Bump the gaudi-openshift group in /enterprise/redhat/openshift-ai/gaudi/docker with 23 updates

[dependabot]

Updates the requirements on matplotlib, pandas, plotly, scipy, skl2onnx, codeflare-sdk, pymongo, psycopg, mysql-connector-python, jupyterlab, jupyter-bokeh, jupyter-server, jupyter-server-proxy, jupyterlab-git, jupyterlab-lsp, jupyterlab-widgets, jupyter-resource-usage, nbdime, nbgitpuller, autopep8, flake8, wheel and aiohttp to permit the latest version.
Updates matplotlib to 3.9.2

Release notes

Sourced from matplotlib's releases.

REL: 3.9.2

This is the second bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

• Be more resilient to I/O failures when writing font cache
• Fix nondeterministic behavior with subplot spacing and constrained layout
• Fix sticky edge tolerance relative to data range
• Improve formatting of image values in cases of singular norms

Windows wheels now bundle the MSVC runtime DLL statically to avoid inconsistencies with other wheels and random crashes depending on import order.

Commits

• a254b68 REL: 3.9.2
• 056f307 DOC: Create release notes for 3.9.2
• 8d867ce Merge branch 'v3.9.1-doc' into v3.9.x
• 7be8675 Merge pull request #28687 from QuLogic/static-msvc
• 3ed3d7b Merge pull request #28695 from meeseeksmachine/auto-backport-of-pr-27797-on-v...
• 8a62afa BLD: Include MSVCP140 runtime statically
• 81be26f Merge pull request #28688 from QuLogic/auto-backport-of-pr-28668-on-v3.9.x
• d88a582 Backport PR #27797: DOC: Use video files for saving animations
• e3159ba Merge pull request #28692 from meeseeksmachine/auto-backport-of-pr-28632-on-v...
• 465401e Backport PR #28632: DOC: Tell sphinx-gallery to link mpl_toolkits from our build
• Additional commits viewable in compare view

Updates pandas to 2.2.2

Release notes

Sourced from pandas's releases.

Pandas 2.2.2

We are pleased to announce the release of pandas 2.2.2. This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.2.2 supports Python 3.9 and higher.

The release will be available on the defaults and conda-forge channels:

conda install pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• d9cdd2e RLS: 2.2.2
• 98aeac9 Backport PR #58209: CI: Pin blosc to fix pytables (#58211)
• 5466f15 Backport PR #58202: DOC/TST: Document numpy 2.0 support and add tests… (#58208)
• 45b0b32 Backport PR #58203 on branch 2.2.x (DOC: Add release date/contributors for 2....
• c7ec566 Backport PR #58087 on branch 2.2.x (BLD: Build wheels using numpy 2.0rc1) (#5...
• 691fc88 Backport PR #58181 on branch 2.2.x (CI: correct error msg in test_view_index)...
• a947587 Backport PR #58138 on branch 2.2.x (BLD: Fix nightlies not building) (#58140)
• b56842d Backport PR #58100 on branch 2.2.x (MNT: fix compatibility with beautifulsoup...
• 0f83d50 Revert "BLD: Pin numpy on 2.2.x" (#58093)
• e9b81ee Backport PR #58126: BLD: Build wheels with numpy 2.0rc1 (#58127)
• Additional commits viewable in compare view

Updates plotly to 5.24.1

Release notes

Sourced from plotly's releases.

v5.24.1

Updated

• Updated Plotly.js from version 2.35.0 to version 2.35.2. See the plotly.js CHANGELOG for more information.

Changelog

Sourced from plotly's changelog.

[5.24.1] - 2024-09-12

Updated

• Updated Plotly.js from version 2.35.0 to version 2.35.2. See the plotly.js CHANGELOG for more information.

[5.24.0] - 2024-08-29

Added

• New px functions for maps: scatter_map, line_map, choropleth_map, and density_map.

Updated

• Updated Plotly.js from version 2.34.0 to version 2.35.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:

  • Add new traces: scattermap, choroplethmap and densitymap and map subplots which use maplibre to render maps [#7015, #7060, #7085, #7088, #7090, #7092, #7094, #7134]
  • Deprecate mapbox traces and mapbox subplot [#7087]

• Fixed a bug in integer validation of arrays that threw an error when an array contained a mix of strings and integers.

