Bump the gaudi-openshift group across 1 directory with 23 updates

[dependabot]

Updates the requirements on matplotlib, pandas, plotly, scipy, skl2onnx, codeflare-sdk, pymongo, psycopg, mysql-connector-python, jupyterlab, jupyter-bokeh, jupyter-server, jupyter-server-proxy, jupyterlab-git, jupyterlab-lsp, jupyterlab-widgets, jupyter-resource-usage, nbdime, nbgitpuller, autopep8, flake8, wheel and aiohttp to permit the latest version.
Updates matplotlib to 3.9.2

Release notes

Sourced from matplotlib's releases.

REL: 3.9.2

This is the second bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

• Be more resilient to I/O failures when writing font cache
• Fix nondeterministic behavior with subplot spacing and constrained layout
• Fix sticky edge tolerance relative to data range
• Improve formatting of image values in cases of singular norms

Windows wheels now bundle the MSVC runtime DLL statically to avoid inconsistencies with other wheels and random crashes depending on import order.

Commits

• a254b68 REL: 3.9.2
• 056f307 DOC: Create release notes for 3.9.2
• 8d867ce Merge branch 'v3.9.1-doc' into v3.9.x
• 7be8675 Merge pull request #28687 from QuLogic/static-msvc
• 3ed3d7b Merge pull request #28695 from meeseeksmachine/auto-backport-of-pr-27797-on-v...
• 8a62afa BLD: Include MSVCP140 runtime statically
• 81be26f Merge pull request #28688 from QuLogic/auto-backport-of-pr-28668-on-v3.9.x
• d88a582 Backport PR #27797: DOC: Use video files for saving animations
• e3159ba Merge pull request #28692 from meeseeksmachine/auto-backport-of-pr-28632-on-v...
• 465401e Backport PR #28632: DOC: Tell sphinx-gallery to link mpl_toolkits from our build
• Additional commits viewable in compare view

Updates pandas to 2.2.3

Release notes

Sourced from pandas's releases.

Pandas 2.2.3

We are pleased to announce the release of pandas 2.2.3. This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.2.3 supports Python 3.9 and higher.

The release will be available on the defaults and conda-forge channels:

conda install pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• 0691c5c RLS: 2.2.3
• 658dfdd relax cython bound
• 6891e90 Backport PR #59847: BLD: Build wheels for Python 3.13 on aarch64 as well
• f108468 RLS: 2.2.3
• 6958738 Backport PR #59840: BLD: Final release prep for 2.2.3 (#59842)
• 0bd98fe Backport PR #59136 on branch 2.2.x (Upload 3.13 & free-threaded nightly wheel...
• 8d67e77 Backport PR #59836 on branch 2.2.x (BLD: Fix bad Cython annotation) (#59837)
• f7b6378 Assorted backports for 2.2.x (#59785)
• 2127b42 Backport #59144 on 2.2.x / 2.3.x (remove ops div class to solve #2137) (#59535)
• 4a20adb Backport PR #59813 on branch 2.2.x (CI: Debug failing ARM builds) (#59828)
• Additional commits viewable in compare view

Updates plotly to 5.24.1

Release notes

Sourced from plotly's releases.

v5.24.1

Updated

• Updated Plotly.js from version 2.35.0 to version 2.35.2. See the plotly.js CHANGELOG for more information.

Changelog

Sourced from plotly's changelog.

[5.24.1] - 2024-09-12

Updated

• Updated Plotly.js from version 2.35.0 to version 2.35.2. See the plotly.js CHANGELOG for more information.

[5.24.0] - 2024-08-29

Added

• New px functions for maps: scatter_map, line_map, choropleth_map, and density_map.

Updated

• Updated Plotly.js from version 2.34.0 to version 2.35.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:

  • Add new traces: scattermap, choroplethmap and densitymap and map subplots which use maplibre to render maps [#7015, #7060, #7085, #7088, #7090, #7092, #7094, #7134]
  • Deprecate mapbox traces and mapbox subplot [#7087]

• Fixed a bug in integer validation of arrays that threw an error when an array contained a mix of strings and integers.

