fix(gha)(deps): bump the github-actions group with 7 updates

[dependabot]

Bumps the github-actions group with 7 updates:

Package	From	To
actions/checkout	4.1.4	4.1.5
codacy/codacy-analysis-cli-action	4.4.0	4.4.1
github/codeql-action	3.25.3	3.25.5
eps1lon/actions-label-merge-conflict	3.0.0	3.0.1
codelytv/pr-size-labeler	1.9.0	1.10.0
actions/upload-artifact	4.0.0	4.3.3
ossf/scorecard-action	2.3.1	2.3.3

Updates actions/checkout from 4.1.4 to 4.1.5

Release notes

Sourced from actions/checkout's releases.

v4.1.5

What's Changed

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

Commits

• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• fd084cd Bump github/codeql-action from 2 to 3 (#1694)
• 9c1e94e Update NPM dependencies (#1703)
• See full diff in compare view

Updates codacy/codacy-analysis-cli-action from 4.4.0 to 4.4.1

Commits

• 3ff8e64 feat: build for release
• 275a790 feat: build for release
• See full diff in compare view

Updates github/codeql-action from 3.25.3 to 3.25.5

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.5 - 13 May 2024

• Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
• Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
• The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

• Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

• Update default CodeQL bundle version to 2.17.1. #2247
• Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

• We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235
• Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

• The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

  As a result, the following inputs and environment variables are now ignored:

  • The setup-python-dependencies input to the init Action
  • The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable

  We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.

• Automatically overwrite an existing database if found on the filesystem. #2229

• Bump the minimum CodeQL bundle version to 2.12.6. #2232

• A more relevant log message and a diagnostic are now emitted when the file program is not installed on a Linux runner, but is required for Go tracing to succeed. #2234

3.24.10 - 05 Apr 2024

... (truncated)

Commits

• b7cec75 Merge pull request #2287 from github/update-v3.25.5-4a5197247
• 6778fe4 Update changelog for v3.25.5
• 4a51972 Merge pull request #2280 from github/henrymercer/on-demand-ffs
• a8c32fd Merge pull request #2283 from github/henrymercer/disable-fail-fast
• f73b0b7 Disable fail fast for non-generated workflows
• c59e052 Disable fail fast in generated workflows
• 33e416c Comment that legacyApi is false by default
• 67f8a36 Merge branch 'main' into henrymercer/on-demand-ffs
• 4995c49 Merge pull request #2282 from github/henrymercer/no-build-mode-tracing-improv...
• def4d2c Merge pull request #2273 from github/aeisenberg/specify-versions
• Additional commits viewable in compare view

Updates eps1lon/actions-label-merge-conflict from 3.0.0 to 3.0.1

Release notes

Sourced from eps1lon/actions-label-merge-conflict's releases.

3.0.1

What's Changed

• docs: Added a note about label removal to README.md by @​AlexSkrypnyk in eps1lon/actions-label-merge-conflict#122
• fix: Handle error when label is not available by @​kiblik in eps1lon/actions-label-merge-conflict#123

New Contributors

• @​AlexSkrypnyk made their first contribution in eps1lon/actions-label-merge-conflict#122
• @​kiblik made their first contribution in eps1lon/actions-label-merge-conflict#123

Full Changelog: eps1lon/actions-label-merge-conflict@v3.0.0...v3.0.1

Commits

• 6d74047 fix: Handle error when label is not available (#123)
• e77c7ed docs: Added a note about label removal to README.md (#122)
• 50edcb5 chore(deps): update dependency typescript to v5.4.5 (#120)
• See full diff in compare view

Updates codelytv/pr-size-labeler from 1.9.0 to 1.10.0

Release notes

Sourced from codelytv/pr-size-labeler's releases.

Support for ignoring file deletions

The main change in this release is the ability to ignore file deletions by setting ignore_file_deletions: true. Additionally, there were some documentation updates and tests written to capture regressions.

