Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the gaudi-openshift group in /enterprise/redhat/openshift-ai/gaudi/docker with 23 updates #384

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 12, 2024

Updates the requirements on matplotlib, pandas, plotly, scipy, skl2onnx, codeflare-sdk, pymongo, psycopg, mysql-connector-python, jupyterlab, jupyter-bokeh, jupyter-server, jupyter-server-proxy, jupyterlab-git, jupyterlab-lsp, jupyterlab-widgets, jupyter-resource-usage, nbdime, nbgitpuller, autopep8, flake8, wheel and aiohttp to permit the latest version.
Updates matplotlib to 3.9.2

Release notes

Sourced from matplotlib's releases.

REL: 3.9.2

This is the second bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

  • Be more resilient to I/O failures when writing font cache
  • Fix nondeterministic behavior with subplot spacing and constrained layout
  • Fix sticky edge tolerance relative to data range
  • Improve formatting of image values in cases of singular norms

Windows wheels now bundle the MSVC runtime DLL statically to avoid inconsistencies with other wheels and random crashes depending on import order.

Commits
  • a254b68 REL: 3.9.2
  • 056f307 DOC: Create release notes for 3.9.2
  • 8d867ce Merge branch 'v3.9.1-doc' into v3.9.x
  • 7be8675 Merge pull request #28687 from QuLogic/static-msvc
  • 3ed3d7b Merge pull request #28695 from meeseeksmachine/auto-backport-of-pr-27797-on-v...
  • 8a62afa BLD: Include MSVCP140 runtime statically
  • 81be26f Merge pull request #28688 from QuLogic/auto-backport-of-pr-28668-on-v3.9.x
  • d88a582 Backport PR #27797: DOC: Use video files for saving animations
  • e3159ba Merge pull request #28692 from meeseeksmachine/auto-backport-of-pr-28632-on-v...
  • 465401e Backport PR #28632: DOC: Tell sphinx-gallery to link mpl_toolkits from our build
  • Additional commits viewable in compare view

Updates pandas to 2.2.2

Release notes

Sourced from pandas's releases.

Pandas 2.2.2

We are pleased to announce the release of pandas 2.2.2. This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.2.2 supports Python 3.9 and higher.

The release will be available on the defaults and conda-forge channels:

conda install pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

Updates plotly to 5.24.1

Release notes

Sourced from plotly's releases.

v5.24.1

Updated

  • Updated Plotly.js from version 2.35.0 to version 2.35.2. See the plotly.js CHANGELOG for more information.
Changelog

Sourced from plotly's changelog.

[5.24.1] - 2024-09-12

Updated

  • Updated Plotly.js from version 2.35.0 to version 2.35.2. See the plotly.js CHANGELOG for more information.

[5.24.0] - 2024-08-29

Added

  • New px functions for maps: scatter_map, line_map, choropleth_map, and density_map.

Updated

  • Updated Plotly.js from version 2.34.0 to version 2.35.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:

  • Fixed a bug in integer validation of arrays that threw an error when an array contained a mix of strings and integers.

[5.23.0] - 2024-07-23

Updated

  • Updated Plotly.js from version 2.32.0 to version 2.34.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
    • Add subtitle attribute to layout.title to enable adding subtitles to plots [#7012]
    • Introduce "u" and "s" pseudo html tags to add partial underline and strike-through styles to SVG text elements [#7043]
    • Add geometric mean functionality and 'geometric mean ascending' + 'geometric mean descending' to category_order on cartesian axes [#6223], with thanks to @​acxz and @​prabhathc for the contribution!
    • Add axis property ticklabelindex for drawing the label for each minor tick n positions away from a major tick, with thanks to @​my-tien for the contribution! [#7036]
    • Add property ticklabelstandoff and ticklabelshift to cartesian axes to adjust positioning of tick labels, with thanks to @​my-tien for the contribution! [#7006]
    • Add x0shift, x1shift, y0shift, y1shift to shapes to add control over positioning of shape vertices on (multi-)category axes, with thanks to @​my-tien for the contribution! [#7005]
  • Specify Python version 3.8-3.11 for development virtual environments and pin pytest at version 8.1.1 to match.
  • Update IntegerValidator to handle extras option to allow supporting additional keyword values. For example, 'bold' and 'normal' as well as integers as used in font weights #4612.