[5.23.0] - 2024-07-23

Updated

• Updated Plotly.js from version 2.32.0 to version 2.34.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
  • Add subtitle attribute to layout.title to enable adding subtitles to plots [#7012]
  • Introduce "u" and "s" pseudo html tags to add partial underline and strike-through styles to SVG text elements [#7043]
  • Add geometric mean functionality and 'geometric mean ascending' + 'geometric mean descending' to category_order on cartesian axes [#6223], with thanks to @​acxz and @​prabhathc for the contribution!
  • Add axis property ticklabelindex for drawing the label for each minor tick n positions away from a major tick, with thanks to @​my-tien for the contribution! [#7036]
  • Add property ticklabelstandoff and ticklabelshift to cartesian axes to adjust positioning of tick labels, with thanks to @​my-tien for the contribution! [#7006]
  • Add x0shift, x1shift, y0shift, y1shift to shapes to add control over positioning of shape vertices on (multi-)category axes, with thanks to @​my-tien for the contribution! [#7005]
• Specify Python version 3.8-3.11 for development virtual environments and pin pytest at version 8.1.1 to match.
• Update IntegerValidator to handle extras option to allow supporting additional keyword values. For example, 'bold' and 'normal' as well as integers as used in font weights #4612.

[5.22.0] - 2024-05-01

Updated

• Updated Plotly.js from version 2.31.1 to version 2.32.0. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
  • Add "bold" weight, "italic" style and "small-caps" variant options to fonts #6956
  • Fix applying autotickangles on axes with showdividers as well as cases where tickson is set to "boundaries" #6967, with thanks to @​my-tien for the contribution!
  • Fix positioning of multi-line axis titles with standoff #6970, with thanks to @​my-tien for the contribution!

[5.21.0] - 2024-04-17

Updated

• Updated Plotly.js from version 2.30.0 to version 2.31.1. See the plotly.js CHANGELOG for more information. These changes are reflected in the auto-generated plotly.graph_objects module. Notable changes include:
  • Add zorder attribute to various cartesian traces for controlling stacking order of SVG traces drawn into a subplot [#6918, #6953],

... (truncated)

Commits

• 5d79b80 update release date
• 2cff569 Merge branch 'master' into release-5.24.1
• 5182afd Merge pull request #4765 from plotly/update-plotly-js-version-2-35-2
• d52f2a2 update plotly.js to 2.35.2
• 481a438 version changes for v5.24.1
• ef4eb44 Merge pull request #4757 from plotly/update-plotly-js-version-2-35-1
• 31e1f8f Merge branch 'master' into update-plotly-js-version-2-35-1
• 85bad44 Merge pull request #4756 from plotly/update-master-with-docs-changes
• c72b77e Update package-lock.json
• e5333de update plotly.js to 2.35.1
• Additional commits viewable in compare view

Updates scipy to 1.14.1

Release notes

Sourced from scipy's releases.

SciPy 1.14.1 Release Notes

SciPy 1.14.1 adds support for Python 3.13, including binary wheels on PyPI. Apart from that, it is a bug-fix release with no new features compared to 1.14.0.

Authors

• Name (commits)
• h-vetinari (1)
• Evgeni Burovski (1)
• CJ Carey (2)
• Lucas Colley (3)
• Ralf Gommers (3)
• Melissa Weber Mendonça (1)
• Andrew Nelson (3)
• Nick ODell (1)
• Tyler Reddy (36)
• Daniel Schmitz (1)
• Dan Schult (4)
• Albert Steppi (2)
• Ewout ter Hoeven (1)
• Tibor Völcker (2) +
• Adam Turner (1) +
• Warren Weckesser (2)
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits

• 92d2a85 REL: 1.14.1 rel commit [wheel build]
• 85623a1 Merge pull request #21362 from tylerjereddy/treddy_1.14.1_backports
• d924005 MAINT: PR 21362 revisions [wheel build]
• b901a4e MAINT, CI: PR 21362 revisions [wheel build]
• 2a7ec60 MAINT, BLD: PR 21362 revisions [wheel build]
• f4f084d MAINT, CI: PR 21362 revisions [wheel build]
• b712fc6 DOC: update 1.14.1 relnotes [wheel build]
• cdd5aca MAINT: special: Accommodate changed integer handling in NumPy 2.0. (#21401)
• 0f91838 BLD: cp313 wheels on manylinux_aarch64 (#21409)
• 6dd0b00 MAINT, CI: wheel build changes [wheel build]
• Additional commits viewable in compare view

Updates skl2onnx to 1.17.0

Release notes

Sourced from skl2onnx's releases.

1.17.0

• Upgrade the maximum supported opset to 21, update requirements to scikit-learn>=1.1, older versions are not tested anymore, #1098
• Support infrequent categories for OneHotEncoder #1029
• Support kernel Matern in Gaussian Process #978
• Fix for multidimensional gaussian process #1097
• Minor fixes to support scikit-learn==1.5.0 #1095
• Fix the conversion of pipeline including pipelines, issue #1069, #1072
• Fix unexpected type for intercept in PoissonRegressor and GammaRegressor #1070
• Add support for scikit-learn 1.4.0, #1058, fixes issues Many examples in the gallery are showing "broken", TFIDF vectorizer target_opset issue, Tfidfvectorizer with sublinear_tf fails, despite opset version set to greater than 11.

Changelog

Sourced from skl2onnx's changelog.

1.17.0 (development)

• Upgrade the maximum supported opset to 21, update requirements to scikit-learn>=1.1, older versions are not tested anymore, #1098
• Support infrequent categories for OneHotEncoder #1029
• Support kernel Matern in Gaussian Process #978
• Fix for multidimensional gaussian process #1097
• Minor fixes to support scikit-learn==1.5.0 #1095
• Fix the conversion of pipeline including pipelines, issue #1069, #1072
• Fix unexpected type for intercept in PoissonRegressor and GammaRegressor #1070
• Add support for scikit-learn 1.4.0, #1058, fixes issues Many examples in the gallery are showing "broken", TFIDF vectorizer target_opset issue, Tfidfvectorizer with sublinear_tf fails, despite opset version set to greater than 11.

1.16.0

• Supports cosine distance (LocalOutlierFactor, ...) #1050,
• Supports multiple columns for OrdinalEncoder #1044 (by @​max-509)
• Add an example on how to handle FunctionTransformer #1042, Versions of scikit-learn < 1.0 are not tested any more.
• Supports lists of strings as inputs for FeatureHasher #1025, #1036
• skl2onnx works with onnx==1.15.0, #1034
• fix OneHotEncoder when categories indices to drop are not None #1028
• fix converter for AdaBoost estimators in scikit-learn==1.3.1 #1027
• add function 'add_onnx_graph' to insert onnx graph coming from other converting,
  libraries within the converter mapped to a custom estimator #1023, #1024
• add option 'language' to converters of CountVectorizer, TfIdfVectorizer #1020

Commits

• 4dad29e Upgrade max supported opset version (#1098)
• c4a9de3 Add kernel Matern for gaussian process (#978)
• 8a09ebc [WIP] Supports infrequent category with OneHotEncoder (#1029)
• a63f71f Fix for multidimensional gaussian process (#1097)
• 80a5d14 StringNormalizer drops strings when they only contain stop words (#1031)
• 9511028 Fix the converters for scikit-learn==1.5.0 (#1095)
• 0785722 Increase last supported opset to 19 in readme (#1087)
• 49473d6 Extend CI to test with onnxruntime==1.18.0 (#1093)
• d2029c1 Investigate issue 1069 (#1072)
• 26447bc typo (#1085)
• Additional commits viewable in compare view

