Enabled GitHub's dependency-review workflow.

[vitaliyf]

See https://github.com/actions/dependency-review-action

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	4.*.*	🟢 7.5	Details Check Score Reason Maintained 🟢 10 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
actions/actions/download-artifact	4.*.*	🟢 6.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy 🟢 9 security policy file detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/upload-artifact	4.*.*	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Maintained 🟢 5 4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/aws-actions/configure-aws-credentials	4.*.*	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/4 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/checkout	4.*.*	🟢 7.5	Details Check Score Reason Maintained 🟢 10 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
actions/actions/dependency-review-action	4.*.*	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/create-release-candidate.yml

• actions/checkout@4.*.*
• actions/download-artifact@4.*.*
• actions/upload-artifact@4.*.*
• aws-actions/configure-aws-credentials@4.*.*

.github/workflows/dependency-review.yml

• actions/checkout@4.*.*
• actions/dependency-review-action@4.*.*

.github/workflows/create-release-candidate.yaml

• actions/checkout@4.*.*
• actions/download-artifact@4.*.*
• actions/upload-artifact@4.*.*
• aws-actions/configure-aws-credentials@4.*.*

.github/workflows/publish.yml

• actions/checkout@4.*.*

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.65%. Comparing base (e986e10) to head (f5c579f).

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #21      +/-   ##
==========================================
- Coverage   91.67%   91.65%   -0.02%     
==========================================
  Files         386      386              
  Lines       18167    18167              
==========================================
- Hits        16654    16651       -3     
- Misses       1513     1516       +3     

see 2 files with indirect coverage changes