[5.22.0] - 2024-05-01

Updated

  • Updated Plotly.js from version 2.31.1 to version 2.32.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
    • Add "bold" weight, "italic" style and "small-caps" variant options to fonts #6956
    • Fix applying autotickangles on axes with showdividers as well as cases where tickson is set to "boundaries" #6967, with thanks to @​my-tien for the contribution!
    • Fix positioning of multi-line axis titles with standoff #6970, with thanks to @​my-tien for the contribution!

[5.21.0] - 2024-04-17

Updated

  • Updated Plotly.js from version 2.30.0 to version 2.31.1. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
    • Add zorder attribute to various cartesian traces for controlling stacking order of SVG traces drawn into a subplot [#6918, #6953],

... (truncated)

Commits
  • 5d79b80 update release date
  • 2cff569 Merge branch 'master' into release-5.24.1
  • 5182afd Merge pull request #4765 from plotly/update-plotly-js-version-2-35-2
  • d52f2a2 update plotly.js to 2.35.2
  • 481a438 version changes for v5.24.1
  • ef4eb44 Merge pull request #4757 from plotly/update-plotly-js-version-2-35-1
  • 31e1f8f Merge branch 'master' into update-plotly-js-version-2-35-1
  • 85bad44 Merge pull request #4756 from plotly/update-master-with-docs-changes
  • c72b77e Update package-lock.json
  • e5333de update plotly.js to 2.35.1
  • Additional commits viewable in compare view

Updates scipy to 1.14.1

Release notes

Sourced from scipy's releases.

SciPy 1.14.1 Release Notes

SciPy 1.14.1 adds support for Python 3.13, including binary wheels on PyPI. Apart from that, it is a bug-fix release with no new features compared to 1.14.0.

Authors

  • Name (commits)
  • h-vetinari (1)
  • Evgeni Burovski (1)
  • CJ Carey (2)
  • Lucas Colley (3)
  • Ralf Gommers (3)
  • Melissa Weber Mendonça (1)
  • Andrew Nelson (3)
  • Nick ODell (1)
  • Tyler Reddy (36)
  • Daniel Schmitz (1)
  • Dan Schult (4)
  • Albert Steppi (2)
  • Ewout ter Hoeven (1)
  • Tibor Völcker (2) +
  • Adam Turner (1) +
  • Warren Weckesser (2)
  • ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits
  • 92d2a85 REL: 1.14.1 rel commit [wheel build]
  • 85623a1 Merge pull request #21362 from tylerjereddy/treddy_1.14.1_backports
  • d924005 MAINT: PR 21362 revisions [wheel build]
  • b901a4e MAINT, CI: PR 21362 revisions [wheel build]
  • 2a7ec60 MAINT, BLD: PR 21362 revisions [wheel build]
  • f4f084d MAINT, CI: PR 21362 revisions [wheel build]
  • b712fc6 DOC: update 1.14.1 relnotes [wheel build]
  • cdd5aca MAINT: special: Accommodate changed integer handling in NumPy 2.0. (#21401)
  • 0f91838 BLD: cp313 wheels on manylinux_aarch64 (#21409)
  • 6dd0b00 MAINT, CI: wheel build changes [wheel build]
  • Additional commits viewable in compare view

Updates skl2onnx to 1.17.0

Release notes

Sourced from skl2onnx's releases.

1.17.0

Changelog

Sourced from skl2onnx's changelog.