Updates codeflare-sdk to 0.20.2

Release notes

Sourced from codeflare-sdk's releases.

v0.20.2

What's Changed

• [FIX] generate cert functionality by @​Bobbins228 in project-codeflare/codeflare-sdk#658
• Remove Notebook Image Build and Push steps from release workflow by @​Fiona-Waters in project-codeflare/codeflare-sdk#657
• Changes in docs for release: v0.20.2 by @​codeflare-machine-account in project-codeflare/codeflare-sdk#660

Full Changelog: project-codeflare/codeflare-sdk@v0.20.0...v0.20.2

Commits

• a22b5ae Changes in docs for release: v0.20.2
• d47419c Remove Notebook Image Build and Push steps from release workflow
• be64fb5 test(unit_test.py): update unit test for test_generate_tls_cert
• 323e1ae fix(generate_cert.py): add get_secret_name function to solve issues with auto...
• 261da3f RHOAIENG-10371 - Clean up content of cells in SDK demo notebooks
• 95b2165 Update notebooks and docs with updated Cluster Configuration args
• ee307a9 Add provision in odh-sync workflow to adjust Pipfile.cpu and Pipfile.gpu with...
• a146547 Increase memory for ray head pod
• de2bd73 Update s3 bucket endpoint url to remove https prefix (#643)
• 6f58a8b Allow setuptools to use previous versions for compatibility
• Additional commits viewable in compare view

Updates pymongo to 4.9.1

Release notes

Sourced from pymongo's releases.

PyMongo 4.9.1

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-9-released/297833

Changelog

Sourced from pymongo's changelog.

Changelog

Changes in Version 4.9.0

.. warning:: Driver support for MongoDB 3.6 reached end of life in April 2024. PyMongo 4.9 will be the last release to support MongoDB 3.6.

.. warning:: PyMongo 4.9 refactors a large portion of internal APIs to support the new asynchronous API beta. As a result, versions of Motor older than 3.6 are not compatible with PyMongo 4.9. Existing users of these versions must either upgrade to Motor 3.6 and PyMongo 4.9, or cap their PyMongo version to < 4.9. Any applications that use private APIs may also break as a result of these internal changes.

PyMongo 4.9 brings a number of improvements including:

• Added support for MongoDB 8.0.
• Added support for Python 3.13.
• A new beta asynchronous API with full asyncio support. This new asynchronous API is a work-in-progress that may change during the beta period before the full release.
• Added support for In-Use Encryption range queries with MongoDB 8.0. Added :attr:~pymongo.encryption.Algorithm.RANGE. sparsity and trim_factor are now optional in :class:~pymongo.encryption_options.RangeOpts.
• Added support for the "delegated" option for the KMIP master_key in :meth:~pymongo.encryption.ClientEncryption.create_data_key.
• pymongocrypt>=1.10 is now required for :ref:In-Use Encryption support.
• Added :meth:~pymongo.cursor.Cursor.to_list to :class:~pymongo.cursor.Cursor, :class:~pymongo.command_cursor.CommandCursor, :class:~pymongo.asynchronous.cursor.AsyncCursor, and :class:~pymongo.asynchronous.command_cursor.AsyncCommandCursor as an asynchronous-friendly alternative to list(cursor).
• Added :meth:~pymongo.mongo_client.MongoClient.bulk_write to :class:~pymongo.mongo_client.MongoClient and :class:~pymongo.asynchronous.mongo_client.AsyncMongoClient, enabling users to perform insert, update, and delete operations against mixed namespaces in a minimized number of round trips. Please see :doc:examples/client_bulk for more information.
• Added support for the namespace parameter to the :class:~pymongo.operations.InsertOne, :class:~pymongo.operations.ReplaceOne, :class:~pymongo.operations.UpdateOne, :class:~pymongo.operations.UpdateMany, :class:~pymongo.operations.DeleteOne, and :class:~pymongo.operations.DeleteMany operations, so they can be used in the new :meth:~pymongo.mongo_client.MongoClient.bulk_write.
• Added :func:repr support to :class:bson.tz_util.FixedOffset.
• Fixed a bug where PyMongo would raise InvalidBSON: unhashable type: 'tzfile' when using :attr:~bson.codec_options.DatetimeConversion.DATETIME_CLAMP or :attr:~bson.codec_options.DatetimeConversion.DATETIME_AUTO with a timezone from dateutil.
• Fixed a bug where PyMongo would raise InvalidBSON: date value out of range

