Dev

[RicardoRyn]

No description provided.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

License Issues

pyproject.toml

Package	Version	License	Issue Type
pycirclize	>= 1.10.0	Null	Unknown License
matplotlib	>= 3.10.6	Null	Unknown License
numpy	>= 2.3.2	Null	Unknown License
tqdm	>= 4.67.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/matplotlib	>= 3.10.6	🟢 7.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 19 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6
pip/numpy	>= 2.3.2	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected CI-Tests 🟢 10 18 out of 18 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 98 contributing companies or organizations
pip/plotly	>= 6.3.0	🟢 5.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2
pip/pycirclize	>= 1.10.0	Unknown	Unknown
pip/scipy	>= 1.16.1	🟢 5.8	Details Check Score Reason Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 13/14 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Security-Policy 🟢 9 security policy file detected Vulnerabilities 🟢 3 7 existing vulnerabilities detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during GetBranch(maintenance/1.11.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/tqdm	>= 4.67.1	🟢 5.8	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 5 Found 4/7 approved changesets -- score normalized to 5 Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy ⚠️ 0 security policy file not detected CII-Best-Practices 🟢 5 badge detected: Passing Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• pyproject.toml