1.17.0 (development)

1.16.0

  • Supports cosine distance (LocalOutlierFactor, ...) #1050,
  • Supports multiple columns for OrdinalEncoder #1044 (by @​max-509)
  • Add an example on how to handle FunctionTransformer #1042, Versions of scikit-learn < 1.0 are not tested any more.
  • Supports lists of strings as inputs for FeatureHasher #1025, #1036
  • skl2onnx works with onnx==1.15.0, #1034
  • fix OneHotEncoder when categories indices to drop are not None #1028
  • fix converter for AdaBoost estimators in scikit-learn==1.3.1 #1027
  • add function 'add_onnx_graph' to insert onnx graph coming from other converting,
    libraries within the converter mapped to a custom estimator #1023, #1024
  • add option 'language' to converters of CountVectorizer, TfIdfVectorizer #1020
Commits

Updates codeflare-sdk to 0.20.2

Release notes

Sourced from codeflare-sdk's releases.

v0.20.2

What's Changed

Full Changelog: project-codeflare/codeflare-sdk@v0.20.0...v0.20.2

Commits
  • a22b5ae Changes in docs for release: v0.20.2
  • d47419c Remove Notebook Image Build and Push steps from release workflow
  • be64fb5 test(unit_test.py): update unit test for test_generate_tls_cert
  • 323e1ae fix(generate_cert.py): add get_secret_name function to solve issues with auto...
  • 261da3f RHOAIENG-10371 - Clean up content of cells in SDK demo notebooks
  • 95b2165 Update notebooks and docs with updated Cluster Configuration args
  • ee307a9 Add provision in odh-sync workflow to adjust Pipfile.cpu and Pipfile.gpu with...
  • a146547 Increase memory for ray head pod
  • de2bd73 Update s3 bucket endpoint url to remove https prefix (#643)
  • 6f58a8b Allow setuptools to use previous versions for compatibility
  • Additional commits viewable in compare view

Updates pymongo to 4.8.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.8.0

Changes in Version 4.8.0

PyMongo 4.8 brings a number of improvements including:

  • The handshake metadata for "os.name" on Windows has been simplified to "Windows" to improve import time.
  • The repr of bson.binary.Binary is now redacted when the subtype is SENSITIVE_SUBTYPE(8).
  • Secure Software Development Life Cycle automation for release process. GitHub Releases now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.
  • Fixed a bug in change streams where both startAtOperationTime and resumeToken could be added to a retry attempt, which caused the retry to fail.
  • Fallback to stdlib ssl module when pyopenssl import fails with AttributeError.
  • Improved performance of MongoClient operations, especially when many operations are being run concurrently.

Unavoidable breaking changes

  • Since we are now using hatch as our build backend, we no longer have a usable setup.py file and require installation using pip. Attempts to invoke the setup.py file will raise an exception. Additionally, pip >= 21.3 is now required for editable installs.

Issues Resolved

See the PyMongo 4.8 release notes in JIRA for the list of resolved issues in this release.


Full Changelog: mongodb/mongo-python-driver@4.7.1...4.8.0

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.8.0

.. warning:: PyMongo 4.8 drops support for Python 3.7 and PyPy 3.8: Python 3.8+ or PyPy 3.9+ is now required.

PyMongo 4.8 brings a number of improvements including:

  • The handshake metadata for "os.name" on Windows has been simplified to "Windows" to improve import time.
  • The repr of bson.binary.Binary is now redacted when the subtype is SENSITIVE_SUBTYPE(8).
  • Secure Software Development Life Cycle automation for release process. GitHub Releases now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.
  • Fixed a bug in change streams where both startAtOperationTime and resumeToken could be added to a retry attempt, which caused the retry to fail.
  • Fallback to stdlib ssl module when pyopenssl import fails with AttributeError.
  • Improved performance of MongoClient operations, especially when many operations are being run concurrently.

Unavoidable breaking changes ............................

  • Since we are now using hatch as our build backend, we no longer have a usable setup.py file and require installation using pip. Attempts to invoke the setup.py file will raise an exception. Additionally, pip >= 21.3 is now required for editable installs.

Issues Resolved ...............

See the PyMongo 4.8 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.8 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37057

Changes in Version 4.7.3

Version 4.7.3 has further fixes for lazily loading modules.