What's Changed

• Match the whole label with grep by @​lionseal in CodelyTV/pr-size-labeler#65
• chore: use github.api_url as default by @​fty4 in CodelyTV/pr-size-labeler#62
• Improve the existing contribution guide by @​johnlk in CodelyTV/pr-size-labeler#74
• Support ignoring file deletions by @​johnlk in CodelyTV/pr-size-labeler#76
• Fix broken logo link in readme by @​johnlk in CodelyTV/pr-size-labeler#75

New Contributors

• @​lionseal made their first contribution in CodelyTV/pr-size-labeler#65
• @​fty4 made their first contribution in CodelyTV/pr-size-labeler#62

Full Changelog: CodelyTV/pr-size-labeler@v1.9.0...v1.10.0

Commits

• 56f6f0f Fix broken logo link in readme (#75)
• cc6827c Support ignoring file deletions (#76)
• f8dce3e Improve the existing contribution guide (#74)
• 13d17c4 chore: use github.api_url as default (#62)
• 891ac86 add: -w to match the whole label (#65)
• See full diff in compare view

Updates actions/upload-artifact from 4.0.0 to 4.3.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.3

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in actions/upload-artifact#565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in actions/upload-artifact#516
• Minor fix to the migration readme by @​andrewakim in actions/upload-artifact#523
• Update readme with v3/v2/v1 deprecation notice by @​robherley in actions/upload-artifact#561
• updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @​eggyhead in actions/upload-artifact#562

New Contributors

• @​andrewakim made their first contribution in actions/upload-artifact#523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

v4.3.1

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in actions/upload-artifact#504
• Add sub-action to merge artifacts by @​robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

• Ability to overwrite an Artifact by @​robherley in actions/upload-artifact#501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

• Add migrations docs by @​robherley in actions/upload-artifact#482
• Update README.md by @​samuelwine in actions/upload-artifact#492
• Support artifact-url output by @​konradpabjan in actions/upload-artifact#496
• Update readme to reflect new 500 artifact per job limit by @​robherley in actions/upload-artifact#497

New Contributors

• @​samuelwine made their first contribution in actions/upload-artifact#492

Full Changelog: actions/upload-artifact@v4...v4.1.0

Commits

• See full diff in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.3.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in ossf/scorecard-action#1366
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in ossf/scorecard-action#1374
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• 📖 Move token discussion out of main README. by @​spencerschrock in ossf/scorecard-action#1279
• 📖 link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in ossf/scorecard-action#1352
• 📖 update api links to new scorecard.dev site by @​spencerschrock in ossf/scorecard-action#1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

Commits

• dc50aa9 🌱 Bump docker tag for v2.3.3 release (#1368)
• 8ff5700 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
• 8ba5e73 update api links to new scorecard.dev site (#1376)
• 92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
• 6c55905 🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
• 09bb953 🌱 Bump distroless/base in the docker-images group (#1372)
• 1511e13 🌱 Bump the github-actions group across 1 directory with 6 updates (#...
• df66cd8 🌱 Bump the docker-images group with 2 updates (#1370)
• fad9a3c 🌱 Bump distroless/base in the docker-images group (#1364)
• 1e01a30 🌱 Bump the github-actions group with 3 updates (#1365)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/labeler.yml

