not run on all commits -- score normalized to 0</td></tr><tr><td>Packaging</td><td>:green_circle: 10</td><td>packaging workflow detected</td></tr></table></details></td></tr>
2024-09-25T16:04:37.6088648Z ##[debug]</table></details><h2>Scanned Manifest Files</h2>
2024-09-25T16:04:37.6097831Z ##[debug]<details><summary>pyproject.toml</summary><ul><li>aiofiles@>= 24.1.0</li><li>aiohttp@>= 3.10.2</li><li>aiohttp_cors@>= 0.7.0</li><li>aiosqlite@>= 0.20.0</li><li>anyio@>= 4.3.0</li><li>bitstring@>= 4.1.4</li><li>black@>= 24.8.0</li><li>boto3@>= 1.34.143</li><li>build@>= 1.2.1</li><li>chia_rs@>= 0.13.0</li><li>chiabip158@>= 1.5.1</li><li>chiapos@>= 2.0.4</li><li>chiavdf@>= 1.1.4</li><li>click@>= 8.1.7</li><li>clvm@>= 0.9.10</li><li>clvm_tools@>= 0.4.9</li><li>clvm_tools_rs@>= 0.1.43</li><li>colorama@>= 0.4.6</li><li>colorlog@>= 6.8.2</li><li>concurrent_log_handler@>= 0.9.25</li><li>coverage@>= 7.6.1</li><li>cryptography@>= 43.0.1</li><li>diff-cover@>= 9.0.0</li><li>dnslib@>= 0.9.25</li><li>dnspython@>= 2.6.1</li><li>filelock@>= 3.15.4</li><li>flake8@>= 7.1.1</li><li>hsms@>= 0.3.1</li><li>importlib-resources@>= 6.4.0</li><li>isort@>= 5.13.2</li><li>keyring@>= 25.2.1</li><li>keyrings.cryptfile@>= 1.3.9</li><li>lxml@>= 5.2.2</li><li>miniupnpc@>= 2.2.2</li><li>mypy@>= 1.11.1</li><li>packaging@>= 24.0</li><li>pip@>= 24.2</li><li>py3createtorrent@>= 1.2.1</li><li>pyinstaller@>= 6.9.0</li><li>pylint@>= 3.2.6</li><li>pytest@>= 8.3.3</li><li>pytest-cov@>= 5.0.0</li><li>pytest-mock@>= 3.14.0</li><li>pytest-monitor@>= 1.6.6</li><li>pytest-xdist@>= 3.6.1</li><li>pyupgrade@>= 3.16.0</li><li>pyyaml@>= 6.0.1</li><li>setproctitle@>= 1.3.3</li><li>setuptools@>= 75.1.0</li><li>sortedcontainers@>= 2.4.0</li><li>typing-extensions@>= 4.11.0</li><li>watchdog@>= 4.0.1</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li><li>[email protected]</li></ul></details>
2024-09-25T16:04:37.6107104Z ##[debug]
2024-09-25T16:04:37.6109820Z ##[debug]Finishing: Dependency Review
2024-09-25T16:04:37.6128229Z ##[debug]Evaluating condition for step: 'Post Checkout Repository'
2024-09-25T16:04:37.6130812Z ##[debug]Evaluating: always()
2024-09-25T16:04:37.6131225Z ##[debug]Evaluating always:
2024-09-25T16:04:37.6132041Z ##[debug]=> true
2024-09-25T16:04:37.6132487Z ##[debug]Result: true
2024-09-25T16:04:37.6133174Z ##[debug]Starting: Post Checkout Repository
2024-09-25T16:04:37.6166821Z ##[debug]Loading inputs
2024-09-25T16:04:37.6167719Z ##[debug]Evaluating: github.repository
2024-09-25T16:04:37.6168104Z ##[debug]Evaluating Index:
2024-09-25T16:04:37.6168440Z ##[debug]..Evaluating github:
2024-09-25T16:04:37.6168955Z ##[debug]..=> Object
2024-09-25T16:04:37.6169219Z ##[debug]..Evaluating String:
2024-09-25T16:04:37.6169516Z ##[debug]..=> 'repository'
2024-09-25T16:04:37.6169865Z ##[debug]=> 'Chia-Network/chia-blockchain'
2024-09-25T16:04:37.6170262Z ##[debug]Result: 'Chia-Network/chia-blockchain'
2024-09-25T16:04:37.6171921Z ##[debug]Evaluating: github.token
2024-09-25T16:04:37.6172277Z ##[debug]Evaluating Index:
2024-09-25T16:04:37.6172559Z ##[debug]..Evaluating github:
2024-09-25T16:04:37.6172861Z ##[debug]..=> Object
2024-09-25T16:04:37.6173132Z ##[debug]..Evaluating String:
2024-09-25T16:04:37.6173410Z ##[debug]..=> 'token'
2024-09-25T16:04:37.6173867Z ##[debug]=> '***'
2024-09-25T16:04:37.6174253Z ##[debug]Result: '***'
2024-09-25T16:04:37.6183234Z ##[debug]Loading env
2024-09-25T16:04:37.6187828Z Post job cleanup.