  • Use deferred imports instead of importlib lazy module loading.
  • Improve import time on Windows.
  • Reduce verbosity of "Waiting for suitable server to become available" log message from info to debug.

Issues Resolved ...............

See the PyMongo 4.7.3 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.7.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=39865

Changes in Version 4.7.2

... (truncated)

Commits
  • d504d14 BUMP 4.8.0
  • ab9e748 PYTHON-4515 Improve 4.8 changelog (#1713)
  • 2fdf707 PYTHON-4507 [v4.8] pip>=21.3 is required for editable installs (#1711)
  • 5139adb PYTHON-4515 [v4.8] Update changelog for 4.8 (#1710)
  • b3c55ff BUMP 4.8.0.dev1
  • 113b9da BUMP 4.8.0b0
  • 585411a PYTHON-4388 [v4.8] Fix security events handling in release workflow again (#1...
  • f1f4938 PYTHON-4388 [v4.8] Fix permissions in release workflow (#1708)
  • a0d232b PYTHON-4499 [v4.8] Log pymongo.connection at DEBUG without EventListeners (#1...
  • 14ed482 PYTHON-4388 [v4.8] Fix dist handling in SSDLC workflow (#1706)
  • Additional commits viewable in compare view

Updates psycopg to 3.2.1

Changelog

Sourced from psycopg's changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.2.2 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Drop !TypeDef specifications as string from public modules, as they cannot be composed by users as !typing objects previously could (:ticket:[#860](https://github.com/psycopg/psycopg/issues/860)).

Current release

Psycopg 3.2.1 ^^^^^^^^^^^^^

  • Fix packaging metadata breaking [c], [binary] dependencies (:ticket:[#853](https://github.com/psycopg/psycopg/issues/853)).

Psycopg 3.2

.. rubric:: New top-level features

  • Add support for integer, floating point, boolean NumPy scalar types__ (:ticket:[#332](https://github.com/psycopg/psycopg/issues/332)).
  • Add !timeout and !stop_after parameters to Connection.notifies() (:ticket:340).
  • Allow dumpers to return !None, to be converted to NULL (:ticket:[#377](https://github.com/psycopg/psycopg/issues/377)).
  • Add :ref:raw-query-cursors to execute queries using placeholders in PostgreSQL format ($1, $2...) (:tickets:[#560](https://github.com/psycopg/psycopg/issues/560), [#839](https://github.com/psycopg/psycopg/issues/839)).
  • Add capabilities object to :ref:inspect the libpq capabilities <capabilities> (:ticket:[#772](https://github.com/psycopg/psycopg/issues/772)).
  • Add ~rows.scalar_row to return scalar values from a query (:ticket:[#723](https://github.com/psycopg/psycopg/issues/723)).
  • Add ~Connection.cancel_safe() for encrypted and non-blocking cancellation when using libpq v17. Use such method internally to implement !KeyboardInterrupt and ~cursor.copy termination (:ticket:[#754](https://github.com/psycopg/psycopg/issues/754)).
  • The !context parameter of sql objects ~sql.Composable.as_string() and ~sql.Composable.as_bytes() methods is now optional (:ticket:[#716](https://github.com/psycopg/psycopg/issues/716)).
  • Add ~Connection.set_autocommit() on sync connections, and similar

... (truncated)

Commits
  • bb47d39 chore: bump psycopg package version to 3.2.1
  • 55490a2 fix: fix versions in packaging metadata
  • 1cbc42a docs: fix title level of major releases
  • 06a6e5e docs: mention dropping Python 3.7 in psycopg 3.2 release
  • ea3735d docs: better organization of the 3.2 release notes
  • 896eee2 chore: bump psycopg package version to 3.2.0
  • 2e2f4d7 chore: bump psycopg package version to 3.1.20
  • 7369d3b Merge pull request #846 from eli-schwartz/tomllib
  • 6672c70 style: shorter line in pyproject.toml
  • a517bb4 build: avoid installing tomli on recent python
  • Additional commits viewable in compare view

Updates mysql-connector-python to 9.0.0

Updates jupyterlab to 4.2.5

Release notes

Sourced from jupyterlab's releases.

v4.2.5

4.2.5

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

  • Fix JupyterLab install instructions in the debugger docs #16683 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart | @​fcollonval | @​github-actions | @​HaudinFlorence | @​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Mehak261124 | @​Rob-P-Smith | @​tonyfast | @​welcome | @​williamstein

Changelog

Sourced from jupyterlab's changelog.

