Deps: Bump the python-packages group with 7 updates

[dependabot]

Bumps the python-packages group with 7 updates:

Package	From	To
codespell	2.3.0	2.4.1
ruff	0.9.2	0.9.4
black	24.10.0	25.1.0
certifi	2024.12.14	2025.1.31
h2	4.1.0	4.2.0
hpack	4.0.0	4.1.0
hyperframe	6.0.1	6.1.0

Updates codespell from 2.3.0 to 2.4.1

Release notes

Sourced from codespell's releases.

v2.4.1

What's Changed

• Revert hep->heap, help, in dictionary_rare.txt from #3461 by @​jpivarski in codespell-project/codespell#3624

New Contributors

• @​jpivarski made their first contribution in codespell-project/codespell#3624

Full Changelog: codespell-project/codespell@v2.4.0...v2.4.1

v2.4.0

What's Changed

• Exclude bots from generated release notes by @​hugovk in codespell-project/codespell#3432
• Refactor: Move some code to new files for reuse by @​nthykier in codespell-project/codespell#3434
• Add equipmnet->equipment by @​korverdev in codespell-project/codespell#3438
• Set better project description by @​mtelka in codespell-project/codespell#3435
• Additional en-GB → en-US entries by @​DimitriPapadopoulos in codespell-project/codespell#3058
• Consistent error messages by @​DimitriPapadopoulos in codespell-project/codespell#3440
• Add 'driven' as 'drivin' variant by @​korverdev in codespell-project/codespell#3441
• More typos by @​DimitriPapadopoulos in codespell-project/codespell#3439
• Add reusing misspelling and variants by @​korverdev in codespell-project/codespell#3445
• Add typos found in Emacs and elsewhere by @​skangas in codespell-project/codespell#3447
• MAINT: Fix codecov by @​larsoner in codespell-project/codespell#3451
• Add typos found in GNU Guile by @​skangas in codespell-project/codespell#3448
• Add corrections from Aspell (fix #3356) by @​skangas in codespell-project/codespell#3453
• Add entries to dictionary_informal.txt by @​skangas in codespell-project/codespell#3456
• Add rare typo lien->line by @​skangas in codespell-project/codespell#3460
• Add rare typo firs->first by @​skangas in codespell-project/codespell#3459
• Add rare typo hep->heap, help, by @​skangas in codespell-project/codespell#3461
• Add rare typo brunch->branch by @​skangas in codespell-project/codespell#3458
• Add corrections from typos dictionary (A1) by @​skangas in codespell-project/codespell#3450
• Add timestmp->timestamp and its variations by @​fkmy in codespell-project/codespell#3464
• Add .venv to .gitignore by @​skangas in codespell-project/codespell#3466
• Only accept documented choices after -i and -q by @​DimitriPapadopoulos in codespell-project/codespell#3344
• Move assertIn to the code dictionary as it's a Python test function by @​peternewman in codespell-project/codespell#3469
• Add some more typos by @​skangas in codespell-project/codespell#3468
• Add some typos from Emacs by @​skangas in codespell-project/codespell#3471
• Add corrections from typos dictionary (A2) by @​skangas in codespell-project/codespell#3454
• Add variations for words starting with non- by @​skangas in codespell-project/codespell#3467
• Update "Using a config file" README entry by @​oddhack in codespell-project/codespell#3478
• Add two choices for verision typo fix by @​yarikoptic in codespell-project/codespell#3252
• fix typo by @​spaette in codespell-project/codespell#3479
• [pre-commit.ci] pre-commit manual update (ruff 0.5.0) by @​DimitriPapadopoulos in codespell-project/codespell#3481
• Add trusthworth(y|iness)->trustworth(y|iness) correction. by @​cfi-gb in codespell-project/codespell#3482
• Add thrustworth(y|iness)->trustworth(y|iness). by @​cfi-gb in codespell-project/codespell#3483
• New typos by @​gforcada in codespell-project/codespell#3484
• add enrol->enroll to en-GB to en-US dictionary by @​slitvackwinkler in codespell-project/codespell#3485