[5.23.0] - 2024-07-23

Updated

• Updated Plotly.js from version 2.32.0 to version 2.34.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
  • Add subtitle attribute to layout.title to enable adding subtitles to plots [#7012]
  • Introduce "u" and "s" pseudo html tags to add partial underline and strike-through styles to SVG text elements [#7043]
  • Add geometric mean functionality and 'geometric mean ascending' + 'geometric mean descending' to category_order on cartesian axes [#6223], with thanks to @​acxz and @​prabhathc for the contribution!
  • Add axis property ticklabelindex for drawing the label for each minor tick n positions away from a major tick, with thanks to @​my-tien for the contribution! [#7036]
  • Add property ticklabelstandoff and ticklabelshift to cartesian axes to adjust positioning of tick labels, with thanks to @​my-tien for the contribution! [#7006]
  • Add x0shift, x1shift, y0shift, y1shift to shapes to add control over positioning of shape vertices on (multi-)category axes, with thanks to @​my-tien for the contribution! [#7005]
• Specify Python version 3.8-3.11 for development virtual environments and pin pytest at version 8.1.1 to match.
• Update IntegerValidator to handle extras option to allow supporting additional keyword values. For example, 'bold' and 'normal' as well as integers as used in font weights #4612.

[5.22.0] - 2024-05-01

Updated

• Updated Plotly.js from version 2.31.1 to version 2.32.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
  • Add "bold" weight, "italic" style and "small-caps" variant options to fonts #6956
  • Fix applying autotickangles on axes with showdividers as well as cases where tickson is set to "boundaries" #6967, with thanks to @​my-tien for the contribution!
  • Fix positioning of multi-line axis titles with standoff #6970, with thanks to @​my-tien for the contribution!

[5.21.0] - 2024-04-17

Updated

• Updated Plotly.js from version 2.30.0 to version 2.31.1. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
  • Add zorder attribute to various cartesian traces for controlling stacking order of SVG traces drawn into a subplot [#6918, #6953],

... (truncated)

Commits

• 5d79b80 update release date
• 2cff569 Merge branch 'master' into release-5.24.1
• 5182afd Merge pull request #4765 from plotly/update-plotly-js-version-2-35-2
• d52f2a2 update plotly.js to 2.35.2
• 481a438 version changes for v5.24.1
• ef4eb44 Merge pull request #4757 from plotly/update-plotly-js-version-2-35-1
• 31e1f8f Merge branch 'master' into update-plotly-js-version-2-35-1
• 85bad44 Merge pull request #4756 from plotly/update-master-with-docs-changes
• c72b77e Update package-lock.json
• e5333de update plotly.js to 2.35.1
• Additional commits viewable in compare view

Updates scipy to 1.14.1

Release notes

Sourced from scipy's releases.

SciPy 1.14.1 Release Notes

SciPy 1.14.1 adds support for Python 3.13, including binary wheels on PyPI. Apart from that, it is a bug-fix release with no new features compared to 1.14.0.

Authors

• Name (commits)
• h-vetinari (1)
• Evgeni Burovski (1)
• CJ Carey (2)
• Lucas Colley (3)
• Ralf Gommers (3)
• Melissa Weber Mendonça (1)
• Andrew Nelson (3)
• Nick ODell (1)
• Tyler Reddy (36)
• Daniel Schmitz (1)
• Dan Schult (4)
• Albert Steppi (2)
• Ewout ter Hoeven (1)
• Tibor Völcker (2) +
• Adam Turner (1) +
• Warren Weckesser (2)
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits

• 92d2a85 REL: 1.14.1 rel commit [wheel build]
• 85623a1 Merge pull request #21362 from tylerjereddy/treddy_1.14.1_backports
• d924005 MAINT: PR 21362 revisions [wheel build]
• b901a4e MAINT, CI: PR 21362 revisions [wheel build]
• 2a7ec60 MAINT, BLD: PR 21362 revisions [wheel build]
• f4f084d MAINT, CI: PR 21362 revisions [wheel build]
• b712fc6 DOC: update 1.14.1 relnotes [wheel build]
• cdd5aca MAINT: special: Accommodate changed integer handling in NumPy 2.0. (#21401)
• 0f91838 BLD: cp313 wheels on manylinux_aarch64 (#21409)
• 6dd0b00 MAINT, CI: wheel build changes [wheel build]
• Additional commits viewable in compare view

Updates skl2onnx to 1.17.0

Release notes

Sourced from skl2onnx's releases.

