testing a thing #20133

altendky · 2025-10-06T18:02:11Z

do a poetry lock in pre-commit poetry check
only precommit poetry for relevant changes
non-shallow for poetry
initial changes
poetry fix
Address ruff
Install scripts issues
Experiment a little bit
Okay now try for rocky linux and use 3.12 instead
Remove the now unused thing
Use dnf for consistency
Simplify installations
Still need git
relock poetry with 2.2.0
relock poetry with 2.2.0

Purpose:

Current Behavior:

New Behavior:

Testing Notes:

socket-security · 2025-10-06T18:02:31Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	License
	pypi/psutil@6.1.0
	pypi/pyinstaller@6.15.0 ⏵ 6.9.0
	pypi/pywin32@311 ⏵ 306
	pypi/pip@24.2
	pypi/mypy@1.11.1
	pypi/pytest@8.4.1 ⏵ 8.3.3
	pypi/prompt-toolkit@3.0.51 ⏵ 3.0.52	⁺¹
	pypi/clvm-tools-rs@0.1.48 ⏵ 0.1.45
	pypi/gitpython@3.1.44 ⏵ 3.1.45
	pypi/pre-commit@3.7.1
	pypi/bitarray@3.0.0 ⏵ 2.8.2	⁺¹
	pypi/click@8.1.8 ⏵ 8.1.7	^-1
	pypi/virtualenv@20.26.6 ⏵ 20.24.5
	pypi/pygments@2.19.1 ⏵ 2.16.1
	pypi/pyinstaller-hooks-contrib@2025.8 ⏵ 2024.7	⁺¹
	pypi/coverage@7.6.4
	pypi/dnspython@2.7.0 ⏵ 2.6.1	⁺¹
	pypi/clvm-tools@0.4.9
	pypi/anyio@4.6.2.post1
	pypi/aiohttp@3.10.4
	pypi/build@1.2.1
	pypi/dnslib@0.9.25
	pypi/aiohappyeyeballs@2.6.1 ⏵ 2.3.5
	pypi/botocore@1.40.37 ⏵ 1.35.43
	pypi/cryptography@45.0.7 ⏵ 43.0.1
	pypi/cffi@1.17.1 ⏵ 1.16.0	⁺¹
	pypi/nodeenv@1.9.0 ⏵ 1.8.0
	pypi/diff-cover@9.6.0 ⏵ 9.2.0			⁺²⁰
	pypi/concurrent-log-handler@0.9.25
	pypi/jinja2@3.1.6 ⏵ 3.1.4
	pypi/lxml@5.2.2
	pypi/aiosignal@1.4.0 ⏵ 1.3.1		^-1
See 20 more rows in the dashboard

View full report

socket-security · 2025-10-06T18:02:33Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1/LICENSE) From: poetry.lock → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.11.1.dist-info/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: GPL-2.0 (pyinstaller_hooks_contrib-2024.7/PKG-INFO) License: GPL-2.0 (pyinstaller_hooks_contrib-2024.7/LICENSE) License: GPL-2.0 (pyinstaller_hooks_contrib-2024.7/LICENSE) From: poetry.lock → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pypi/[email protected]` has a License Policy Violation. License: GPL-2.0-or-later (pyinstaller_hooks_contrib-2024.7.dist-info/LICENSE) License: GPL-2.0 (pyinstaller_hooks_contrib-2024.7.dist-info/LICENSE) License: GPL-2.0 (pyinstaller_hooks_contrib-2024.7.dist-info/METADATA) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 35 more rows in the dashboard

View full report

altendky and others added 20 commits July 16, 2025 19:27

do a poetry lock in pre-commit poetry check

eccba6d

only precommit poetry for relevant changes

d4dc7b2

non-shallow for poetry

1f1d7ee

Merge branch 'main' into retain_chiabip

88ae0d6

initial changes

ef9e138

poetry fix

f6b5f73

Address ruff

1b4ead5

Install scripts issues

abcb987

Experiment a little bit

3308df4

Okay now try for rocky linux and use 3.12 instead

ff74d8e

Remove the now unused thing

b648435

Merge remote-tracking branch 'origin/main' into quex.remove_python_3_9

5b1dbce

Use dnf for consistency

59ef475

Simplify installations

27c5d0f

Still need git

d2049dd

Merge remote-tracking branch 'origin/main' into quex.remove_python_3_9

addc460

relock poetry with 2.2.0

5137b2d

relock poetry with 2.2.0

573c0fb

Merge branch 'main' into retain_chiabip

b6a345b

Merge commit 'quex.remove_python_3_9^1' into testing_a_thing

f82ff18

altendky closed this Oct 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

testing a thing #20133

testing a thing #20133

altendky commented Oct 6, 2025

Uh oh!

socket-security bot commented Oct 6, 2025

Uh oh!

socket-security bot commented Oct 6, 2025

Uh oh!

Uh oh!

testing a thing #20133

testing a thing #20133

Conversation

altendky commented Oct 6, 2025

Purpose:

Current Behavior:

New Behavior:

Testing Notes:

Uh oh!

socket-security bot commented Oct 6, 2025

Uh oh!

socket-security bot commented Oct 6, 2025

Uh oh!

Uh oh!