... (truncated)

Commits

• 63c8f83 Revert hep->heap, help, in dictionary_rare.txt from #3461 (#3624)
• db0100e Run pytest GitHub Action on an ARM processor (#3619)
• c6bdc1f [pre-commit.ci] autoupdate less frequently
• 654b3ed Run ruff format
• 913871e Apply ruff/flake8-pytest-style rule PT006
• b782f25 Changes for ruff 0.9.1
• 9c3a652 [pre-commit.ci] pre-commit autoupdate
• 2626491 Remove socioeconomic entries
• ec57cff Add spelling correction for denila and variant.
• 2acfc37 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates ruff from 0.9.2 to 0.9.4

Release notes

Sourced from ruff's releases.

0.9.4

Release Notes

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

Contributors

• @​AlexWaygood
• @​Garrett-R
• @​InSyncWithFoo
• @​JelleZijlstra
• @​Lee-W
• @​MichaReiser
• @​charliermarsh
• @​dcreager
• @​dhruvmanila
• @​dylwil3

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.4

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

0.9.3

Preview features

• [airflow] Argument fail_stop in DAG has been renamed as fail_fast (AIR302) (#15633)
• [airflow] Extend AIR303 with more symbols (#15611)
• [flake8-bandit] Report all references to suspicious functions (S3) (#15541)
• [flake8-pytest-style] Do not emit diagnostics for empty for loops (PT012, PT031) (#15542)
• [flake8-simplify] Avoid double negations (SIM103) (#15562)
• [pyflakes] Fix infinite loop with unused local import in __init__.py (F401) (#15517)
• [pylint] Do not report methods with only one EM101-compatible raise (PLR6301) (#15507)
• [pylint] Implement redefined-slots-in-subclass (W0244) (#9640)

... (truncated)

Commits

• 854ab03 Bump version to 0.9.4 (#15831)
• b0b8b06 Remove semicolon after TypeScript interface definition (#15827)
• 451f251 [red-knot] Clarify behavior when redeclaring base class attributes (#15826)
• 13cf3e6 [flake8-comprehensions] Parenthesize sorted when needed for `unnecessary-...
• 56f956a [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (...
• 7a10a40 [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• 3125332 [red-knot] Format mdtest snippets with the latest version of black (#15819)
• 15d886a [red-knot] Consider all definitions after terminal statements unreachable (#1...
• e1c9d10 [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambd...
• 23c9884 Preserve quotes in generated f-strings (#15794)
• Additional commits viewable in compare view

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

• If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

• 8a737e7 Prepare release 25.1.0 (#4563)
• d330dee docs: We're not going to use backslashes for the with statement (#4564)
• 3d81290 Move wrap_long_dict_values_in_parens to the preview style (#4561)
• 459562c Improve function declaration wrapping when it contains generic type definitio...
• 99dbf30 Cache executor to avoid hitting open file limits (#4560)
• c0b92f3 Prepare the 2025 stable style (#4558)
• e58baf1 Add test for #1187 (#4559)
• 1455ae4 Fix docs CI (#4555)
• 584d033 fix: Don't remove parenthesis around long dictionary values (#4377)
• 6e96540 Fix CI (#4551)
• Additional commits viewable in compare view

Updates certifi from 2024.12.14 to 2025.1.31

Commits

• 088f931 2025.01.31 (#336)
• 1c17795 Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4 (#335)
• a2e88f0 Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#334)
• 82284ed Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#333)
• 10d3d1d Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#332)
• See full diff in compare view

Updates h2 from 4.1.0 to 4.2.0

Changelog

Sourced from h2's changelog.

4.2.0 (2025-02-01)

API Changes (Backward Incompatible)

• Support for Python 3.6 has been removed.
• Support for Python 3.7 has been removed.
• Support for Python 3.8 has been removed.
• Remove mistakenly set max_inbound_frame_size attribute on H2Stream.