1.17.0

• Upgrade the maximum supported opset to 21, update requirements to scikit-learn>=1.1, older versions are not tested anymore, #1098
• Support infrequent categories for OneHotEncoder #1029
• Support kernel Matern in Gaussian Process #978
• Fix for multidimensional gaussian process #1097
• Minor fixes to support scikit-learn==1.5.0 #1095
• Fix the conversion of pipeline including pipelines, issue #1069, #1072
• Fix unexpected type for intercept in PoissonRegressor and GammaRegressor #1070
• Add support for scikit-learn 1.4.0, #1058, fixes issues Many examples in the gallery are showing "broken", TFIDF vectorizer target_opset issue, Tfidfvectorizer with sublinear_tf fails, despite opset version set to greater than 11.

Changelog

Sourced from skl2onnx's changelog.

1.17.0 (development)

• Upgrade the maximum supported opset to 21, update requirements to scikit-learn>=1.1, older versions are not tested anymore, #1098
• Support infrequent categories for OneHotEncoder #1029
• Support kernel Matern in Gaussian Process #978
• Fix for multidimensional gaussian process #1097
• Minor fixes to support scikit-learn==1.5.0 #1095
• Fix the conversion of pipeline including pipelines, issue #1069, #1072
• Fix unexpected type for intercept in PoissonRegressor and GammaRegressor #1070
• Add support for scikit-learn 1.4.0, #1058, fixes issues Many examples in the gallery are showing "broken", TFIDF vectorizer target_opset issue, Tfidfvectorizer with sublinear_tf fails, despite opset version set to greater than 11.

1.16.0

• Supports cosine distance (LocalOutlierFactor, ...) #1050,
• Supports multiple columns for OrdinalEncoder #1044 (by @​max-509)
• Add an example on how to handle FunctionTransformer #1042, Versions of scikit-learn < 1.0 are not tested any more.
• Supports lists of strings as inputs for FeatureHasher #1025, #1036
• skl2onnx works with onnx==1.15.0, #1034
• fix OneHotEncoder when categories indices to drop are not None #1028
• fix converter for AdaBoost estimators in scikit-learn==1.3.1 #1027
• add function 'add_onnx_graph' to insert onnx graph coming from other converting,
  libraries within the converter mapped to a custom estimator #1023, #1024
• add option 'language' to converters of CountVectorizer, TfIdfVectorizer #1020

Commits

• 4dad29e Upgrade max supported opset version (#1098)
• c4a9de3 Add kernel Matern for gaussian process (#978)
• 8a09ebc [WIP] Supports infrequent category with OneHotEncoder (#1029)
• a63f71f Fix for multidimensional gaussian process (#1097)
• 80a5d14 StringNormalizer drops strings when they only contain stop words (#1031)
• 9511028 Fix the converters for scikit-learn==1.5.0 (#1095)
• 0785722 Increase last supported opset to 19 in readme (#1087)
• 49473d6 Extend CI to test with onnxruntime==1.18.0 (#1093)
• d2029c1 Investigate issue 1069 (#1072)
• 26447bc typo (#1085)
• Additional commits viewable in compare view

Updates codeflare-sdk to 0.20.2

Release notes

Sourced from codeflare-sdk's releases.

v0.20.2

What's Changed

• [FIX] generate cert functionality by @​Bobbins228 in project-codeflare/codeflare-sdk#658
• Remove Notebook Image Build and Push steps from release workflow by @​Fiona-Waters in project-codeflare/codeflare-sdk#657
• Changes in docs for release: v0.20.2 by @​codeflare-machine-account in project-codeflare/codeflare-sdk#660

Full Changelog: project-codeflare/codeflare-sdk@v0.20.0...v0.20.2

Commits

• a22b5ae Changes in docs for release: v0.20.2
• d47419c Remove Notebook Image Build and Push steps from release workflow
• be64fb5 test(unit_test.py): update unit test for test_generate_tls_cert
• 323e1ae fix(generate_cert.py): add get_secret_name function to solve issues with auto...
• 261da3f RHOAIENG-10371 - Clean up content of cells in SDK demo notebooks
• 95b2165 Update notebooks and docs with updated Cluster Configuration args
• ee307a9 Add provision in odh-sync workflow to adjust Pipfile.cpu and Pipfile.gpu with...
• a146547 Increase memory for ray head pod
• de2bd73 Update s3 bucket endpoint url to remove https prefix (#643)
• 6f58a8b Allow setuptools to use previous versions for compatibility
• Additional commits viewable in compare view