4.2.5

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

  • Fix JupyterLab install instructions in the debugger docs #16683 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart | @​fcollonval | @​github-actions | @​HaudinFlorence | @​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Mehak261124 | @​Rob-P-Smith | @​tonyfast | @​welcome | @​williamstein

4.2.4

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

(GitHub contributors page for this release)

... (truncated)

Commits
  • a046125 [ci skip] Publish 4.2.5
  • 88e24ba Merge commit from fork
  • 58d7535 Backport PR #16710: Use locale name instead of display/native name to toggle ...
  • 524f71d Backport PR #16486: Bump braces from 3.0.2 to 3.0.3 (#16699)
  • 7bf7ec5 Backport PR #16682: Prevent replacing code with find and replace in read-only...
  • 355cbd5 Backport PR #16683: Fix JupyterLab install instructions in the debugger docs ...
  • 1fa4474 Backport PR #16647: Do not block shift-click mouse up handler on active cell ...
  • c639643 [ci skip] Publish 4.2.4
  • 8f78e27 Backport PR #16450 on branch 4.2.x (Align extension migration docs with the l...
  • 9223530 Backport PR #16507: Add customisation options to prevent inline completer res...
  • Additional commits viewable in compare view

Updates jupyter-bokeh to 4.0.5

Commits

Updates jupyter-server to 2.14.2

Release notes

Sourced from jupyter-server's releases.

v2.14.2

2.14.2

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​gogasca | @​krassowski | @​manics | @​pre-commit-ci

Changelog

Sourced from jupyter-server's changelog.

2.14.2

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Updates the requirements on [matplotlib](https://github.com/matplotlib/matplotlib), [pandas](https://github.com/pandas-dev/pandas), [plotly](https://github.com/plotly/plotly.py), [scipy](https://github.com/scipy/scipy), [skl2onnx](https://github.com/onnx/sklearn-onnx), [codeflare-sdk](https://github.com/project-codeflare/codeflare-sdk), [pymongo](https://github.com/mongodb/mongo-python-driver), [psycopg](https://github.com/psycopg/psycopg), [mysql-connector-python](http://dev.mysql.com/doc/connector-python/en/index.html), [jupyterlab](https://github.com/jupyterlab/jupyterlab), [jupyter-bokeh](https://github.com/bokeh/jupyter_bokeh), [jupyter-server](https://github.com/jupyter-server/jupyter_server), [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy), [jupyterlab-git](https://github.com/jupyterlab/jupyterlab-git), [jupyterlab-lsp](https://github.com/jupyter-lsp/jupyterlab-lsp), [jupyterlab-widgets](https://github.com/jupyter-widgets/ipywidgets), [jupyter-resource-usage](https://github.com/jupyter-server/jupyter-resource-usage), [nbdime](https://github.com/jupyter/nbdime), [nbgitpuller](https://github.com/jupyterhub/nbgitpuller), [autopep8](https://github.com/hhatto/autopep8), [flake8](https://github.com/pycqa/flake8), [wheel](https://github.com/pypa/wheel) and [aiohttp](https://github.com/aio-libs/aiohttp) to permit the latest version.