... (truncated)

Commits

• 8b26d4b BUMP 4.9.1
• d0772f2 PYTHON-4773 - Async PyMongo Beta docs update (#1868)
• 2ddd16d BUMP 4.10.0.dev0
• 699d962 BUMP 4.9
• 2c432b5 PYTHON-4768 - Fix atlas connection tests and cleanup uses of raw MongoClients...
• 6d472a1 PYTHON-4738 Skip encryption test_fork on PyPy (#1865)
• 9a71be1 PYTHON-4740 Convert asyncio.TimeoutError to socket.timeout for compat (#1864)
• c136684 PYTHON-4585 Cursor.to_list does not apply client's timeoutMS setting (#1860)
• 40ebc16 PYTHON-4764 Update to use current supported EVG hosts (#1858)
• 163e3d4 PYTHON-4738 - Make test_encryption.TestClientSimple.test_fork sync-only (#1862)
• Additional commits viewable in compare view

Updates psycopg to 3.2.2

Changelog

Sourced from psycopg's changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Current release

Psycopg 3.2.2 ^^^^^^^^^^^^^

• Drop !TypeDef specifications as string from public modules, as they cannot be composed by users as !typing objects previously could (:ticket:[#860](https://github.com/psycopg/psycopg/issues/860)).
• Release Python 3.13 binary packages.

Psycopg 3.2.1 ^^^^^^^^^^^^^

• Fix packaging metadata breaking [c], [binary] dependencies (:ticket:[#853](https://github.com/psycopg/psycopg/issues/853)).

Psycopg 3.2

.. rubric:: New top-level features

• Add support for integer, floating point, boolean NumPy scalar types__ (:ticket:[#332](https://github.com/psycopg/psycopg/issues/332)).
• Add !timeout and !stop_after parameters to Connection.notifies() (:ticket:340).
• Allow dumpers to return !None, to be converted to NULL (:ticket:[#377](https://github.com/psycopg/psycopg/issues/377)).
• Add :ref:raw-query-cursors to execute queries using placeholders in PostgreSQL format ($1, $2...) (:tickets:[#560](https://github.com/psycopg/psycopg/issues/560), [#839](https://github.com/psycopg/psycopg/issues/839)).
• Add capabilities object to :ref:inspect the libpq capabilities <capabilities> (:ticket:[#772](https://github.com/psycopg/psycopg/issues/772)).
• Add ~rows.scalar_row to return scalar values from a query (:ticket:[#723](https://github.com/psycopg/psycopg/issues/723)).
• Add ~Connection.cancel_safe() for encrypted and non-blocking cancellation when using libpq v17. Use such method internally to implement !KeyboardInterrupt and ~cursor.copy termination (:ticket:[#754](https://github.com/psycopg/psycopg/issues/754)).
• The !context parameter of sql objects ~sql.Composable.as_string() and ~sql.Composable.as_bytes() methods is now optional (:ticket:[#716](https://github.com/psycopg/psycopg/issues/716)).
• Add ~Connection.set_autocommit() on sync connections, and similar transaction control methods available on the async connections.
• Add a size parameter to ~Cursor.stream() to enable results retrieval in

... (truncated)

