chore(deps): update all non-major dependencies

[renovate-coveooss]

DEF-160

This PR contains the following updates:

Package	Type	Update	Change
PyYAML (source)	dev-dependencies	patch	6.0.1 -> 6.0.2
black (changelog)	dev-dependencies	minor	24.4.2 -> 24.8.0
mypy (source, changelog)	dev-dependencies	minor	1.10.1 -> 1.11.1
pre-commit	dev-dependencies	minor	3.7.1 -> 3.8.0
pycodestyle (changelog)	dev-dependencies	patch	2.12.0 -> 2.12.1
pylint (changelog)	dev-dependencies	patch	3.2.5 -> 3.2.6
pytest (changelog)	dev-dependencies	minor	8.2.2 -> 8.3.2

---

Release Notes

yaml/pyyaml (PyYAML)

v6.0.2

Compare Source

What's Changed

• Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

psf/black (black)

v24.8.0

Compare Source

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#​4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also
  linked. This improves the PyPI listing for Black. (#​4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another
  multiline string (#​4339)
• Fix regression where Black failed to parse an escaped single quote inside an f-string
  (#​4401)
• Fix bug with Black incorrectly parsing empty lines with a backslash (#​4343)
• Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#​4422)
• Fix incorrect line numbers in the tokenizer for certain tokens within f-strings
  (#​4423)

Performance

• Improve performance when a large directory is listed in .gitignore (#​4415)

Blackd

• Fix blackd (and all extras installs) for docker container (#​4357)

python/mypy (mypy)

v1.11.1

Compare Source

v1.11.0

Compare Source

pre-commit/pre-commit (pre-commit)

v3.8.0

Compare Source

==================

Features

• Implement health checks for language: r so environments are recreated if
  the system version of R changes.
  • #​3206 issue by @​lorenzwalthert.
  • #​3265 PR by @​lorenzwalthert.

pylint-dev/pylint (pylint)

v3.2.6

Compare Source

What's new in Pylint 3.2.6?

Release date: 2024-07-21

False Positives Fixed

• Quiet false positives for unexpected-keyword-arg when pylint cannot
  determine which of two or more dynamically defined classes is being instantiated.

  Closes #​9672

• Fix a false positive for missing-param-doc where a method which is decorated with typing.overload was expected to have a docstring specifying its parameters.

  Closes #​9739

• Fix a regression that raised invalid-name on class attributes merely
  overriding invalid names from an ancestor.

  Closes #​9765

• Treat assert_never() the same way when imported from typing_extensions.

  Closes #​9780

• Fix a false positive for consider-using-min-max-builtin when the assignment target is an attribute.

  Refs #​9800

Other Bug Fixes

• Fix an AssertionError arising from properties that return partial functions.

  Closes #​9214

• Fix a crash when a subclass extends __slots__.

  Closes #​9814

pytest-dev/pytest (pytest)

v8.3.2

Compare Source

pytest 8.3.2 (2024-07-24)

Bug fixes

• #​12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.

  -- by RonnyPfannschmidt{.interpreted-text role="user"}

v8.3.1

Compare Source

pytest 8.3.1 (2024-07-20)

The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.

v8.3.0

Compare Source

pytest 8.3.0 (2024-07-20)

New features

• #​12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.

  • If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
  • The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
  • Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.

  Some history:

  With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.

  This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.

• #​12281: Added support for keyword matching in marker expressions.

  Now tests can be selected by marker keyword arguments.
  Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.

  See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.

  -- by lovetheguitar{.interpreted-text role="user"}

• #​12567: Added --no-fold-skipped command line option.

  If this option is set, then skipped tests in short summary are no longer grouped
  by reason but all tests are printed individually with their nodeid in the same
  way as other statuses.

  -- by pbrezina{.interpreted-text role="user"}

Improvements in existing functionality

• #​12469: The console output now uses the "third-party plugins" terminology,
  replacing the previously established but confusing and outdated
  reference to setuptools <setuptools:index>{.interpreted-text role="std:doc"}
  -- by webknjaz{.interpreted-text role="user"}.

• #​12544, #​12545: Python virtual environment detection was improved by
  checking for a pyvenv.cfg{.interpreted-text role="file"} file, ensuring reliable detection on
  various platforms -- by zachsnickers{.interpreted-text role="user"}.

• #​2871: Do not truncate arguments to functions in output when running with [-vvv]{.title-ref}.

• #​389: The readability of assertion introspection of bound methods has been enhanced
  -- by farbodahm{.interpreted-text role="user"}, webknjaz{.interpreted-text role="user"}, obestwalter{.interpreted-text role="user"}, flub{.interpreted-text role="user"}
  and glyphack{.interpreted-text role="user"}.