Updates pymongo to 4.8.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.8.0

Changes in Version 4.8.0

PyMongo 4.8 brings a number of improvements including:

• The handshake metadata for "os.name" on Windows has been simplified to "Windows" to improve import time.
• The repr of bson.binary.Binary is now redacted when the subtype is SENSITIVE_SUBTYPE(8).
• Secure Software Development Life Cycle automation for release process. GitHub Releases now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.
• Fixed a bug in change streams where both startAtOperationTime and resumeToken could be added to a retry attempt, which caused the retry to fail.
• Fallback to stdlib ssl module when pyopenssl import fails with AttributeError.
• Improved performance of MongoClient operations, especially when many operations are being run concurrently.

Unavoidable breaking changes

• Since we are now using hatch as our build backend, we no longer have a usable setup.py file and require installation using pip. Attempts to invoke the setup.py file will raise an exception. Additionally, pip >= 21.3 is now required for editable installs.

Issues Resolved

See the PyMongo 4.8 release notes in JIRA for the list of resolved issues in this release.

---

Full Changelog: mongodb/mongo-python-driver@4.7.1...4.8.0

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.8.0

.. warning:: PyMongo 4.8 drops support for Python 3.7 and PyPy 3.8: Python 3.8+ or PyPy 3.9+ is now required.

PyMongo 4.8 brings a number of improvements including:

• The handshake metadata for "os.name" on Windows has been simplified to "Windows" to improve import time.
• The repr of bson.binary.Binary is now redacted when the subtype is SENSITIVE_SUBTYPE(8).
• Secure Software Development Life Cycle automation for release process. GitHub Releases now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.
• Fixed a bug in change streams where both startAtOperationTime and resumeToken could be added to a retry attempt, which caused the retry to fail.
• Fallback to stdlib ssl module when pyopenssl import fails with AttributeError.
• Improved performance of MongoClient operations, especially when many operations are being run concurrently.

Unavoidable breaking changes ............................

• Since we are now using hatch as our build backend, we no longer have a usable setup.py file and require installation using pip. Attempts to invoke the setup.py file will raise an exception. Additionally, pip >= 21.3 is now required for editable installs.

Issues Resolved ...............

See the PyMongo 4.8 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.8 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37057

Changes in Version 4.7.3

Version 4.7.3 has further fixes for lazily loading modules.

• Use deferred imports instead of importlib lazy module loading.
• Improve import time on Windows.
• Reduce verbosity of "Waiting for suitable server to become available" log message from info to debug.

Issues Resolved ...............

See the PyMongo 4.7.3 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.7.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=39865

Changes in Version 4.7.2

... (truncated)

Commits

• d504d14 BUMP 4.8.0
• ab9e748 PYTHON-4515 Improve 4.8 changelog (#1713)
• 2fdf707 PYTHON-4507 [v4.8] pip>=21.3 is required for editable installs (#1711)
• 5139adb PYTHON-4515 [v4.8] Update changelog for 4.8 (#1710)
• b3c55ff BUMP 4.8.0.dev1
• 113b9da BUMP 4.8.0b0
• 585411a PYTHON-4388 [v4.8] Fix security events handling in release workflow again (#1...
• f1f4938 PYTHON-4388 [v4.8] Fix permissions in release workflow (#1708)
• a0d232b PYTHON-4499 [v4.8] Log pymongo.connection at DEBUG without EventListeners (#1...
• 14ed482 PYTHON-4388 [v4.8] Fix dist handling in SSDLC workflow (#1706)
• Additional commits viewable in compare view

Updates psycopg to 3.2.1

Changelog

Sourced from psycopg's changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.2.2 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

• Drop !TypeDef specifications as string from public modules, as they cannot be composed by users as !typing objects previously could (:ticket:[#860](https://github.com/psycopg/psycopg/issues/860)).

Current release

Psycopg 3.2.1 ^^^^^^^^^^^^^

• Fix packaging metadata breaking [c], [binary] dependencies (:ticket:[#853](https://github.com/psycopg/psycopg/issues/853)).