Package	Version	License	Issue Type
eps1lon/actions-label-merge-conflict	6d74047dcef155976a15e4a124dde2c7fe0c5522	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/codacy/codacy-analysis-cli-action	3ff8e64eb4b714c4bee91b7b4eea31c6fc2c4f93	🟢 4.8	Details Check Score Reason Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/github/codeql-action/upload-sarif	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/codacy/codacy-analysis-cli-action	33d455949345bddfdb845fba76b57b70cc83754b	🟢 4.8	Details Check Score Reason Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/github/codeql-action/upload-sarif	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/analyze	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/github/codeql-action/autobuild	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/github/codeql-action/init	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/analyze	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/github/codeql-action/autobuild	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/github/codeql-action/init	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/upload-sarif	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/upload-sarif	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/codelytv/pr-size-labeler	56f6f0fc35c7cc0f72963b8467729e1120cb4bed	Unknown	Unknown
actions/eps1lon/actions-label-merge-conflict	6d74047dcef155976a15e4a124dde2c7fe0c5522	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 6/9 approved changesets -- score normalized to 6 Maintained 🟢 10 12 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/codelytv/pr-size-labeler	f2aafc4d8735009c6de18acefe15eecbfbfae56f	Unknown	Unknown
actions/eps1lon/actions-label-merge-conflict	e62d7a53ff8be8b97684bffb6cfbbf3fc1115e2e	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 6/9 approved changesets -- score normalized to 6 Maintained 🟢 10 12 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/upload-artifact	65462800fd760344b1a7b4382951275a0abb4808	🟢 6.8	Details Check Score Reason Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 7 3 existing vulnerabilities detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/upload-artifact	c7d193f32edcb7bfad88892161225aeda64e9392	🟢 6.8	Details Check Score Reason Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 7 3 existing vulnerabilities detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/upload-sarif	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/upload-sarif	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/upload-artifact	65462800fd760344b1a7b4382951275a0abb4808	🟢 6.8	Details Check Score Reason Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 7 3 existing vulnerabilities detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
actions/github/codeql-action/upload-sarif	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/ossf/scorecard-action	dc50aa9510b46c811795eb24b2f1ba02a914e534	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 20 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 no vulnerabilities detected
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/upload-artifact	5d5d22a31266ced268874388b861e4b58bb5c2f3	🟢 6.8	Details Check Score Reason Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 7 3 existing vulnerabilities detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
actions/github/codeql-action/upload-sarif	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/ossf/scorecard-action	0864cf19026789058feabb7e87baa5f140aac736	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 20 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 no vulnerabilities detected
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/upload-sarif	b7cec7526559c32f1616476ff32d17ba4c59b2d6	Unknown	Unknown
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/github/codeql-action/upload-sarif	d39d31e687223d841ef683f52467bd88e9b21c14	Unknown	Unknown
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	44c2b7a8a4ea60a981eaca3cf939b5f4305c123b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
actions/actions/checkout	0ad4b8fadaa221de15dcec353f45205ec38ea70b	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4

Scanned Manifest Files

.github/workflows/ci.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/codacy-analysis.yml

• actions/checkout@44c2b7a
• codacy/codacy-analysis-cli-action@3ff8e64
• github/codeql-action@b7cec75
• actions/checkout@0ad4b8f
• codacy/codacy-analysis-cli-action@33d4559
• github/codeql-action@d39d31e

.github/workflows/codeql-analysis.yml

• actions/checkout@44c2b7a
• github/codeql-action@b7cec75
• github/codeql-action@b7cec75
• github/codeql-action@b7cec75
• actions/checkout@0ad4b8f
• github/codeql-action@d39d31e
• github/codeql-action@d39d31e
• github/codeql-action@d39d31e

.github/workflows/commitlint.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/dependency-review.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/devskim-analysis.yml

• actions/checkout@44c2b7a
• github/codeql-action@b7cec75
• actions/checkout@0ad4b8f
• github/codeql-action@d39d31e

.github/workflows/labeler.yml

• CodelyTV/pr-size-labeler@56f6f0f
• eps1lon/actions-label-merge-conflict@6d74047
• CodelyTV/pr-size-labeler@f2aafc4
• eps1lon/actions-label-merge-conflict@e62d7a5

.github/workflows/mega-linter.yml

• actions/checkout@44c2b7a
• actions/upload-artifact@6546280
• actions/checkout@0ad4b8f
• actions/upload-artifact@c7d193f

.github/workflows/mkdocs-pages.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/ossar-analysis.yml

• actions/checkout@44c2b7a
• github/codeql-action@b7cec75
• actions/checkout@0ad4b8f
• github/codeql-action@d39d31e

.github/workflows/pr-lint.yaml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/reuse-check.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/scorecard.yml

• actions/checkout@44c2b7a
• actions/upload-artifact@6546280
• github/codeql-action@b7cec75
• ossf/scorecard-action@dc50aa9
• actions/checkout@0ad4b8f
• actions/upload-artifact@5d5d22a
• github/codeql-action@d39d31e
• ossf/scorecard-action@0864cf1

.github/workflows/semgrep.yml

• actions/checkout@44c2b7a
• github/codeql-action@b7cec75
• actions/checkout@0ad4b8f
• github/codeql-action@d39d31e

.github/workflows/test.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

.github/workflows/write-good.yml

• actions/checkout@44c2b7a
• actions/checkout@0ad4b8f

[github-actions]

Here are some friendly prose warnings from write-good:

In ./AUTHORS.md
=============
are permitted in any medium without royalty provided the copyright
^^^^^^^^^^^^^
"are permitted" may be passive voice on line 8 at column 0
-------------
notice and this notice are preserved.
                       ^^^^^^^^^^^^^
"are preserved" may be passive voice on line 9 at column 23


In ./README.md
=============
is received within a certain time, it means that the web address or the NTP
^^^^^^^^^^^
"is received" may be passive voice on line 27 at column 0
-------------
vailable. If no response is received or an error occurs, it
                         ^^^^^^^^^^^
"is received" may be passive voice on line 28 at column 36
-------------
tion][documentation-url] is made with [Material for MkDocs][mkdocs-material-url]
                         ^^^^^^^
"is made" may be passive voice on line 47 at column 39
-------------
mkdocs-material-url] and is hosted by [GitHub Pages][github-pages-doc-url].
                         ^^^^^^^^^
"is hosted" may be passive voice on line 47 at column 99
-------------
Many thanks to everyone reporting issues.
^^^^
"Many" is a weasel word and can weaken meaning on line 76 at column 0
-------------
checkconnect is distributed under the terms of the
             ^^^^^^^^^^^^^^
"is distributed" may be passive voice on line 82 at column 13


In ./docs/guides/install.md
=============
vailable on PyPI and can be installed with [pip](https://pip.pypa.io).
                         ^^^^^^^^^^^^
"be installed" may be passive voice on line 17 at column 42


In ./docs/index.md
=============
checkconnect is distributed under the terms of the
             ^^^^^^^^^^^^^^
"is distributed" may be passive voice on line 31 at column 13
-------------
AJOR.MINOR' versions can be chosen by using
                         ^^^^^^^^^
"be chosen" may be passive voice on line 36 at column 54
-------------
that have not yet been released.
                  ^^^^^^^^^^^^^
"been released" may be passive voice on line 38 at column 18


In ./docs/community/contributing.md
=============
Thank you for being interested in contributing to checkconnect.
              ^^^^^^^^^^^^^^^^
"being interested" may be passive voice on line 3 at column 14
-------------
There are many ways you can contribute to the project:
          ^^^^
"many" is a weasel word and can weaken meaning on line 4 at column 10
-------------
- [Implement new features](https://github.com/jmuelbert/checkconnect/issues?q=is
   ^^^^^^^^^
"Implement" is wordy or unneeded on line 7 at column 3
-------------
- Participate in discussions
  ^^^^^^^^^^^
"Participate" is wordy or unneeded on line 10 at column 2
-------------
Possible bugs may be raised as a "Potential Issue" discussion, feature requests 
                  ^^^^^^^^^
"be raised" may be passive voice on line 18 at column 18
-------------
be raised as an "Ideas" discussion. We can then determine if the discussion need
^^^^^^^^^
"be raised" may be passive voice on line 19 at column 0
-------------
to be escalated into an "Issue" or not, or if we'd consider a pull request.
   ^^^^^^^^^^^^
"be escalated" may be passive voice on line 20 at column 3
-------------
Build and validate the documentation website:
          ^^^^^^^^
"validate" is wordy or unneeded on line 106 at column 10


In ./docs/community/code_of_conduct.md
=============
- Giving and gracefully accepting constructive feedback
             ^^^^^^^^^^
"gracefully" can weaken meaning on line 22 at column 13
-------------
sing on what is best not just for us as individuals, but for the
                         ^^^^
"just" can weaken meaning on line 25 at column 31
-------------
  overall community
  ^^^^^^^
"overall" is wordy or unneeded on line 26 at column 2
-------------
t which could reasonably be considered inappropriate in a
                         ^^^^^^^^^^^^^
"be considered" may be passive voice on line 37 at column 39
-------------
nacceptable behavior may be
                         ^^^^^^^^^^^
"be
reported" may be passive voice on line 62 at column 72
-------------
il]. All complaints will be reviewed and
                         ^^^^^^^^^^^
"be reviewed" may be passive voice on line 64 at column 51
-------------
investigated promptly and fairly.
             ^^^^^^^^
"promptly" can weaken meaning on line 65 at column 13
-------------
nvestigated promptly and fairly.
                         ^^^^^^
"fairly" is a weasel word and can weaken meaning on line 65 at column 26
-------------
All community leaders are obligated to respect the privacy and security of
                      ^^^^^^^^^^^^^
"are obligated" may be passive voice on line 67 at column 22
-------------
te. A public apology may be requested.
                         ^^^^^^^^^^^^
"be requested" may be passive voice on line 83 at column 57
-------------
ing the Code of Conduct, is allowed during
                         ^^^^^^^^^^
"is allowed" may be passive voice on line 105 at column 54
-------------
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
                     ^^^^^^^^^^
"is adapted" may be passive voice on line 120 at column 21
-------------
munity Impact Guidelines were inspired by
                         ^^^^^^^^^^^^^
"were inspired" may be passive voice on line 124 at column 28


In ./docs/about/EUPL-1.2.md
=============
(as defined below) which is provided under the
                         ^^^^^^^^^^^
"is provided" may be passive voice on line 4 at column 93
-------------
rised under this Licence is prohibited (to the extent such
                         ^^^^^^^^^^^^^
"is prohibited" may be passive voice on line 5 at column 88
-------------
use is covered by a right of the copyright holder of the Work).
    ^^^^^^^^^^
"is covered" may be passive voice on line 6 at column 4
-------------
The Work is provided under the terms of this Licence when the Licensor (as defin
         ^^^^^^^^^^^
"is provided" may be passive voice on line 7 at column 9
-------------
notice immediately following the copyright notice for the Work:
       ^^^^^^^^^^^
"immediately" can weaken meaning on line 8 at column 7
-------------
s or software that could be created by the Licensee, based upon the Original Wor
                         ^^^^^^^^^^
"be created" may be passive voice on line 18 at column 54
-------------
required in order to classify a work as a Derivative Work; this extent is determ
         ^^^^^^^^^^^
"in order to" is wordy or unneeded on line 20 at column 9
-------------
vative Work; this extent is determined by copyright law applicable in
                         ^^^^^^^^^^^^^
"is determined" may be passive voice on line 20 at column 71
-------------
modify.
^^^^^^
"modify" is wordy or unneeded on line 24 at column 0
-------------
code which has generally been compiled and which is meant to be interpreted by
                         ^^^^^^^^^^^^^
"been compiled" may be passive voice on line 25 at column 53
-------------
 been compiled and which is meant to be interpreted by
                         ^^^^^^^^
"is meant" may be passive voice on line 25 at column 77
-------------
ed and which is meant to be interpreted by
                         ^^^^^^^^^^^^^^
"be interpreted" may be passive voice on line 25 at column 89
-------------
nce to do the following, for
                         ^^^^^^^^^^^^^^^^^^^
"for
the duration of" is wordy or unneeded on line 37 at column 116
-------------
* modify the Work, and make Derivative Works based upon the Work,
  ^^^^^^
"modify" is wordy or unneeded on line 42 at column 2
-------------
Those rights can be exercised on any media, supports and formats, whether now kn
                 ^^^^^^^^^^^^
"be exercised" may be passive voice on line 49 at column 17
-------------
by law in order to make effective the licence of the economic rights here above 
       ^^^^^^^^^^^
"in order to" is wordy or unneeded on line 52 at column 7
-------------
utable Code. If the Work is provided as
                         ^^^^^^^^^^^
"is provided" may be passive voice on line 57 at column 101
-------------
e, the Licensor provides in addition a machine-readable copy of the Source Code 
                         ^^^^^^^^^^^
"in addition" is wordy or unneeded on line 58 at column 39
-------------
where the Source Code is easily and freely accessible for as long as the Licenso
                         ^^^^^^
"easily" can weaken meaning on line 60 at column 48
-------------
Nothing in this Licence is intended to deprive the Licensee of the benefits from
                        ^^^^^^^^^^^
"is intended" may be passive voice on line 64 at column 24
-------------
on right:** The Licensee shall keep intact all copyright, patent or trademarks n
                         ^^^^^
"shall" is wordy or unneeded on line 72 at column 36
-------------
tating that the Work has been modified and the date of modification.
                         ^^^^^^^^^^^^^
"been modified" may be passive voice on line 75 at column 53
-------------
on or Communication will be done under the terms of this Licence or of a later v
                         ^^^^^^^
"be done" may be passive voice on line 78 at column 35
-------------
is expressly distributed only under this version of the Licence — for example by
                         ^^^^
"only" can weaken meaning on line 79 at column 43
-------------
�EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any 
             ^^^^
"only" can weaken meaning on line 80 at column 13
-------------
nnot offer or impose any additional terms or conditions on the
                         ^^^^^^^^^^
"additional" is wordy or unneeded on line 80 at column 80
-------------
ion or Communication can be done
                         ^^^^^^^
"be done" may be passive voice on line 84 at column 102
-------------
f the Compatible Licence shall prevail.
                         ^^^^^
"shall" is wordy or unneeded on line 87 at column 82
-------------
py of the Source Code or indicate a repository where this Source will be easily 
                         ^^^^^^^^
"indicate" is wordy or unneeded on line 90 at column 46
-------------
here this Source will be easily and freely available
                         ^^^^^^
"easily" can weaken meaning on line 90 at column 94
-------------
l Work granted hereunder is owned by him/her or
                         ^^^^^^^^
"is owned" may be passive voice on line 98 at column 89
-------------
e/she brings to the Work are owned by him/her or
                         ^^^^^^^^^
"are owned" may be passive voice on line 100 at column 92
-------------
he original Licensor and subsequent Contributors grant You a licence to their co
                         ^^^^^^^^^^
"subsequent" is wordy or unneeded on line 102 at column 60
-------------
continuously improved by numerous Contributors. It is not a finished work
                         ^^^^^^^^
"numerous" is wordy or unneeded on line 106 at column 66
-------------
y numerous Contributors. It is not a finished work
                         ^^^^^
"It is" is wordy or unneeded on line 106 at column 89
-------------
and may therefore contain defects or ‘bugs’ inherent to this type of development
        ^^^^^^^^^
"therefore" is wordy or unneeded on line 107 at column 8
-------------
 ‘bugs’ inherent to this type of development.
                         ^^^^^^^
"type of" is wordy or unneeded on line 107 at column 61
-------------
e above reason, the Work is provided under the Licence on an ‘as is’ basis and w
                         ^^^^^^^^^^^
"is provided" may be passive voice on line 108 at column 31
-------------
concerning the Work, including without limitation merchantability, fitness for a
^^^^^^^^^^
"concerning" is wordy or unneeded on line 109 at column 0
-------------
even if the Licensor has been advised of the possibility of such damage. However
                         ^^^^^^^^^^^^
"been advised" may be passive voice on line 118 at column 59
-------------
sibility of such damage. However,
                         ^^^^^^^
"However" is wordy or unneeded on line 118 at column 107
-------------
## 9.Additional agreements
     ^^^^^^^^^^
"Additional" is wordy or unneeded on line 121 at column 5
-------------
ay choose to conclude an additional agreement, defining obligations or services
                         ^^^^^^^^^^
"additional" is wordy or unneeded on line 122 at column 59
-------------
stent with this Licence. However, if accepting obligations, You may act only on 
                         ^^^^^^^
"However" is wordy or unneeded on line 123 at column 30
-------------
obligations, You may act only on your own behalf and on your sole
                         ^^^^
"only" can weaken meaning on line 123 at column 77
-------------
y other Contributor, and only if You agree to indemnify,
                         ^^^^
"only" can weaken meaning on line 124 at column 85
-------------
accepted any warranty or additional liability.
                         ^^^^^^^^^^
"additional" is wordy or unneeded on line 126 at column 43
-------------
ions of this Licence can be accepted by clicking on an icon ‘I agree’ placed und
                         ^^^^^^^^^^^
"be accepted" may be passive voice on line 129 at column 35
-------------
n any other similar way, in accordance with the rules of
                         ^^^^^^^^^^^^^^^^^^
"in accordance with" is wordy or unneeded on line 130 at column 86
-------------
ance of this Licence and all of its terms
                         ^^^^^^
"all of" is wordy or unneeded on line 131 at column 106
-------------
 accept this Licence and all of its terms and conditions by exercising any right
                         ^^^^^^
"all of" is wordy or unneeded on line 133 at column 51
-------------
ommunication of the Work by means of electronic communication by You (for exampl
                         ^^^^^^^^^^^
"by means of" is wordy or unneeded on line 138 at column 57
-------------
ed by the applicable law regarding the Licensor, the Licence
                         ^^^^^^^^^
"regarding" is wordy or unneeded on line 140 at column 84
-------------
s granted hereunder will terminate automatically upon any breach by the Licensee
                         ^^^^^^^^^
"terminate" is wordy or unneeded on line 144 at column 50
-------------
h a termination will not terminate the licences of any person who has received t
                         ^^^^^^^^^
"terminate" is wordy or unneeded on line 146 at column 28
-------------
ment between the Parties as to the
                         ^^^^^
"as to" is wordy or unneeded on line 150 at column 104
-------------
ole. Such provision will be construed or reformed so as necessary to make it val
                         ^^^^^^^^^^^^
"be construed" may be passive voice on line 153 at column 62
-------------
he Appendix, so far this is required and reasonable, without reducing the scope 
                         ^^^^^^^^^^^
"is required" may be passive voice on line 156 at column 26
-------------
ions of the Licence will be published with a unique version number.
                         ^^^^^^^^^^^^
"be published" may be passive voice on line 157 at column 33
-------------
* this Licence shall be governed by the law of the European Union Member State w
               ^^^^^
"shall" is wordy or unneeded on line 173 at column 15
-------------
* this Licence shall be governed by the law of the European Union Member State w
                     ^^^^^^^^^^^
"be governed" may be passive voice on line 173 at column 21
-------------
* this licence shall be governed by Belgian law if the Licensor has no seat, res
               ^^^^^
"shall" is wordy or unneeded on line 175 at column 15
-------------
* this licence shall be governed by Belgian law if the Licensor has no seat, res
                     ^^^^^^^^^^^
"be governed" may be passive voice on line 175 at column 21
-------------
he Licensor has no seat, residence or registered office inside
                         ^^^^^^^^^
"residence" is wordy or unneeded on line 175 at column 77