Updates `matplotlib` to 3.9.2
- [Release notes](https://github.com/matplotlib/matplotlib/releases)
- [Commits](matplotlib/matplotlib@v3.8.3...v3.9.2)

Updates `pandas` to 2.2.2
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v2.2.0...v2.2.2)

Updates `plotly` to 5.24.1
- [Release notes](https://github.com/plotly/plotly.py/releases)
- [Changelog](https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md)
- [Commits](plotly/plotly.py@v5.20.0...v5.24.1)

Updates `scipy` to 1.14.1
- [Release notes](https://github.com/scipy/scipy/releases)
- [Commits](scipy/scipy@v1.12.0...v1.14.1)

Updates `skl2onnx` to 1.17.0
- [Release notes](https://github.com/onnx/sklearn-onnx/releases)
- [Changelog](https://github.com/onnx/sklearn-onnx/blob/main/CHANGELOGS.md)
- [Commits](onnx/sklearn-onnx@1.16.0...1.17.0)

Updates `codeflare-sdk` to 0.20.2
- [Release notes](https://github.com/project-codeflare/codeflare-sdk/releases)
- [Commits](project-codeflare/codeflare-sdk@v0.18.0...v0.20.2)

Updates `pymongo` to 4.8.0
- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)
- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)
- [Commits](mongodb/mongo-python-driver@4.6.2...4.8.0)

Updates `psycopg` to 3.2.1
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](psycopg/psycopg@3.1.18...3.2.1)

Updates `mysql-connector-python` to 9.0.0

Updates `jupyterlab` to 4.2.5
- [Release notes](https://github.com/jupyterlab/jupyterlab/releases)
- [Changelog](https://github.com/jupyterlab/jupyterlab/blob/@jupyterlab/lsp@4.2.5/CHANGELOG.md)
- [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/vdom@3.6.7...@jupyterlab/lsp@4.2.5)

Updates `jupyter-bokeh` to 4.0.5
- [Commits](bokeh/jupyter_bokeh@3.0.7...4.0.5)

Updates `jupyter-server` to 2.14.2
- [Release notes](https://github.com/jupyter-server/jupyter_server/releases)
- [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md)
- [Commits](jupyter-server/jupyter_server@v2.14.1...v2.14.2)

Updates `jupyter-server-proxy` to 4.4.0
- [Release notes](https://github.com/jupyterhub/jupyter-server-proxy/releases)
- [Changelog](https://github.com/jupyterhub/jupyter-server-proxy/blob/main/RELEASE.md)
- [Commits](jupyterhub/jupyter-server-proxy@v4.2.0...v4.4.0)

Updates `jupyterlab-git` to 0.50.1
- [Release notes](https://github.com/jupyterlab/jupyterlab-git/releases)
- [Changelog](https://github.com/jupyterlab/jupyterlab-git/blob/main/CHANGELOG.md)
- [Commits](jupyterlab/jupyterlab-git@v0.44.0...v0.50.1)

Updates `jupyterlab-lsp` to 5.1.0
- [Release notes](https://github.com/jupyter-lsp/jupyterlab-lsp/releases)
- [Changelog](https://github.com/jupyter-lsp/jupyterlab-lsp/blob/main/CHANGELOG.md)
- [Commits](jupyter-lsp/jupyterlab-lsp@v4.2.0...v5.1.0)

Updates `jupyterlab-widgets` to 3.0.13
- [Release notes](https://github.com/jupyter-widgets/ipywidgets/releases)
- [Commits](https://github.com/jupyter-widgets/ipywidgets/commits)

Updates `jupyter-resource-usage` to 1.1.0
- [Release notes](https://github.com/jupyter-server/jupyter-resource-usage/releases)
- [Changelog](https://github.com/jupyter-server/jupyter-resource-usage/blob/main/CHANGELOG.md)
- [Commits](jupyter-server/jupyter-resource-usage@v0.7.2...v1.1.0)

Updates `nbdime` to 4.0.2
- [Release notes](https://github.com/jupyter/nbdime/releases)
- [Changelog](https://github.com/jupyter/nbdime/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jupyter/nbdime/compare/3.2.1...nbdime@4.0.2)

Updates `nbgitpuller` to 1.2.1
- [Changelog](https://github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md)
- [Commits](jupyterhub/nbgitpuller@1.2.0...1.2.1)