Commits

• d027a87 chore: bump psycopg package version to 3.2.2
• 026c123 Merge pull request #890 from edgarrmondragon/build-cp313-wheels
• 86d7772 docs: add update instructions for new major Python releases
• 8089851 docs: add Python 3.13 support news entries
• cf3bc88 docs: mention Python 3.13 supported in install docs
• 9b97811 chore: add Python 3.13 to trove classifiers
• 6e20188 ci: build Python 3.13 wheels
• a5b67ba docs: replace fastapi events with lifespan
• d13137a chore(deps): bump pypa/cibuildwheel in the actions group
• 6f7dcc4 Fix typo in cursor table
• Additional commits viewable in compare view

Updates mysql-connector-python to 9.0.0

Updates jupyterlab to 4.2.5

Release notes

Sourced from jupyterlab's releases.

v4.2.5

4.2.5

(Full Changelog)

Bugs fixed

• Use locale name instead of display/native name to toggle language #16710 (@​maitreya2954)
• Prevent replacing code with find and replace in read-only cells #16682 (@​itsmevichu)
• Do not block shift-click mouse up handler on active cell #16647 (@​EdsterG)

Maintenance and upkeep improvements

• Bump braces from 3.0.2 to 3.0.3 #16486 (@​dependabot[bot])

Documentation improvements

• Fix JupyterLab install instructions in the debugger docs #16683 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart | @​fcollonval | @​github-actions | @​HaudinFlorence | @​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Mehak261124 | @​Rob-P-Smith | @​tonyfast | @​welcome | @​williamstein

Changelog

Sourced from jupyterlab's changelog.

4.2.5

(Full Changelog)

Bugs fixed

• Use locale name instead of display/native name to toggle language #16710 (@​maitreya2954)
• Prevent replacing code with find and replace in read-only cells #16682 (@​itsmevichu)
• Do not block shift-click mouse up handler on active cell #16647 (@​EdsterG)

Maintenance and upkeep improvements

• Bump braces from 3.0.2 to 3.0.3 #16486 (@​dependabot[bot])

Documentation improvements

• Fix JupyterLab install instructions in the debugger docs #16683 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart | @​fcollonval | @​github-actions | @​HaudinFlorence | @​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Mehak261124 | @​Rob-P-Smith | @​tonyfast | @​welcome | @​williamstein

4.2.4

(Full Changelog)

Bugs fixed

• Fix the identifier to download licenses in JSON format #16584 (@​joaopalmeiro)
• Update JupyterLab wordmark color #16567 (@​joaopalmeiro)
• Add customisation options to prevent inline completer resizing aggressively #16507 (@​krassowski)
• Fix license table CSS selector to apply the selected row styles #16547 (@​joaopalmeiro)

Maintenance and upkeep improvements

• Bump ws from 8.12.0 to 8.17.1 #16495 (@​dependabot[bot])

Documentation improvements

• Fix galata docs on overriding tmpPath #16587 (@​krassowski)
• Align extension migration docs with the latest extension template #16450 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

... (truncated)

Commits

• a046125 [ci skip] Publish 4.2.5
• 88e24ba Merge commit from fork
• 58d7535 Backport PR #16710: Use locale name instead of display/native name to toggle ...
• 524f71d Backport PR #16486: Bump braces from 3.0.2 to 3.0.3 (#16699)
• 7bf7ec5 Backport PR #16682: Prevent replacing code with find and replace in read-only...
• 355cbd5 Backport PR #16683: Fix JupyterLab install instructions in the debugger docs ...
• 1fa4474 Backport PR #16647: Do not block shift-click mouse up handler on active cell ...
• c639643 [ci skip] Publish 4.2.4
• 8f78e27 Backport PR #16450 on branch 4.2.x (Align extension migration docs with the l...
• 9223530 Backport PR #16507: Add customisation options to prevent inline completer res...
• Additional commits viewable in compare view