Psycopg 3.2

.. rubric:: New top-level features

• Add support for integer, floating point, boolean NumPy scalar types__ (:ticket:[#332](https://github.com/psycopg/psycopg/issues/332)).
• Add !timeout and !stop_after parameters to Connection.notifies() (:ticket:340).
• Allow dumpers to return !None, to be converted to NULL (:ticket:[#377](https://github.com/psycopg/psycopg/issues/377)).
• Add :ref:raw-query-cursors to execute queries using placeholders in PostgreSQL format ($1, $2...) (:tickets:[#560](https://github.com/psycopg/psycopg/issues/560), [#839](https://github.com/psycopg/psycopg/issues/839)).
• Add capabilities object to :ref:inspect the libpq capabilities <capabilities> (:ticket:[#772](https://github.com/psycopg/psycopg/issues/772)).
• Add ~rows.scalar_row to return scalar values from a query (:ticket:[#723](https://github.com/psycopg/psycopg/issues/723)).
• Add ~Connection.cancel_safe() for encrypted and non-blocking cancellation when using libpq v17. Use such method internally to implement !KeyboardInterrupt and ~cursor.copy termination (:ticket:[#754](https://github.com/psycopg/psycopg/issues/754)).
• The !context parameter of sql objects ~sql.Composable.as_string() and ~sql.Composable.as_bytes() methods is now optional (:ticket:[#716](https://github.com/psycopg/psycopg/issues/716)).
• Add ~Connection.set_autocommit() on sync connections, and similar

... (truncated)

Commits

• bb47d39 chore: bump psycopg package version to 3.2.1
• 55490a2 fix: fix versions in packaging metadata
• 1cbc42a docs: fix title level of major releases
• 06a6e5e docs: mention dropping Python 3.7 in psycopg 3.2 release
• ea3735d docs: better organization of the 3.2 release notes
• 896eee2 chore: bump psycopg package version to 3.2.0
• 2e2f4d7 chore: bump psycopg package version to 3.1.20
• 7369d3b Merge pull request #846 from eli-schwartz/tomllib
• 6672c70 style: shorter line in pyproject.toml
• a517bb4 build: avoid installing tomli on recent python
• Additional commits viewable in compare view

Updates mysql-connector-python to 9.0.0

Updates jupyterlab to 4.2.5

Release notes

Sourced from jupyterlab's releases.

v4.2.5

4.2.5

(Full Changelog)

Bugs fixed

• Use locale name instead of display/native name to toggle language #16710 (@​maitreya2954)
• Prevent replacing code with find and replace in read-only cells #16682 (@​itsmevichu)
• Do not block shift-click mouse up handler on active cell #16647 (@​EdsterG)

Maintenance and upkeep improvements

• Bump braces from 3.0.2 to 3.0.3 #16486 (@​dependabot[bot])

Documentation improvements

• Fix JupyterLab install instructions in the debugger docs #16683 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart | @​fcollonval | @​github-actions | @​HaudinFlorence | @​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Mehak261124 | @​Rob-P-Smith | @​tonyfast | @​welcome | @​williamstein

Changelog

Sourced from jupyterlab's changelog.

4.2.5

(Full Changelog)

Bugs fixed

• Use locale name instead of display/native name to toggle language #16710 (@​maitreya2954)
• Prevent replacing code with find and replace in read-only cells #16682 (@​itsmevichu)
• Do not block shift-click mouse up handler on active cell #16647 (@​EdsterG)

Maintenance and upkeep improvements

• Bump braces from 3.0.2 to 3.0.3 #16486 (@​dependabot[bot])

Documentation improvements

• Fix JupyterLab install instructions in the debugger docs #16683 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart | @​fcollonval | @​github-actions | @​HaudinFlorence | @​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Mehak261124 | @​Rob-P-Smith | @​tonyfast | @​welcome | @​williamstein

4.2.4

(Full Changelog)

Bugs fixed

• Fix the identifier to download licenses in JSON format #16584 (@​joaopalmeiro)
• Update JupyterLab wordmark color #16567 (@​joaopalmeiro)
• Add customisation options to prevent inline completer resizing aggressively #16507 (@​krassowski)
• Fix license table CSS selector to apply the selected row styles #16547 (@​joaopalmeiro)

Maintenance and upkeep improvements

• Bump ws from 8.12.0 to 8.17.1 #16495 (@​dependabot[bot])