Updates `autopep8` to 2.3.1
- [Release notes](https://github.com/hhatto/autopep8/releases)
- [Commits](hhatto/autopep8@v2.0.4...v2.3.1)

Updates `flake8` to 7.1.1
- [Commits](PyCQA/flake8@7.0.0...7.1.1)

Updates `wheel` to 0.44.0
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.43.0...0.44.0)

Updates `aiohttp` from 3.10.2 to 3.10.5
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.10.2...v3.10.5)

---
updated-dependencies:
- dependency-name: matplotlib
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: pandas
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: plotly
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: scipy
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: skl2onnx
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: codeflare-sdk
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: pymongo
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: psycopg
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: mysql-connector-python
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyterlab
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyter-bokeh
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyter-server
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyter-server-proxy
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyterlab-git
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyterlab-lsp
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyterlab-widgets
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: jupyter-resource-usage
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: nbdime
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: nbgitpuller
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: autopep8
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: flake8
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: wheel
  dependency-type: direct:production
  dependency-group: gaudi-openshift
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gaudi-openshift
...

Signed-off-by: dependabot[bot] <support@github.com>
Copy link

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 6 package(s) with unknown licenses.
See the Details below.

License Issues

enterprise/redhat/openshift-ai/gaudi/docker/requirements.txt

PackageVersionLicenseIssue Type
psycopg~> 3.2.1NullUnknown License
matplotlib~> 3.9.2NullUnknown License
flake8~> 7.1.1NullUnknown License
jupyterlab~> 4.2.5NullUnknown License
mysql-connector-python~> 9.0.0NullUnknown License
nbdime~> 4.0.2NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/aiohttp 3.10.5 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 3Found 7/18 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
pip/autopep8 ~> 2.3.1 🟢 6.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/12 approved changesets -- score normalized to 0
Maintained🟢 1028 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
pip/codeflare-sdk ~> 0.20.2 UnknownUnknown
pip/flake8 ~> 7.1.1 🟢 6
Details
CheckScoreReason
Maintained🟢 108 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 5Found 5/10 approved changesets -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/jupyter-bokeh ~> 4.0.5 🟢 3.8
Details
CheckScoreReason
Code-Review🟢 3Found 6/18 approved changesets -- score normalized to 3
Maintained⚠️ 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 7SAST tool detected but not run on all commits
Vulnerabilities🟢 55 existing vulnerabilities detected
pip/jupyter-resource-usage ~> 1.1.0 🟢 3.6
Details
CheckScoreReason
Code-Review🟢 3Found 6/16 approved changesets -- score normalized to 3
Maintained🟢 33 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 012 existing vulnerabilities detected
pip/jupyter-server ~> 2.14.2 UnknownUnknown
pip/jupyter-server-proxy ~> 4.4.0 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 5Found 6/11 approved changesets -- score normalized to 5
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/jupyterlab ~> 4.2.5 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/28 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 010 existing vulnerabilities detected
pip/jupyterlab-git ~> 0.50.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 4/15 approved changesets -- score normalized to 2
Maintained🟢 54 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
pip/jupyterlab-lsp ~> 5.1.0 🟢 4.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/11 approved changesets -- score normalized to 1
Maintained🟢 41 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 4
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 10SAST tool is run on all commits
Vulnerabilities⚠️ 018 existing vulnerabilities detected
pip/jupyterlab-widgets ~> 3.0.13 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 6Found 18/29 approved changesets -- score normalized to 6
Maintained🟢 1022 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 020 existing vulnerabilities detected
pip/matplotlib ~> 3.9.2 🟢 8.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
License🟢 9license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Packaging🟢 10packaging workflow detected
pip/mysql-connector-python ~> 9.0.0 🟢 3.1
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Dangerous-Workflow⚠️ -1no workflows found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/nbdime ~> 4.0.2 🟢 4.8
Details
CheckScoreReason
Code-Review🟢 4Found 6/13 approved changesets -- score normalized to 4
Maintained🟢 1010 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
pip/nbgitpuller ~> 1.2.1 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 6Found 5/8 approved changesets -- score normalized to 6
Maintained🟢 54 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/pandas ~> 2.2.2 🟢 6.4
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 825 out of last 30 changesets reviewed before merge -- score normalized to 8
Contributors🟢 1047 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool⚠️ 0no update tool detected
Fuzzing🟢 10project is fuzzed with [OSSFuzz]
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 7SAST tool detected but not run on all commmits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
pip/plotly ~> 5.24.1 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 024 existing vulnerabilities detected
pip/psycopg ~> 3.2.1 UnknownUnknown
pip/pymongo ~> 4.8.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases🟢 81 out of the last 1 releases have a total of 1 signed artifacts.
Branch-Protection⚠️ -1internal error: error during GetBranch(v3.12): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 10SAST tool is run on all commits
pip/scipy ~> 1.14.1 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 9Found 19/20 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(maintenance/1.11.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ -1No tokens found
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/skl2onnx ~> 1.17.0 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/30 approved changesets -- score normalized to 2
Maintained🟢 105 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 73 existing vulnerabilities detected
SAST🟢 9SAST tool detected but not run on all commits
pip/wheel ~> 0.44.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 3Found 9/26 approved changesets -- score normalized to 3
Maintained🟢 55 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Security-Policy⚠️ 0security policy file not detected
SAST🟢 3SAST tool is not run on all commits -- score normalized to 3