Updates jupyter-bokeh to 4.0.5

Commits

• e02ee6d jupyter_bokeh 4.0.5
• 028343a fix column events (#206)
• 3fee226 jupyter_bokeh 4.0.4
• 33d4e52 Ensure messages are deduplicated based on model id (#205)
• 58e8954 jupyter_bokeh 4.0.3
• ee1eb50 Do not drop events while blocked (#204)
• 38d8fd5 jupyter_bokeh 4.0.2
• 5f0075f Only serialize models not already known to a document (#202)
• 9a55cac jupyter_bokeh 4.0.1
• 3704840 relax constraints to facilitate jupyterlab 4.0 conda build (#200)
• Additional commits viewable in compare view

Updates jupyter-server to 2.14.2

Release notes

Sourced from jupyter-server's releases.

v2.14.2

2.14.2

(Full Changelog)

Bugs fixed

• Pass session_id during Websocket connect #1440 (@​gogasca)
• Do not log environment variables passed to kernels #1437 (@​krassowski)

Maintenance and upkeep improvements

• chore: update pre-commit hooks #1441 (@​pre-commit-ci)
• chore: update pre-commit hooks #1427 (@​pre-commit-ci)

Documentation improvements

• Update documentation for cookie_secret #1433 (@​krassowski)
• Add Changelog for 2.14.1 #1430 (@​blink1073)
• Update simple extension examples: _jupyter_server_extension_points #1426 (@​manics)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​gogasca | @​krassowski | @​manics | @​pre-commit-ci

Changelog

Sourced from jupyter-server's changelog.

2.14.2

(Full Changelog)

Bugs fixed

• Pass session_id during Websocket connect #1440 (@​gogasca)
• Do not log environment variables passed to kernels #1437 (@​krassowski)

Maintenance and upkeep improvements

• chore: update pre-commit hooks #1441 (@​pre-commit-ci)
• chore: update pre-commit hooks #1427 (@​pre-commit-ci)

Documentation improvements

• Update documentation for cookie_secret #1433 (@​krassowski)
• Add Changelog for 2.14.1 #1430 (@​blink1073)
• Update simple extension examples: _jupyter_server_extension_points #1426 (@​manics)

Contributors to this release

(GitHub contributors page for this release)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 7 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

enterprise/redhat/openshift-ai/gaudi/docker/requirements.txt

Package	Version	License	Issue Type
psycopg	~> 3.2.2	Null	Unknown License
matplotlib	~> 3.9.2	Null	Unknown License
aiohttp	3.10.6	Null	Unknown License
flake8	~> 7.1.1	Null	Unknown License
jupyterlab	~> 4.2.5	Null	Unknown License
mysql-connector-python	~> 9.0.0	Null	Unknown License
nbdime	~> 4.0.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/aiohttp	3.10.6	🟢 6.9	Details Check Score Reason Code-Review 🟢 5 Found 15/28 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases.
pip/autopep8	~> 2.3.1	🟢 5.6	Details Check Score Reason Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/codeflare-sdk	~> 0.20.2	Unknown	Unknown
pip/flake8	~> 7.1.1	🟢 6	Details Check Score Reason Code-Review 🟢 5 Found 5/10 approved changesets -- score normalized to 5 Maintained 🟢 10 5 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/jupyter-bokeh	~> 4.0.5	🟢 3.8	Details Check Score Reason Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 Code-Review 🟢 3 Found 6/18 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities 🟢 5 5 existing vulnerabilities detected
pip/jupyter-resource-usage	~> 1.1.0	🟢 3.6	Details Check Score Reason Code-Review 🟢 3 Found 6/16 approved changesets -- score normalized to 3 Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/jupyter-server	~> 2.14.2	Unknown	Unknown
pip/jupyter-server-proxy	~> 4.4.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 5 Found 6/11 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/jupyterlab	~> 4.2.5	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 22/24 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 16 existing vulnerabilities detected
pip/jupyterlab-git	~> 0.50.1	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Maintained 🟢 5 3 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
pip/jupyterlab-lsp	~> 5.1.0	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 1 Found 2/11 approved changesets -- score normalized to 1 Maintained 🟢 4 0 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
pip/jupyterlab-widgets	~> 3.0.13	🟢 4.4	Details Check Score Reason Code-Review 🟢 6 Found 18/29 approved changesets -- score normalized to 6 Maintained 🟢 10 22 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 25 existing vulnerabilities detected
pip/matplotlib	~> 3.9.2	🟢 8.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Packaging 🟢 10 packaging workflow detected
pip/mysql-connector-python	~> 9.0.0	⚠️ 2.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found License 🟢 9 license file detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/nbdime	~> 4.0.2	🟢 4.4	Details Check Score Reason Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Maintained 🟢 10 10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 11 existing vulnerabilities detected
pip/nbgitpuller	~> 1.2.1	🟢 5.2	Details Check Score Reason Code-Review 🟢 6 Found 5/8 approved changesets -- score normalized to 6 Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pandas	~> 2.2.3	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 8 25 out of last 30 changesets reviewed before merge -- score normalized to 8 Contributors 🟢 10 47 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing 🟢 10 project is fuzzed with [OSSFuzz] License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 7 SAST tool detected but not run on all commmits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Vulnerabilities 🟢 10 no vulnerabilities detected
pip/plotly	~> 5.24.1	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
pip/psycopg	~> 3.2.2	Unknown	Unknown
pip/pymongo	~> 4.9.1	🟢 6.2	Details Check Score Reason Code-Review 🟢 5 Found 17/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases 🟢 8 2 out of the last 2 releases have a total of 2 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during GetBranch(v3.12): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
pip/scipy	~> 1.14.1	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 16/20 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(maintenance/1.11.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/skl2onnx	~> 1.17.0	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Maintained 🟢 9 3 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/wheel	~> 0.44.0	🟢 5.3	Details Check Score Reason Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review 🟢 3 Found 9/26 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3