Documentation improvements

• Fix galata docs on overriding tmpPath #16587 (@​krassowski)
• Align extension migration docs with the latest extension template #16450 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

... (truncated)

Commits

• a046125 [ci skip] Publish 4.2.5
• 88e24ba Merge commit from fork
• 58d7535 Backport PR #16710: Use locale name instead of display/native name to toggle ...
• 524f71d Backport PR #16486: Bump braces from 3.0.2 to 3.0.3 (#16699)
• 7bf7ec5 Backport PR #16682: Prevent replacing code with find and replace in read-only...
• 355cbd5 Backport PR #16683: Fix JupyterLab install instructions in the debugger docs ...
• 1fa4474 Backport PR #16647: Do not block shift-click mouse up handler on active cell ...
• c639643 [ci skip] Publish 4.2.4
• 8f78e27 Backport PR #16450 on branch 4.2.x (Align extension migration docs with the l...
• 9223530 Backport PR #16507: Add customisation options to prevent inline completer res...
• Additional commits viewable in compare view

Updates jupyter-bokeh to 4.0.5

Commits

• e02ee6d jupyter_bokeh 4.0.5
• 028343a fix column events (#206)
• 3fee226 jupyter_bokeh 4.0.4
• 33d4e52 Ensure messages are deduplicated based on model id (#205)
• 58e8954 jupyter_bokeh 4.0.3
• ee1eb50 Do not drop events while blocked (#204)
• 38d8fd5 jupyter_bokeh 4.0.2
• 5f0075f Only serialize models not already known to a document (#202)
• 9a55cac jupyter_bokeh 4.0.1
• 3704840 relax constraints to facilitate jupyterlab 4.0 conda build (#200)
• Additional commits viewable in compare view

Updates jupyter-server to 2.14.2

Release notes

Sourced from jupyter-server's releases.

v2.14.2

2.14.2

(Full Changelog)

Bugs fixed

• Pass session_id during Websocket connect #1440 (@​gogasca)
• Do not log environment variables passed to kernels #1437 (@​krassowski)

Maintenance and upkeep improvements

• chore: update pre-commit hooks #1441 (@​pre-commit-ci)
• chore: update pre-commit hooks #1427 (@​pre-commit-ci)

Documentation improvements

• Update documentation for cookie_secret #1433 (@​krassowski)
• Add Changelog for 2.14.1 #1430 (@​blink1073)
• Update simple extension examples: _jupyter_server_extension_points #1426 (@​manics)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​gogasca | @​krassowski | @​manics | @​pre-commit-ci

Changelog

Sourced from jupyter-server's changelog.

2.14.2

(Full Changelog)

Bugs fixed

• Pass session_id during Websocket connect #1440 (@​gogasca)
• Do not log environment variables passed to kernels #1437 (@​krassowski)

Maintenance and upkeep improvements

• chore: update pre-commit hooks #1441 (@​pre-commit-ci)
• chore: u...

  Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 6 package(s) with unknown licenses.

See the Details below.