  Earlier, it was like:

  =================================== FAILURES ===================================
  _____________________________________ test _____________________________________
  
      def test():
  >       assert Help().fun() == 2
  E       assert 1 == 2
  E        +  where 1 = <bound method Help.fun of <example.Help instance at 0x256a830>>()
  E        +    where <bound method Help.fun of <example.Help instance at 0x256a830>> = <example.Help instance at 0x256a830>.fun
  E        +      where <example.Help instance at 0x256a830> = Help()
  
  example.py:7: AssertionError
  =========================== 1 failed in 0.03 seconds ===========================

  And now it's like:

  =================================== FAILURES ===================================
  _____________________________________ test _____________________________________
  
      def test():
  >       assert Help().fun() == 2
  E       assert 1 == 2
  E        +  where 1 = fun()
  E        +    where fun = <test_local.Help object at 0x1074be230>.fun
  E        +      where <test_local.Help object at 0x1074be230> = Help()
  
  test_local.py:13: AssertionError
  =========================== 1 failed in 0.03 seconds ===========================

• #​7662: Added timezone information to the testsuite timestamp in the JUnit XML report.

Bug fixes

• #​11706: Fixed reporting of teardown errors in higher-scoped fixtures when using [--maxfail]{.title-ref} or [--stepwise]{.title-ref}.

  Originally added in pytest 8.0.0, but reverted in 8.0.2 due to a regression in pytest-xdist.
  This regression was fixed in pytest-xdist 3.6.1.

• #​11797: pytest.approx{.interpreted-text role="func"} now correctly handles Sequence <collections.abc.Sequence>{.interpreted-text role="class"}-like objects.

• #​12204, #​12264: Fixed a regression in pytest 8.0 where tracebacks get longer and longer when multiple
  tests fail due to a shared higher-scope fixture which raised -- by bluetech{.interpreted-text role="user"}.

  Also fixed a similar regression in pytest 5.4 for collectors which raise during setup.

  The fix necessitated internal changes which may affect some plugins:

  • FixtureDef.cached_result[2] is now a tuple (exc, tb)
    instead of exc.
  • SetupState.stack failures are now a tuple (exc, tb)
    instead of exc.

• #​12275: Fixed collection error upon encountering an abstract <abc>{.interpreted-text role="mod"} class, including abstract [unittest.TestCase]{.title-ref} subclasses.

• #​12328: Fixed a regression in pytest 8.0.0 where package-scoped parameterized items were not correctly reordered to minimize setups/teardowns in some cases.

• #​12424: Fixed crash with [assert testcase is not None]{.title-ref} assertion failure when re-running unittest tests using plugins like pytest-rerunfailures. Regressed in 8.2.2.

• #​12472: Fixed a crash when returning category "error" or "failed" with a custom test status from pytest_report_teststatus{.interpreted-text role="hook"} hook -- pbrezina{.interpreted-text role="user"}.

• #​12505: Improved handling of invalid regex patterns in pytest.raises(match=r'...') <pytest.raises>{.interpreted-text role="func"} by providing a clear error message.

• #​12580: Fixed a crash when using the cache class on Windows and the cache directory was created concurrently.

• #​6962: Parametrization parameters are now compared using [==]{.title-ref} instead of [is]{.title-ref} ([is]{.title-ref} is still used as a fallback if the parameter does not support [==]{.title-ref}).
  This fixes use of parameters such as lists, which have a different [id]{.title-ref} but compare equal, causing fixtures to be re-computed instead of being cached.

• #​7166: Fixed progress percentages (the [ 87%] at the edge of the screen) sometimes not aligning correctly when running with pytest-xdist -n.

Improved documentation

• #​12153: Documented using PYTEST_VERSION{.interpreted-text role="envvar"} to detect if code is running from within a pytest run.

• #​12469: The external plugin mentions in the documentation now avoid mentioning
  setuptools entry-points <setuptools:index>{.interpreted-text role="std:doc"} as the concept is
  much more generic nowadays. Instead, the terminology of "external",
  "installed", or "third-party" plugins (or packages) replaces that.

  -- by webknjaz{.interpreted-text role="user"}

• #​12577: [CI]{.title-ref} and [BUILD_NUMBER]{.title-ref} environment variables role is discribed in
  the reference doc. They now also appear when doing [pytest -h]{.title-ref}
  -- by MarcBresson{.interpreted-text role="user"}.

Contributor-facing changes

• #​12467: Migrated all internal type-annotations to the python3.10+ style by using the [annotations]{.title-ref} future import.

  -- by RonnyPfannschmidt{.interpreted-text role="user"}

• #​11771, #​12557: The PyPy runtime version has been updated to 3.9 from 3.8 that introduced
  a flaky bug at the garbage collector which was not expected to fix there
  as the 3.8 is EoL.

  -- by x612skm{.interpreted-text role="user"}

• #​12493: The change log draft preview integration has been refactored to use a
  third party extension sphinxcontib-towncrier. The previous in-repo
  script was putting the change log preview file at
  doc/en/_changelog_towncrier_draft.rst{.interpreted-text role="file"}. Said file is no longer
  ignored in Git and might show up among untracked files in the
  development environments of the contributors. To address that, the
  contributors can run the following command that will clean it up:

  $ git clean -x -i -- doc/en/_changelog_towncrier_draft.rst

  -- by webknjaz{.interpreted-text role="user"}

• #​12498: All the undocumented tox environments now have descriptions.
  They can be listed in one's development environment by invoking
  tox -av in a terminal.

