Towards v0.3.2

[PaulRitsche]

Improved UI, fixed model training bugs and re-worked documentation

[github-actions]

Dependency Review

The following issues were found:

• ❌ 15 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 12 package(s) with unknown licenses.
• ⚠️ 5 packages with OpenSSF Scorecard issues.

See the Details below.

Vulnerabilities

pyproject.toml

Name	Version	Vulnerability	Severity
Pillow	9.2.0	Arbitrary Code Execution in Pillow	critical
		Pillow subject to DoS via SAMPLESPERPIXEL tag	high
		libwebp: OOB write in BuildHuffmanTable	high
		Pillow Denial of Service vulnerability	high
		Pillow buffer overflow vulnerability	high
Keras	2.13.1	Keras is vulnerable to Deserialization of Untrusted Data	high
		Keras Directory Traversal Vulnerability	high
		keras Path Traversal vulnerability	moderate
		Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery	moderate
opencv-contrib-python	4.6.0.66	opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863	high
scikit-learn	1.1.2	scikit-learn sensitive data leakage vulnerability	moderate
tqdm	4.64.1	tqdm CLI arguments injection attack	low

requirements.txt

Name	Version	Vulnerability	Severity
Pillow	9.2.0	Arbitrary Code Execution in Pillow	critical
		Pillow subject to DoS via SAMPLESPERPIXEL tag	high
		libwebp: OOB write in BuildHuffmanTable	high
		Pillow Denial of Service vulnerability	high
		Pillow buffer overflow vulnerability	high
Keras	2.13.1	Keras is vulnerable to Deserialization of Untrusted Data	high
		Keras Directory Traversal Vulnerability	high
		keras Path Traversal vulnerability	moderate
		Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery	moderate
opencv-contrib-python	4.6.0.66	opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863	high
scikit-learn	1.1.2	scikit-learn sensitive data leakage vulnerability	moderate
tqdm	4.64.1	tqdm CLI arguments injection attack	low

setup.py

Name	Version	Vulnerability	Severity
Pillow	9.2.0	Arbitrary Code Execution in Pillow	critical
		Pillow subject to DoS via SAMPLESPERPIXEL tag	high
		libwebp: OOB write in BuildHuffmanTable	high
		Pillow Denial of Service vulnerability	high
		Pillow buffer overflow vulnerability	high
Keras	2.13.1	Keras is vulnerable to Deserialization of Untrusted Data	high
		Keras Directory Traversal Vulnerability	high
		keras Path Traversal vulnerability	moderate
		Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery	moderate
opencv-contrib-python	4.6.0.66	opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863	high
scikit-learn	1.1.2	scikit-learn sensitive data leakage vulnerability	moderate
tqdm	4.64.1	tqdm CLI arguments injection attack	low

License Issues

pyproject.toml

Package	Version	License	Issue Type
Pillow	9.2.0	Null	Unknown License
Keras	2.13.1	Null	Unknown License
CTKToolTip	0.8	Null	Unknown License
tensorflow	2.13.0	Null	Unknown License

requirements.txt

Package	Version	License	Issue Type
Pillow	9.2.0	Null	Unknown License
Keras	2.13.1	Null	Unknown License
CTkToolTip	0.8	Null	Unknown License
tensorflow	2.13.0	Null	Unknown License

setup.py

Package	Version	License	Issue Type
Pillow	9.2.0	Null	Unknown License
Keras	2.13.1	Null	Unknown License
CTKToolTip	0.8	Null	Unknown License
tensorflow	2.13.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/Pillow	9.2.0	Unknown	Unknown
pip/Keras	2.13.1	Unknown	Unknown
pip/opencv-contrib-python	4.6.0.66	Unknown	Unknown
pip/scikit-learn	1.1.2	Unknown	Unknown
pip/tqdm	4.64.1	Unknown	Unknown
pip/CTKToolTip	0.8	Unknown	Unknown
pip/customtkinter	5.2.2	Unknown	Unknown
pip/matplotlib	3.6.1	Unknown	Unknown
pip/numpy	1.23.4	Unknown	Unknown
pip/openpyxl	3.0.10	Unknown	Unknown
pip/pandas	1.5.1	Unknown	Unknown
pip/pre-commit	2.17.0	🟢 4.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 2 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/scikit-image	0.19.3	Unknown	Unknown
pip/sewar	0.4.5	⚠️ 2.9	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/shapely	2.0.5	Unknown	Unknown
pip/tensorflow	2.13.0	Unknown	Unknown
pip/Pillow	9.2.0	Unknown	Unknown
pip/Keras	2.13.1	Unknown	Unknown
pip/opencv-contrib-python	4.6.0.66	Unknown	Unknown
pip/scikit-learn	1.1.2	Unknown	Unknown
pip/tqdm	4.64.1	Unknown	Unknown
pip/CTkToolTip	0.8	Unknown	Unknown
pip/customtkinter	5.2.2	Unknown	Unknown
pip/keras-unet-collection	0.1.13	⚠️ 2	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 2/24 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/matplotlib	3.6.1	Unknown	Unknown
pip/numpy	1.23.4	Unknown	Unknown
pip/openpyxl	3.0.10	Unknown	Unknown
pip/orientationpy	0.2.0.4	Unknown	Unknown
pip/pandas	1.5.1	Unknown	Unknown
pip/pandastable	0.13.1	⚠️ 2	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 2 Found 5/22 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pre-commit	2.17.0	🟢 4.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 2 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/scikit-image	0.19.3	Unknown	Unknown
pip/sewar	0.4.5	⚠️ 2.9	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/shapely	2.0.5	Unknown	Unknown
pip/tensorflow	2.13.0	Unknown	Unknown
pip/Pillow	9.2.0	Unknown	Unknown
pip/Keras	2.13.1	Unknown	Unknown
pip/opencv-contrib-python	4.6.0.66	Unknown	Unknown
pip/scikit-learn	1.1.2	Unknown	Unknown
pip/tqdm	4.64.1	Unknown	Unknown
pip/CTKToolTip	0.8	Unknown	Unknown
pip/customtkinter	5.2.2	Unknown	Unknown
pip/matplotlib	3.6.1	Unknown	Unknown
pip/numpy	1.23.4	Unknown	Unknown
pip/openpyxl	3.0.10	Unknown	Unknown
pip/pandas	1.5.1	Unknown	Unknown
pip/pre-commit	2.17.0	🟢 4.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 2 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/scikit-image	0.19.3	Unknown	Unknown
pip/sewar	0.4.5	⚠️ 2.9	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/shapely	2.0.5	Unknown	Unknown
pip/tensorflow	2.13.0	Unknown	Unknown

Scanned Files

• pyproject.toml
• requirements.txt
• setup.py