License Issues

enterprise/redhat/openshift-ai/gaudi/docker/requirements.txt

Package	Version	License	Issue Type
psycopg	~> 3.2.1	Null	Unknown License
matplotlib	~> 3.9.2	Null	Unknown License
flake8	~> 7.1.1	Null	Unknown License
jupyterlab	~> 4.2.5	Null	Unknown License
mysql-connector-python	~> 9.0.0	Null	Unknown License
nbdime	~> 4.0.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/aiohttp	3.10.5	🟢 6.7	Details Check Score Reason Code-Review 🟢 3 Found 7/18 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases.
pip/autopep8	~> 2.3.1	🟢 6.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Maintained 🟢 10 28 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/codeflare-sdk	~> 0.20.2	Unknown	Unknown
pip/flake8	~> 7.1.1	🟢 6	Details Check Score Reason Maintained 🟢 10 8 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 5/10 approved changesets -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/jupyter-bokeh	~> 4.0.5	🟢 3.8	Details Check Score Reason Code-Review 🟢 3 Found 6/18 approved changesets -- score normalized to 3 Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities 🟢 5 5 existing vulnerabilities detected
pip/jupyter-resource-usage	~> 1.1.0	🟢 3.6	Details Check Score Reason Code-Review 🟢 3 Found 6/16 approved changesets -- score normalized to 3 Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/jupyter-server	~> 2.14.2	Unknown	Unknown
pip/jupyter-server-proxy	~> 4.4.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 5 Found 6/11 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/jupyterlab	~> 4.2.5	🟢 5.5	Details Check Score Reason Code-Review 🟢 8 Found 25/28 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected
pip/jupyterlab-git	~> 0.50.1	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Maintained 🟢 5 4 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
pip/jupyterlab-lsp	~> 5.1.0	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 1 Found 2/11 approved changesets -- score normalized to 1 Maintained 🟢 4 1 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
pip/jupyterlab-widgets	~> 3.0.13	🟢 4.4	Details Check Score Reason Code-Review 🟢 6 Found 18/29 approved changesets -- score normalized to 6 Maintained 🟢 10 22 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
pip/matplotlib	~> 3.9.2	🟢 8.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Packaging 🟢 10 packaging workflow detected
pip/mysql-connector-python	~> 9.0.0	🟢 3.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/nbdime	~> 4.0.2	🟢 4.8	Details Check Score Reason Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Maintained 🟢 10 10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
pip/nbgitpuller	~> 1.2.1	🟢 5.3	Details Check Score Reason Code-Review 🟢 6 Found 5/8 approved changesets -- score normalized to 6 Maintained 🟢 5 4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pandas	~> 2.2.2	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 8 25 out of last 30 changesets reviewed before merge -- score normalized to 8 Contributors 🟢 10 47 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing 🟢 10 project is fuzzed with [OSSFuzz] License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 7 SAST tool detected but not run on all commmits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Vulnerabilities 🟢 10 no vulnerabilities detected
pip/plotly	~> 5.24.1	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
pip/psycopg	~> 3.2.1	Unknown	Unknown
pip/pymongo	~> 4.8.0	🟢 6.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases 🟢 8 1 out of the last 1 releases have a total of 1 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during GetBranch(v3.12): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits
pip/scipy	~> 1.14.1	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 19/20 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(maintenance/1.11.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/skl2onnx	~> 1.17.0	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Maintained 🟢 10 5 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/wheel	~> 0.44.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 3 Found 9/26 approved changesets -- score normalized to 3 Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3

Scanned Manifest Files

enterprise/redhat/openshift-ai/gaudi/docker/requirements.txt

• aiohttp@3.10.5
• autopep8@~> 2.3.1
• codeflare-sdk@~> 0.20.2
• flake8@~> 7.1.1
• jupyter-bokeh@~> 4.0.5
• jupyter-resource-usage@~> 1.1.0
• jupyter-server@~> 2.14.2
• jupyter-server-proxy@~> 4.4.0
• jupyterlab@~> 4.2.5
• jupyterlab-git@~> 0.50.1
• jupyterlab-lsp@~> 5.1.0
• jupyterlab-widgets@~> 3.0.13
• matplotlib@~> 3.9.2
• mysql-connector-python@~> 9.0.0
• nbdime@~> 4.0.2
• nbgitpuller@~> 1.2.1
• pandas@~> 2.2.2
• plotly@~> 5.24.1
• psycopg@~> 3.2.1
• pymongo@~> 4.8.0
• scipy@~> 1.14.1
• skl2onnx@~> 1.17.0
• wheel@~> 0.44.0
• aiohttp@3.10.2
• autopep8@~> 2.0.4
• codeflare-sdk@~> 0.18.0
• flake8@~> 7.0.0
• jupyter-bokeh@~> 3.0.7
• jupyter-resource-usage@~> 0.7.2
• jupyter-server@~> 2.14.1
• jupyter-server-proxy@~> 4.2.0
• jupyterlab@~> 3.6.7
• jupyterlab-git@~> 0.44.0
• jupyterlab-lsp@~> 4.2.0
• jupyterlab-widgets@~> 3.0.10
• matplotlib@~> 3.8.3
• mysql-connector-python@~> 8.3.0
• nbdime@~> 3.2.1
• nbgitpuller@~> 1.2.0
• pandas@~> 2.2.0
• plotly@~> 5.20.0
• psycopg@~> 3.1.18
• pymongo@~> 4.6.2
• scipy@~> 1.12.0
• skl2onnx@~> 1.16.0
• wheel@~> 0.43.0

[dependabot]

Superseded by #389.