Add dependencies

[stacklokdemo]

Add python-oauth2 and requests packages to get ready for new features.

[ghost]

Suggested change

	requests==2.30.0
	requests==2.32.3

[ghost]

Minder Vulnerability Report ⚠️

Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR.

Vulnerability scan of a2f04b1b:

• 🐞 vulnerable packages: 1
• 🛠 fixes available for: 1

Package	Version	#Vulnerabilities	#Fixes	Patch
requests	2.30.0	3	3	2.32.3

Summary of vulnerabilities found

Minder found the following vulnerabilities in this PR:

Ecosystem	Name	Version	Vulnerability ID	Summary	Introduced	Fixed
PyPI	requests	2.30.0	GHSA-9wx4-h78v-vm56	Requests `Session` object does not verify requests after making first request with verify=False	0	2.32.0
PyPI	requests	2.30.0	GHSA-j8r2-6x86-q33q	Unintended leak of Proxy-Authorization header in requests	2.3.0	2.31.0
PyPI	requests	2.30.0	PYSEC-2023-74		2.3.0	2.31.0

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Trust-summary	3.5
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
From	activity
Provenance	8
User activity	5.9
Repository activity	3.3
Package activity	4.6
Trust-summary	3.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Repository activity	3.3
Package activity	4.6
Trust-summary	3.5
From	activity
Provenance	8
User activity	5.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Repository activity	3.3
Package activity	4.6
Trust-summary	3.5
From	activity
Provenance	8
User activity	5.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Trust-summary	3.5
From	activity
Provenance	8
User activity	5.9
Repository activity	3.3
Package activity	4.6

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Trust-summary	3.5
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Trust-summary	3.5
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance	8

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance	8
Trust-summary	3.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 4.6

Scoring details

Component	Score
Repository activity	3.3
Package activity	4.6
Trust-summary	3.5
From	activity
Provenance	8
User activity	5.9

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	8

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
Trust-summary	3.5
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
From	provenance
User activity	9.4
Repository activity	9.4
Package activity	9.4
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	8.6

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	152
Number of git tags or releases	103
Versions matched to tags or releases	95

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	3.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	8.6
From	provenance
User activity	9.4
Repository activity	9.4
Package activity	9.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	152
Number of git tags or releases	103
Versions matched to tags or releases	95

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
Trust-summary	3.5
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance_type	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
Package activity	9.4
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	8.6
From	provenance
User activity	9.4
Repository activity	9.4

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	152
Number of git tags or releases	103
Versions matched to tags or releases	95

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	3.5

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	8.6
From	provenance
User activity	9.4
Repository activity	9.4
Package activity	9.4
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	152
Number of git tags or releases	103
Versions matched to tags or releases	95

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
Trust-summary	3.5
User activity	5.9
Repository activity	3.3
From	activity
Package activity	4.6
Provenance_type	historical_provenance_match
Provenance	0

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
User activity	9.4
Repository activity	9.4
Package activity	9.4
Provenance_type	historical_provenance_match
Provenance	0
Trust-summary	8.6
From	provenance

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	152
Number of git tags or releases	103
Versions matched to tags or releases	95

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
Package activity	4.6
Repository activity	3.3
User activity	5.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	0

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
Package activity	9.4
Repository activity	9.4
User activity	9.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	147
Number of git tags or releases	98
Versions matched to tags or releases	90

Alternatives

Package	Score	Description
httpx	0
urllib3	0

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
Package activity	4.6
Repository activity	3.3
User activity	5.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	0

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
Package activity	9.4
Repository activity	9.4
User activity	9.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	147
Number of git tags or releases	98
Versions matched to tags or releases	90

Alternatives

Package	Score	Description
httpx	0
urllib3	0

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details

Component	Score
Package activity	4.6
Repository activity	3.3
User activity	5.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Score	Description
oauthlib	0

📦 Dependency: requests

Trusty Score: 0

Scoring details

Component	Score
Package activity	9.4
Repository activity	9.4
User activity	9.4
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	147
Number of git tags or releases	98
Versions matched to tags or releases	90

Alternatives

Package	Score	Description
httpx	0
urllib3	0

[ghost]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: python-oauth2

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Scoring details

Component	Score
Package activity	4.6
Repository activity	3.3
User activity	5.9
Provenance	historical_provenance_match

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	13
Number of git tags or releases	13
Versions matched to tags or releases	13

Alternatives

Package	Description
oauthlib