Scanned Manifest Files

enterprise/redhat/openshift-ai/gaudi/docker/requirements.txt
  • aiohttp@3.10.5
  • autopep8@~> 2.3.1
  • codeflare-sdk@~> 0.20.2
  • flake8@~> 7.1.1
  • jupyter-bokeh@~> 4.0.5
  • jupyter-resource-usage@~> 1.1.0
  • jupyter-server@~> 2.14.2
  • jupyter-server-proxy@~> 4.4.0
  • jupyterlab@~> 4.2.5
  • jupyterlab-git@~> 0.50.1
  • jupyterlab-lsp@~> 5.1.0
  • jupyterlab-widgets@~> 3.0.13
  • matplotlib@~> 3.9.2
  • mysql-connector-python@~> 9.0.0
  • nbdime@~> 4.0.2
  • nbgitpuller@~> 1.2.1
  • pandas@~> 2.2.2
  • plotly@~> 5.24.1
  • psycopg@~> 3.2.1
  • pymongo@~> 4.8.0
  • scipy@~> 1.14.1
  • skl2onnx@~> 1.17.0
  • wheel@~> 0.44.0
  • aiohttp@3.10.2
  • autopep8@~> 2.0.4
  • codeflare-sdk@~> 0.18.0
  • flake8@~> 7.0.0
  • jupyter-bokeh@~> 3.0.7
  • jupyter-resource-usage@~> 0.7.2
  • jupyter-server@~> 2.14.1
  • jupyter-server-proxy@~> 4.2.0
  • jupyterlab@~> 3.6.7
  • jupyterlab-git@~> 0.44.0
  • jupyterlab-lsp@~> 4.2.0
  • jupyterlab-widgets@~> 3.0.10
  • matplotlib@~> 3.8.3
  • mysql-connector-python@~> 8.3.0
  • nbdime@~> 3.2.1
  • nbgitpuller@~> 1.2.0
  • pandas@~> 2.2.0
  • plotly@~> 5.20.0
  • psycopg@~> 3.1.18
  • pymongo@~> 4.6.2
  • scipy@~> 1.12.0
  • skl2onnx@~> 1.16.0
  • wheel@~> 0.43.0

Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 16, 2024

Superseded by #389.

@dependabot dependabot bot closed this Sep 16, 2024
@dependabot dependabot bot deleted the dependabot/pip/enterprise/redhat/openshift-ai/gaudi/docker/gaudi-openshift-3ae6355848 branch September 16, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants