Skip to content

πŸ”„ Merge development β†’ main (64dfe73) - Review Required#143

Merged
1minds3t merged 6 commits into
mainfrom
development
Jun 7, 2026
Merged

πŸ”„ Merge development β†’ main (64dfe73) - Review Required#143
1minds3t merged 6 commits into
mainfrom
development

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

⚠️ Manual Review Required

This PR is ready to merge but requires manual review due to failed commits in the history.

Summary

Pre-filled Merge Commit Message

When you click "Merge pull request", GitHub will use this default message. Edit it to document what was fixed:

Merge development to main (64dfe73)

5 commits merged after manual review.
Some commits had CI failures but issues were resolved:  64dfe73 84b20ed 4c6f821

Changes:
- [Add your summary of key changes here]
- [Document what was fixed from failed commits]

Instructions

  1. Click "Files changed" tab to review the diff
  2. Resolve any conflicts if present (shouldn't be any usually)
  3. Edit the merge commit message above when merging
  4. Click "Merge pull request" when ready

@vercel

vercel Bot commented Jun 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
omnipkg Ready Ready Preview, Comment Jun 7, 2026 7:30pm

@deepsource-io

deepsource-io Bot commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

DeepSource Code Review

We reviewed changes in 8eb50cf...4e273a3 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSourceΒ β†—

PR Report Card

Overall GradeΒ Β  SecurityΒ Β 

ReliabilityΒ Β 

ComplexityΒ Β 

HygieneΒ Β 

Code Review Summary

Analyzer Status Updated (UTC) Details
Python Jun 7, 2026 7:29p.m. ReviewΒ β†—

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@socket-security

socket-security Bot commented Jun 7, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedscipy@​1.12.07610010010070
Addedscipy@​1.13.07610010010070
Addedscipy@​1.15.07610010010070
Addednumpy@​2.2.67510010010070
Addednumpy@​2.3.57510010010070
Addedpandas@​2.2.17610010010080
Addedpandas@​2.2.37610010010080
Addedpandas@​2.3.37610010010080

View full report

Modified:
  β€’ src/omnipkg/core.py (+2/-1 lines)
  β€’ pyproject.toml (+1/-1 lines)

[gitship-generated]
@sonarqubecloud

sonarqubecloud Bot commented Jun 7, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jun 7, 2026

Copy link
Copy Markdown
Contributor Author

Dependency Review

The following issues were found:
  • βœ… 0 vulnerable package(s)
  • βœ… 0 package(s) with incompatible licenses
  • βœ… 0 package(s) with invalid SPDX license definitions
  • ⚠️ 11 package(s) with unknown licenses.
See the Details below.

License Issues

requirements.txt

PackageVersionLicenseIssue Type
aiohttp3.14.0NullUnknown License
cyclonedx-python-lib11.8.0NullUnknown License
filelock3.29.1NullUnknown License
flask-cors6.0.3NullUnknown License
idna3.18NullUnknown License
joserfc1.7.0NullUnknown License
platformdirs4.10.0NullUnknown License
typer0.26.7NullUnknown License
uv0.11.19NullUnknown License
uv-ffi0.10.8.post15NullUnknown License

setup.py

PackageVersionLicenseIssue Type
omnipkg3.4.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/aiohappyeyeballs 2.6.2 UnknownUnknown
pip/aiohttp 3.14.0 UnknownUnknown
pip/attrs 26.1.0 UnknownUnknown
pip/authlib 1.7.2 UnknownUnknown
pip/certifi 2026.5.20 🟒 5.8
Details
CheckScoreReason
Binary-Artifacts🟒 10no binaries found in the repo
Maintained🟒 78 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
Security-Policy🟒 10security policy file detected
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Token-Permissions🟒 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟒 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟒 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟒 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/click 8.4.1 UnknownUnknown
pip/cryptography 48.0.0 UnknownUnknown
pip/cyclonedx-python-lib 11.8.0 UnknownUnknown
pip/filelock 3.29.1 UnknownUnknown
pip/flask-cors 6.0.3 UnknownUnknown
pip/idna 3.18 UnknownUnknown
pip/joserfc 1.7.0 UnknownUnknown
pip/markdown-it-py 4.2.0 UnknownUnknown
pip/packaging 26.2 UnknownUnknown
pip/platformdirs 4.10.0 UnknownUnknown
pip/propcache 0.5.2 UnknownUnknown
pip/requests 2.34.2 UnknownUnknown
pip/rich 15.0.0 UnknownUnknown
pip/tomli 2.4.1 UnknownUnknown
pip/typer 0.26.7 UnknownUnknown
pip/urllib3 2.7.0 UnknownUnknown
pip/uv 0.11.19 UnknownUnknown
pip/uv-ffi 0.10.8.post15 🟒 4.5
Details
CheckScoreReason
CI-Tests⚠️ -1no pull request found
Dependency-Update-Tool🟒 10update tool detected
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟒 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟒 10no binaries found in the repo
Security-Policy🟒 10security policy file detected
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
CII-Best-Practices⚠️ 2badge detected: InProgress
SAST🟒 10SAST tool detected: CodeQL
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟒 9license file detected
Vulnerabilities⚠️ 020 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟒 6branch protection is not maximal on development and all release branches
Packaging🟒 10packaging workflow detected
Contributors🟒 6project has 2 contributing companies or organizations -- score normalized to 6
pip/werkzeug 3.1.8 UnknownUnknown
pip/yarl 1.24.2 🟒 6.4
Details
CheckScoreReason
Code-Review⚠️ 2Found 4/20 approved changesets -- score normalized to 2
Maintained🟒 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟒 10no binaries found in the repo
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟒 10project is fuzzed
License🟒 10license file detected
Security-Policy🟒 10security policy file detected
Packaging🟒 10packaging workflow detected
SAST🟒 10SAST tool is run on all commits
Branch-Protection🟒 3branch protection is not maximal on development and all release branches
Signed-Releases🟒 43 out of the last 5 releases have a total of 3 signed artifacts.
pip/omnipkg 3.4.0 UnknownUnknown

Scanned Files

  • requirements.txt
  • setup.py

@github-actions github-actions Bot changed the title πŸ”„ Merge development β†’ main (84b20ed) - Review Required πŸ”„ Merge development β†’ main (64dfe73) - Review Required Jun 7, 2026
@github-actions github-actions Bot changed the title πŸ”„ Merge development β†’ main (64dfe73) - Review Required πŸ”„ Merge development β†’ main (4e273a3) - Review Required Jun 7, 2026
@github-actions github-actions Bot changed the title πŸ”„ Merge development β†’ main (4e273a3) - Review Required πŸ”„ Merge development β†’ main (64dfe73) - Review Required Jun 7, 2026
@1minds3t
1minds3t merged commit c3696b0 into main Jun 7, 2026
162 of 178 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant