You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pull request alerts notify when new issues are detected between the diff of the pull request and it's target branch.
Details
Warning
Review the following alerts detected in dependencies.
According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
Action
Severity
Alert (click "▶" to expand/collapse)
Warn
License policy violation: pypi docutils
License: License :: OSI Approved :: GNU General Public License (GPL) - This license classifier is not allowed by the applicable policy (docutils-0.22.3/PKG-INFO)
License: License :: OSI Approved :: GNU General Public License (GPL) - This license classifier is not allowed by the applicable policy (docutils-0.22.3/pyproject.toml)
Next steps: Take a moment to review the security alert
above. Review the linked package source code to understand the potential
risk. Ensure the package is not malicious before proceeding. If you're
unsure how to proceed, reach out to your security team or ask the Socket
team for help at support@socket.dev.
Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity-Staging ignore pypi/docutils@0.22.3. You can
also ignore all packages with @SocketSecurity-Staging ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
License policy violation: pypi docutils
License: License :: OSI Approved :: GNU General Public License (GPL) - This license classifier is not allowed by the applicable policy (docutils-0.22.3.dist-info/METADATA)
Next steps: Take a moment to review the security alert
above. Review the linked package source code to understand the potential
risk. Ensure the package is not malicious before proceeding. If you're
unsure how to proceed, reach out to your security team or ask the Socket
team for help at support@socket.dev.
Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity-Staging ignore pypi/docutils@0.22.3. You can
also ignore all packages with @SocketSecurity-Staging ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
License policy violation: pypi identify under EPL-1.0
License: EPL-1.0 - the applicable license policy does not allow this license (4) (identify-2.6.15/identify/vendor/licenses.py)
License: EUPL-1.1 - the applicable license policy does not allow this license (4) (identify-2.6.15/identify/vendor/licenses.py)
License: EUPL-1.2 - the applicable license policy does not allow this license (4) (identify-2.6.15/identify/vendor/licenses.py)
License: GPL-2.0+ - the applicable license policy does not allow this license (4) (identify-2.6.15/identify/vendor/licenses.py)
License: OFL-1.1 - the applicable license policy does not allow this license (4) (identify-2.6.15/identify/vendor/licenses.py)
License: WTFPL - the applicable license policy does not allow this license (4) (identify-2.6.15/identify/vendor/licenses.py)
Next steps: Take a moment to review the security alert
above. Review the linked package source code to understand the potential
risk. Ensure the package is not malicious before proceeding. If you're
unsure how to proceed, reach out to your security team or ask the Socket
team for help at support@socket.dev.
Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity-Staging ignore pypi/identify@2.6.15. You can
also ignore all packages with @SocketSecurity-Staging ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
License policy violation: pypi identify under OFL-1.1
License: OFL-1.1 - the applicable license policy does not allow this license (4) (identify/vendor/licenses.py)
License: WTFPL - the applicable license policy does not allow this license (4) (identify/vendor/licenses.py)
License: EPL-1.0 - the applicable license policy does not allow this license (4) (identify/vendor/licenses.py)
License: EUPL-1.1 - the applicable license policy does not allow this license (4) (identify/vendor/licenses.py)
License: EUPL-1.2 - the applicable license policy does not allow this license (4) (identify/vendor/licenses.py)
License: GPL-2.0+ - the applicable license policy does not allow this license (4) (identify/vendor/licenses.py)
Next steps: Take a moment to review the security alert
above. Review the linked package source code to understand the potential
risk. Ensure the package is not malicious before proceeding. If you're
unsure how to proceed, reach out to your security team or ask the Socket
team for help at support@socket.dev.
Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity-Staging ignore pypi/identify@2.6.15. You can
also ignore all packages with @SocketSecurity-Staging ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