API Changes (Backward Compatible)

• Support for Python 3.11 has been added.
• Support for Python 3.12 has been added.
• Support for Python 3.13 has been added.
• Add an ability to send outbound cookies separately to improve headers compression.
• Updated packaging and testing infrastructure.

Bugfixes

• Fix repr() checks for Python 3.11
• Fix asyncio / wsgi examples.
• Clarify docs on using curl with http2.

Commits

• dacd614 v4.2.0
• 0b98b24 tests: linting++
• 9bfb877 fix backward-compatibility of semi-public API for #1275
• 3f5a608 linting++
• 01c080a enable type checking using mypy
• 1acf9c1 add typing information
• 82d97da clarify RequestReceived CONTINUATION frame behavior
• ee4fa16 migrate tox.ini into pyproject.toml
• b0485e9 bump codecov integration
• 20c8e71 update changelog
• Additional commits viewable in compare view

Updates hpack from 4.0.0 to 4.1.0

Changelog

Sourced from hpack's changelog.

4.1.0 (2025-01-22)

API Changes (Backward Incompatible)

• Support for Python 3.6 has been removed.
• Support for Python 3.7 has been removed.
• Support for Python 3.8 has been removed.
• Renamed InvalidTableIndex exception to InvalidTableIndexError.

API Changes (Backward Compatible)

• Support for Python 3.9 has been added.
• Support for Python 3.10 has been added.
• Support for Python 3.11 has been added.
• Support for Python 3.12 has been added.
• Support for Python 3.13 has been added.
• Optimized bytes encoding of headers.
• Updated packaging and testing infrastructure.
• Code cleanup and linting.
• Added type hints.

Commits

• d78d4cb v4.1.0
• 27e8a86 lint++
• 9a54234 typing++
• 2602e6c add simple code sample to readme
• 53a18de nuke left-over documentation
• ae788d9 migrate tox.ini into pyproject.toml
• 96f12a3 bump codecov integration
• f8ee36b modernize everything
• 131b44c add typing information
• 3789435 add test for full coverage
• Additional commits viewable in compare view

Updates hyperframe from 6.0.1 to 6.1.0

Changelog

Sourced from hyperframe's changelog.

6.1.0 (2025-01-22)

API Changes (Backward Incompatible)

• Support for Python 3.6 has been removed.
• Support for Python 3.7 has been removed.
• Support for Python 3.8 has been removed.

API Changes (Backward Compatible)

• Support for Python 3.10 has been added.
• Support for Python 3.11 has been added.
• Support for Python 3.12 has been added.
• Support for Python 3.13 has been added.
• Updated packaging and testing infrastructure.
• Code cleanup and linting.
• Improved type hints.

Commits

• ab477ba v6.1.0
• 0be70d1 lint++
• 2595cf6 migrate tox.ini into pyproject.toml
• 06993da bump codecov integration
• 5039d79 fix coverage path mapping
• 0b85069 modernize everything
• 48965e0 improve typing information
• b72d64b linting
• 8174dfd update supported Python versions
• 554fcad docs: fix function parameter reference
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 420547e.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
ruff	0.9.4	0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT	Incompatible License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/black	25.1.0	🟢 6.6	Details Check Score Reason Code-Review 🟢 8 Found 24/28 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/certifi	2025.1.31	🟢 7	Details Check Score Reason Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 6 Found 2/3 approved changesets -- score normalized to 6 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/codespell	2.4.1	🟢 7.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/h2	4.2.0	🟢 5.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/hpack	4.1.0	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 4/20 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/hyperframe	6.1.0	🟢 4.8	Details Check Score Reason Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 8 10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8 Code-Review ⚠️ 2 Found 5/23 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/ruff	0.9.4	Unknown	Unknown
pip/codespell	2.4.1	🟢 7.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• poetry.lock
• pyproject.toml

[github-actions]

Conventional Commits Report

Type	Number
Bug Fixes	1
Dependencies	1

🚀 Conventional commits found.