In ./docs/developer/changelog.md
=============
ges to CheckConnect will be documented in this file.
                         ^^^^^^^^^^^^^
"be documented" may be passive voice on line 5 at column 41
-------------
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
           ^^^^^^^^
"is based" may be passive voice on line 7 at column 11


In ./CHANGELOG.md
=============
ges to this project will be documented in this file.
                         ^^^^^^^^^^^^^
"be documented" may be passive voice on line 3 at column 41
-------------
The format is based on
           ^^^^^^^^
"is based" may be passive voice on line 5 at column 11


In ./SECURITY.md
=============
 the moment checkconnect only considers the very latest commit to be
                         ^^^^
"only" can weaken meaning on line 5 at column 27
-------------
nnect only considers the very latest commit to be
                         ^^^^
"very" is a weasel word and can weaken meaning on line 5 at column 46
-------------
he very latest commit to be
                         ^^^^^^^^^^^^
"be
supported" may be passive voice on line 5 at column 68
-------------
automated updates to minimize the time between vulnerability publication
                     ^^^^^^^^
"minimize" is wordy or unneeded on line 7 at column 21
-------------
In the near future we will introduce versioning, so expect this section to
^^^^^^^^^^^^^^^^^^
"In the near future" is wordy or unneeded on line 15 at column 0


In ./.github/CONTRIBUTING.md
=============
Feel free to submit early, though—we can always iterate on this.
                    ^^^^^
"early" can weaken meaning on line 65 at column 20
-------------
It is recommended to open an issue before starting work on anything.
^^^^^
"It is" is wordy or unneeded on line 67 at column 0
-------------
It is recommended to open an issue before starting work on anything.
   ^^^^^^^^^^^^^^
"is recommended" may be passive voice on line 67 at column 3
-------------
over with the owners and validate your approach.
                         ^^^^^^^^
"validate" is wordy or unneeded on line 68 at column 61
-------------
- The PR should be labelled with the kind of change (see below).
                ^^^^^^^^^^^
"be labelled" may be passive voice on line 78 at column 16
-------------
 of the merge button, if it is not shown.)
                         ^^^^^
"it is" is wordy or unneeded on line 100 at column 70
-------------
sts for the release have been merged.
                         ^^^^^^^^^^^
"been merged" may be passive voice on line 110 at column 41
-------------
Releases are made by publishing a GitHub Release.
         ^^^^^^^^
"are made" may be passive voice on line 113 at column 9
-------------
A draft release is being maintained based on merged pull requests.
                   ^^^^^^^^^^^^^^^^
"being maintained" may be passive voice on line 114 at column 19
-------------
ollowing automated steps are triggered:
                         ^^^^^^^^^^^^^
"are triggered" may be passive voice on line 126 at column 60
-------------
- The Git tag is applied to the repository.
              ^^^^^^^^^^
"is applied" may be passive voice on line 128 at column 14
-------------
<!-- github-only -->
            ^^^^
"only" can weaken meaning on line 141 at column 12


In ./.github/PULL_REQUEST_TEMPLATE.md
=============
s one or more issues, or is related to
                         ^^^^^^^^^^
"is related" may be passive voice on line 11 at column 55
-------------
## How Has This Been Tested?
                ^^^^^^^^^^^
"Been Tested" may be passive voice on line 20 at column 16
-------------
request before all these are done, but
                         ^^^^^^^^
"are done" may be passive voice on line 31 at column 51
-------------
     they should be done before getting merged. -->
                 ^^^^^^^
"be done" may be passive voice on line 32 at column 17
-------------
 If the key of a setting is changed, the 'old' attribute is updated or
                         ^^^^^^^^^^
"is changed" may be passive voice on line 34 at column 30
-------------
ged, the 'old' attribute is updated or
                         ^^^^^^^^^^
"is updated" may be passive voice on line 34 at column 62
-------------
      it is resolved in SettingsUpdater.
      ^^^^^
"it is" is wordy or unneeded on line 35 at column 6
-------------
      it is resolved in SettingsUpdater.
         ^^^^^^^^^^^
"is resolved" may be passive voice on line 35 at column 9
-------------
hanges are notable, they are documented in
                         ^^^^^^^^^^^^^^
"are documented" may be passive voice on line 38 at column 41
-------------
## Additional text
   ^^^^^^^^^^
"Additional" is wordy or unneeded on line 41 at column 3
-------------
the translations need to be updated. --->
                         ^^^^^^^^^^
"be updated" may be passive voice on line 44 at column 45


In ./.github/CODE_OF_CONDUCT.md
=============
- Giving and gracefully accepting constructive feedback
             ^^^^^^^^^^
"gracefully" can weaken meaning on line 22 at column 13
-------------
sing on what is best not just for us as individuals, but for the
                         ^^^^
"just" can weaken meaning on line 25 at column 31
-------------
  overall community
  ^^^^^^^
"overall" is wordy or unneeded on line 26 at column 2
-------------
t which could reasonably be considered inappropriate in a
                         ^^^^^^^^^^^^^
"be considered" may be passive voice on line 37 at column 39
-------------
nacceptable behavior may be
                         ^^^^^^^^^^^
"be
reported" may be passive voice on line 62 at column 72
-------------
il]. All complaints will be reviewed and
                         ^^^^^^^^^^^
"be reviewed" may be passive voice on line 64 at column 51
-------------
investigated promptly and fairly.
             ^^^^^^^^
"promptly" can weaken meaning on line 65 at column 13
-------------
nvestigated promptly and fairly.
                         ^^^^^^
"fairly" is a weasel word and can weaken meaning on line 65 at column 26
-------------
All community leaders are obligated to respect the privacy and security of
                      ^^^^^^^^^^^^^
"are obligated" may be passive voice on line 67 at column 22
-------------
te. A public apology may be requested.
                         ^^^^^^^^^^^^
"be requested" may be passive voice on line 83 at column 57
-------------
ing the Code of Conduct, is allowed during
                         ^^^^^^^^^^
"is allowed" may be passive voice on line 105 at column 54
-------------
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
                     ^^^^^^^^^^
"is adapted" may be passive voice on line 120 at column 21
-------------
munity Impact Guidelines were inspired by
                         ^^^^^^^^^^^^^
"were inspired" may be passive voice on line 124 at column 28