Scanned Manifest Files

enterprise/redhat/openshift-ai/gaudi/docker/requirements.txt

• aiohttp@3.10.6
• autopep8@~> 2.3.1
• codeflare-sdk@~> 0.20.2
• flake8@~> 7.1.1
• jupyter-bokeh@~> 4.0.5
• jupyter-resource-usage@~> 1.1.0
• jupyter-server@~> 2.14.2
• jupyter-server-proxy@~> 4.4.0
• jupyterlab@~> 4.2.5
• jupyterlab-git@~> 0.50.1
• jupyterlab-lsp@~> 5.1.0
• jupyterlab-widgets@~> 3.0.13
• matplotlib@~> 3.9.2
• mysql-connector-python@~> 9.0.0
• nbdime@~> 4.0.2
• nbgitpuller@~> 1.2.1
• pandas@~> 2.2.3
• plotly@~> 5.24.1
• psycopg@~> 3.2.2
• pymongo@~> 4.9.1
• scipy@~> 1.14.1
• skl2onnx@~> 1.17.0
• wheel@~> 0.44.0
• aiohttp@3.10.2
• autopep8@~> 2.0.4
• codeflare-sdk@~> 0.18.0
• flake8@~> 7.0.0
• jupyter-bokeh@~> 3.0.7
• jupyter-resource-usage@~> 0.7.2
• jupyter-server@~> 2.14.1
• jupyter-server-proxy@~> 4.2.0
• jupyterlab@~> 3.6.7
• jupyterlab-git@~> 0.44.0
• jupyterlab-lsp@~> 4.2.0
• jupyterlab-widgets@~> 3.0.10
• matplotlib@~> 3.8.3
• mysql-connector-python@~> 8.3.0
• nbdime@~> 3.2.1
• nbgitpuller@~> 1.2.0
• pandas@~> 2.2.0
• plotly@~> 5.20.0
• psycopg@~> 3.1.18
• pymongo@~> 4.6.2
• scipy@~> 1.12.0
• skl2onnx@~> 1.16.0
• wheel@~> 0.43.0

[tylertitsworth]

@dependabot rebase

[tylertitsworth]

@dependabot rebase

[dependabot]

Superseded by #425.