Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixbranch #952

Closed
wants to merge 3,014 commits into from
Closed

Fixbranch #952

wants to merge 3,014 commits into from

Conversation

w4ffl35
Copy link
Member

@w4ffl35 w4ffl35 commented Oct 23, 2024

No description provided.

w4ffl35 added 30 commits October 23, 2024 14:15
@w4ffl35
bump version
722eccd
@w4ffl35
rename functions in llm
5ab4bbb
@w4ffl35
fix llm loading
7d06375
@w4ffl35
add deep cache and get rid of print statements
4e6256c
@w4ffl35
fix inference spelling
a96f8ad
@w4ffl35
fix tokenizer loading
f52275e
@w4ffl35
adds scroll area to input image so that tool tab collapses properly
d654bac
@w4ffl35
use correct call to interrupt_image_generation
871fb38
@w4ffl35
get rid of debugging memory summary
4714bc2
@w4ffl35
when loadding settings from db, create settings if they do not exist …
299b5b9 
…in db
@w4ffl35
remove dither filter
19c49c6
@w4ffl35
show a warning if update_value has no settings property passed
8aba33d
@w4ffl35
remove unused settings
6cba6fa
@w4ffl35
stop using dictionary to create new chatbot defaults
a5f7e76
@w4ffl35
Fixes #869 removes Bark text-to-speech
c4c3750 
This is too slow on lower-end hardware. We will add it again as an extension or leave it out completely
@w4ffl35
Fixes #870 removes translation preferences and settings
9027349
@w4ffl35
Fixes #871 #874 #872 #875 LLM loading and rag search
f3c3fc4 
simplifies code by combining llamaindex mixin with base agent
@w4ffl35
fixes a number of bugs, mostly related to settings
3eb3e5e
@w4ffl35
Fixes tomesd display in memory settings widget
8465e60
@w4ffl35
Fixes current value in sliders
03e55e7
@w4ffl35
Fixes settings, removes redundancy from settings
0f0632e
@w4ffl35
fixes prompt browser widget functionality
a2e1432
@w4ffl35
rearrange menu options
20de6cf
@w4ffl35
fixes reset settings
da2f023
@w4ffl35
Fixes cut, copy, paste and rotate
b3de61d
@w4ffl35
fixes model toggling
be6aa4e
@w4ffl35
fix about window
94acec5
@w4ffl35
fixes interrupt image generation
550fa2d
@w4ffl35
fixes #888 change brush color
910ae72
@w4ffl35
remove unused imports
fa7b8c7
w4ffl35 and others added 27 commits October 23, 2024 14:23
@w4ffl35
Prevent llm thread hanging on close
24660b9
@w4ffl35
fixes #941 adds stt settings (but does not yet expose them)
d815c8a
@w4ffl35
fixes font issues so that emoji display correctly
e078ba1
@w4ffl35
fixes #894 model load balancing
e7d0abd
@w4ffl35
bump version
d58d2eb
@w4ffl35
Create linux-dispatch.yml
57d8de5
@w4ffl35
streamer and interrupt improvements
b456e06
@w4ffl35
only send final message when action is chat
8eb4c1c
@w4ffl35
message template improvements
d0e45e8
@w4ffl35
only call remove loading widget when one exists
ea96e82
@w4ffl35
only call remove loading widget when one exists
424e2ac
@w4ffl35
conversation history improvements
75de18d
@w4ffl35
remove print debugging
319c5fc
@w4ffl35
improvements to tts handling
fbbf704
@w4ffl35
better usage of database
36c93cc
@w4ffl35
version bump
84c1ff1
@w4ffl35
return message after saving to db
f2d370b
@w4ffl35
scroll to bottom on conversation load
eae0292
@w4ffl35
retry loading of whisper model once on fail
d2ebc88
@w4ffl35
use self.session properly
af8a7ae
@w4ffl35
rearranged properties for readability
effb4e0
@w4ffl35
Fixes for interrupt signals
2319b37
@w4ffl35
improved logger handling
80f67f9
@w4ffl35
improved logger handling
5c3e110
@w4ffl35
better scroll to bottom handling in chat prompt widget
929ea35 
added smooth scrolling animation
@w4ffl35
update README.md
8852050
@w4ffl35
switch to RAKEKeywordTableIndex for better RAG results
47d80dc 
remove loading widget
improve smooth scrolling
@github-actions GitHub Actions
Copy link

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 8 package(s) with unknown licenses.
See the Details below.

License Issues

setup.py

PackageVersionLicenseIssue Type
PySide66.7.0NullUnknown License
PySide6_Addons6.7.0NullUnknown License
PySide6_Essentials6.7.0NullUnknown License
controlnet_aux0.0.9NullUnknown License
llama-index-embeddings-mistralai0.2.0NullUnknown License
rake_nltk1.0.6NullUnknown License
sentence_transformers3.0.1NullUnknown License
torch2.4.1NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/dependency-review-action 4.*.* 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1015 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 3.*.* 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/docker/login-action 1.*.* 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 6Found 2/3 approved changesets -- score normalized to 6
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 8SAST tool detected but not run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout 3.*.* 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/setup-python 3.*.* 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1012 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
Vulnerabilities⚠️ 013 existing vulnerabilities detected
actions/pypa/gh-action-pypi-publish 27b31702a0e7fc50959f5ad993c78deac1bdfc29 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 7Found 13/17 approved changesets -- score normalized to 7
Maintained🟢 1016 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 4security policy file detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during GetBranch(master): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/DeepCache 0.1.1 UnknownUnknown
pip/EbookLib 0.18 🟢 3.7
Details
CheckScoreReason
Code-Review🟢 4Found 7/17 approved changesets -- score normalized to 4
Maintained⚠️ 11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/PySide6 6.7.0 UnknownUnknown
pip/PySide6_Addons 6.7.0 UnknownUnknown
pip/PySide6_Essentials 6.7.0 UnknownUnknown
pip/accelerate 0.33.0 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 4SAST tool is not run on all commits -- score normalized to 4
pip/alembic 1.13.3 🟢 5.9
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1015 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
SAST⚠️ 0no SAST tool detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/auto-gptq 0.7.1 UnknownUnknown
pip/bitsandbytes 0.43.3 UnknownUnknown
pip/compel 2.0.3 UnknownUnknown
pip/controlnet_aux 0.0.9 UnknownUnknown
pip/cryptography 43.0.1 🟢 8.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 73 existing vulnerabilities detected
pip/datasets 2.21.0 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 3Found 10/30 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/diffusers 0.30.1 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 9Found 29/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
License🟢 10license file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 64 existing vulnerabilities detected
pip/facehuggershield 0.1.11 UnknownUnknown
pip/html2text 2024.2.26 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 6Found 12/19 approved changesets -- score normalized to 6
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/huggingface-hub 0.23.5 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 6SAST tool is not run on all commits -- score normalized to 6
pip/inflect 7.3.1 🟢 5.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 2/24 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/llama-index 0.11.7 UnknownUnknown
pip/llama-index-embeddings-mistralai 0.2.0 UnknownUnknown
pip/llama-index-llms-groq 0.2.0 UnknownUnknown
pip/llama-index-llms-huggingface 0.3.1 UnknownUnknown
pip/llama-index-readers-file 0.2.0 UnknownUnknown
pip/llama-index-readers-web 0.2.1 UnknownUnknown
pip/numpy 1.26.4 🟢 7.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 10project has 93 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 9license file detected
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 8SAST tool detected but not run on all commits
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/optimum 1.21.4 UnknownUnknown
pip/pillow 10.4.0 🟢 7.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 12/18 approved changesets -- score normalized to 6
License🟢 9license file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/pycountry 24.6.1 UnknownUnknown
pip/pyttsx3 2.91 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 5Found 15/30 approved changesets -- score normalized to 5
Maintained🟢 1025 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/rake_nltk 1.0.6 UnknownUnknown
pip/safetensors 0.4.4 UnknownUnknown
pip/sentence_transformers 3.0.1 UnknownUnknown
pip/setuptools 75.1.0 🟢 5.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 4/11 approved changesets -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/sounddevice 0.5.0 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/25 approved changesets -- score normalized to 1
Maintained🟢 1012 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/tensorflow 2.17.0 🟢 7.8
Details
CheckScoreReason
Binary-Artifacts🟢 7binaries present in source code
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 923 out of 25 merged PRs checked by a CI test -- score normalized to 9
CII-Best-Practices🟢 5badge detected: Passing
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Contributors🟢 10project has 21 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/tokenizers 0.19.1 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 19/23 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 55 existing vulnerabilities detected
pip/tomesd 0.1.3 UnknownUnknown
pip/torch 2.4.1 🟢 6.4
Details
CheckScoreReason
Binary-Artifacts🟢 9binaries present in source code
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests⚠️ -1no pull request found
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 10all last 30 commits are reviewed through Prow
Contributors🟢 1035 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool⚠️ 0no update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0no SAST tool detected
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed -- score normalized to 0
Token-Permissions⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 10no vulnerabilities detected
Webhooks⚠️ -1check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check
pip/torchaudio 2.4.1 🟢 5.4
Details
CheckScoreReason
Maintained🟢 67 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during GetBranch(release/2.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/torchvision 0.19.1 🟢 5.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 14/30 approved changesets -- score normalized to 4
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during GetBranch(release/0.16): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 9binaries present in source code
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/transformers 4.43.4 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 9Found 29/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 0463 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml
  • actions/checkout@4.*.*
  • actions/dependency-review-action@4.*.*
.github/workflows/linux-dispatch.yml
  • actions/checkout@3.*.*
  • docker/login-action@1.*.*
.github/workflows/pypi-dispatch.yml
setup.py
.github/workflows/repository-dispatch.yml
  • docker/login-action@1.*.*

@w4ffl35 w4ffl35 closed this Oct 23, 2024
@w4ffl35 w4ffl35 deleted the fixbranch branch October 23, 2024 20:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@w4ffl35