  -- by webknjaz{.interpreted-text role="user"}

• #​12501: The changelog configuration has been updated to introduce more accurate
  audience-tailored categories. Previously, there was a trivial
  change log fragment type with an unclear and broad meaning. It was
  removed and we now have contrib, misc and packaging in
  place of it.

  The new change note types target the readers who are downstream
  packagers and project contributors. Additionally, the miscellaneous
  section is kept for unspecified updates that do not fit anywhere else.

  -- by webknjaz{.interpreted-text role="user"}

• #​12502: The UX of the GitHub automation making pull requests to update the
  plugin list has been updated. Previously, the maintainers had to close
  the automatically created pull requests and re-open them to trigger the
  CI runs. From now on, they only need to click the [Ready for review]{.title-ref}
  button instead.

  -- by webknjaz{.interpreted-text role="user"}

• #​12522: The :pull: RST role has been replaced with a shorter
  :pr: due to starting to use the implementation from
  the third-party sphinx-issues{.interpreted-text role="pypi"} Sphinx extension
  -- by webknjaz{.interpreted-text role="user"}.

• #​12531: The coverage reporting configuration has been updated to exclude
  pytest's own tests marked as expected to fail from the coverage
  report. This has an effect of reducing the influence of flaky
  tests on the resulting number.

  -- by webknjaz{.interpreted-text role="user"}

• #​12533: The extlinks Sphinx extension is no longer enabled. The :bpo:
  role it used to declare has been removed with that. BPO itself has
  migrated to GitHub some years ago and it is possible to link the
  respective issues by using their GitHub issue numbers and the
  :issue: role that the sphinx-issues extension implements.

  -- by webknjaz{.interpreted-text role="user"}

• #​12562: Possible typos in using the :user: RST role is now being linted
  through the pre-commit tool integration -- by webknjaz{.interpreted-text role="user"}.

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 2 package(s) with incompatible licenses
• ❌ 1 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

License Issues

poetry.lock

Package	Version	License	Issue Type
astroid	3.2.4	LGPL-2.0-only AND LGPL-2.1-or-later	Incompatible License
pylint	3.2.6	GPL-2.0-only AND GPL-2.0-or-later	Incompatible License
mypy	1.11.0	MIT AND NOASSERTION AND Python-2.0	Invalid SPDX License

Allowed Licenses: 0BSD, Apache-2.0, Apache-2.0 AND MIT, Apache-2.0 AND BSD-3-Clause AND Python-2.0, Beerware, BlueOak-1.0.0, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-Patent, BSD-2-Clause-Views, BSD-2-Clause AND MIT, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSL-1.0, CC-BY-3.0, CC-BY-4.0, CC0-1.0, CNRI-Python, curl, HPND, IBM-pibs, ImageMagick, ISC, JSON, MIT, MIT-0, MIT AND ISC, MIT AND Python-2.0, MIT-advertising, mpi-permissive, NCSA, ODC-By-1.0, PDDL-1.0, Plexus, PostgreSQL, PSF-2.0, Python-2.0, Python-2.0.1, SAX-PD, Unlicense, UPL-1.0, W3C, Wsuipa, WTFPL, X11, X11-distribute-modifications-variant, Xerox, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
pip/astroid	3.2.4	🟢 7.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/mypy	1.11.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 6 Found 20/29 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pre-commit	3.8.0	🟢 5.2	Details Check Score Reason Code-Review ⚠️ 2 Found 1/5 approved changesets -- score normalized to 2 Maintained 🟢 10 20 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pylint	3.2.6	🟢 7.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/pytest	8.3.2	🟢 6.2	Details Check Score Reason Code-Review 🟢 8 Found 7/8 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/astroid	3.2.2	🟢 7.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/mypy	1.10.1	🟢 5.4	Details Check Score Reason Code-Review 🟢 6 Found 20/29 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pre-commit	3.7.1	🟢 5.2	Details Check Score Reason Code-Review ⚠️ 2 Found 1/5 approved changesets -- score normalized to 2 Maintained 🟢 10 20 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pylint	3.2.5	🟢 7.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/pytest	8.2.2	🟢 6.2	Details Check Score Reason Code-Review 🟢 8 Found 7/8 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

poetry.lock

• astroid@3.2.4
• mypy@1.11.0
• pre-commit@3.8.0
• pylint@3.2.6
• pytest@8.3.2
• astroid@3.2.2
• mypy@1.10.1
• pre-commit@3.7.1
• pylint@3.2.5
• pytest@8.2.2

pyproject.toml

• mypy@1.11.0
• pre-commit@3.8.0
• pylint@3.2.6
• pytest@8.3.2
• mypy@1.10.1
• pre-commit@3.7.1
• pylint@3.2.5
• pytest@8.2.2