2024-09-25T16:04:37.7112417Z ##[debug]Getting git version
2024-09-25T16:04:37.7126819Z [command]/usr/bin/git version
2024-09-25T16:04:37.7162730Z git version 2.46.1
2024-09-25T16:04:37.7185267Z ##[debug]0
2024-09-25T16:04:37.7186055Z ##[debug]git version 2.46.1
2024-09-25T16:04:37.7186539Z ##[debug]
2024-09-25T16:04:37.7187726Z ##[debug]Set git useragent to: git/2.46.1 (github-actions-checkout)
2024-09-25T16:04:37.7191291Z ::add-mask::***
2024-09-25T16:04:37.7213329Z Temporarily overriding HOME='/home/runner/work/_temp/cda30151-6a69-4e9d-acb1-05492fd958a6' before making global git config changes
2024-09-25T16:04:37.7215046Z Adding repository directory to the temporary git global config as a safe directory
2024-09-25T16:04:37.7219799Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/chia-blockchain/chia-blockchain
2024-09-25T16:04:37.7250904Z ##[debug]0
2024-09-25T16:04:37.7251613Z ##[debug]
2024-09-25T16:04:37.7258284Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-09-25T16:04:37.7283605Z ##[debug]1
2024-09-25T16:04:37.7284306Z ##[debug]
2024-09-25T16:04:37.7289857Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-09-25T16:04:37.7522377Z ##[debug]0
2024-09-25T16:04:37.7522850Z ##[debug]
2024-09-25T16:04:37.7528020Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-09-25T16:04:37.7547801Z http.https://github.com/.extraheader
2024-09-25T16:04:37.7554423Z ##[debug]0
2024-09-25T16:04:37.7555278Z ##[debug]http.https://github.com/.extraheader
2024-09-25T16:04:37.7555946Z ##[debug]
2024-09-25T16:04:37.7561135Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-09-25T16:04:37.7587033Z ##[debug]0
2024-09-25T16:04:37.7587705Z ##[debug]
2024-09-25T16:04:37.7593631Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-09-25T16:04:37.7810420Z ##[debug]0
2024-09-25T16:04:37.7810949Z ##[debug]
2024-09-25T16:04:37.7811392Z ##[debug]Unsetting HOME override
2024-09-25T16:04:37.7876757Z ##[debug]Node Action run completed with exit code 0
2024-09-25T16:04:37.7879897Z ##[debug]Finishing: Post Checkout Repository
2024-09-25T16:04:37.8037833Z ##[debug]Starting: Complete job
2024-09-25T16:04:37.8039605Z Uploading runner diagnostic logs
2024-09-25T16:04:37.8087266Z ##[debug]Starting diagnostic file upload.
2024-09-25T16:04:37.8087688Z ##[debug]Setting up diagnostic log folders.
2024-09-25T16:04:37.8090160Z ##[debug]Creating diagnostic log files folder.
2024-09-25T16:04:37.8107276Z ##[debug]Copying 1 worker diagnostic logs.
2024-09-25T16:04:37.8124163Z ##[debug]Copying 1 runner diagnostic logs.
2024-09-25T16:04:37.8125752Z ##[debug]Zipping diagnostic files.
2024-09-25T16:04:37.8185973Z ##[debug]Uploading diagnostic metadata file.
2024-09-25T16:04:37.8206420Z ##[debug]Diagnostic file upload complete.
2024-09-25T16:04:37.8207081Z Completed runner diagnostic log upload
2024-09-25T16:04:37.8207452Z Cleaning up orphan processes
2024-09-25T16:04:37.8535461Z ##[debug]Finishing: Complete job
2024-09-25T16:04:37.8648374Z ##[debug]Finishing: dependency-review
workflow source 
# Managed by repo-content-updater
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: "🚨 Dependency Review"
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: "Checkout Repository"
        uses: actions/checkout@v4

      - name: "Dependency Review"
        uses: actions/dependency-review-action@v4
        with:
          allow-dependencies-licenses: pkg:pypi/pylint, pkg:pypi/pyinstaller
          deny-licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later

https://github.com/Chia-Network/chia-blockchain/actions/runs/10356234775/workflow?pr=18305
@altendky altendky added the bug Something isn't working label Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@altendky