Home/l2r/Trust report

Trust and health report

l2r - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Dormant18% signal

last push 933d ago

Provenance

Repository identity and fork provenance (github_public_v1).

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
118 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-3936-cmfr-pm3m
black@22.6.0 · poetry.lock
GHSA-fj7x-q9j7-g6q6
black@22.6.0 · poetry.lock
PYSEC-2024-48
black@22.6.0 · poetry.lock
GHSA-248v-346w-9cwc
certifi@2022.6.15 · poetry.lock
GHSA-43fp-rhv2-5gv8
certifi@2022.6.15 · poetry.lock
GHSA-xqr8-7jwr-rhp7
certifi@2022.6.15 · poetry.lock
PYSEC-2022-42986
certifi@2022.6.15 · poetry.lock
PYSEC-2023-135
certifi@2022.6.15 · poetry.lock
PYSEC-2024-230
certifi@2022.6.15 · poetry.lock
GHSA-qmgc-5h2g-mvrw
filelock@3.7.1 · poetry.lock
GHSA-w853-jp5j-5j7f
filelock@3.7.1 · poetry.lock
PYSEC-2026-1374
filelock@3.7.1 · poetry.lock
PYSEC-2026-1375
filelock@3.7.1 · poetry.lock
GHSA-6673-4983-2vx5
fonttools@4.33.3 · poetry.lock
GHSA-768j-98cg-p3fv
fonttools@4.33.3 · poetry.lock
PYSEC-2026-1388
fonttools@4.33.3 · poetry.lock
PYSEC-2026-1389
fonttools@4.33.3 · poetry.lock
GHSA-65pc-fj4g-8rjx
idna@3.3 · poetry.lock
GHSA-jjg7-2v4v-x38h
idna@3.3 · poetry.lock
PYSEC-2024-60
idna@3.3 · poetry.lock
PYSEC-2026-215
idna@3.3 · poetry.lock
GHSA-fpfv-jqm9-f5jm
numpy@1.21.1 · poetry.lock
GHSA-3f63-hfp8-52jq
pillow@7.2.0 · poetry.lock
GHSA-3wvg-mj6g-m9cv
pillow@7.2.0 · poetry.lock
GHSA-44wm-f244-xhp3
pillow@7.2.0 · poetry.lock
GHSA-4fx9-vc88-q2xc
pillow@7.2.0 · poetry.lock
GHSA-57h3-9rgr-c24m
pillow@7.2.0 · poetry.lock
GHSA-7534-mm45-c74v
pillow@7.2.0 · poetry.lock
GHSA-77gc-v2xv-rvvh
pillow@7.2.0 · poetry.lock
GHSA-7r7m-5h27-29hp
pillow@7.2.0 · poetry.lock
GHSA-8ghj-p4vj-mr35
pillow@7.2.0 · poetry.lock
GHSA-8vj2-vxx3-667w
pillow@7.2.0 · poetry.lock
GHSA-8xjq-8fcg-g5hw
pillow@7.2.0 · poetry.lock
GHSA-95q3-8gr9-gm8w
pillow@7.2.0 · poetry.lock
GHSA-98vv-pw6r-q6q4
pillow@7.2.0 · poetry.lock
GHSA-9hx2-hgq2-2g4f
pillow@7.2.0 · poetry.lock
GHSA-9j59-75qj-795w
pillow@7.2.0 · poetry.lock
GHSA-f4w8-cv6p-x6r5
pillow@7.2.0 · poetry.lock
GHSA-f5g8-5qq7-938w
pillow@7.2.0 · poetry.lock
GHSA-g6rj-rv7j-xwp4
pillow@7.2.0 · poetry.lock
GHSA-hf64-x4gq-p99h
pillow@7.2.0 · poetry.lock
GHSA-hjfx-8p6c-g7gx
pillow@7.2.0 · poetry.lock
GHSA-j7hp-h8jx-5ppr
pillow@7.2.0 · poetry.lock
GHSA-jgpv-4h4c-xhw3
pillow@7.2.0 · poetry.lock
GHSA-m2vv-5vj5-2hm7
pillow@7.2.0 · poetry.lock
GHSA-mvg9-xffr-p774
pillow@7.2.0 · poetry.lock
GHSA-p43w-g3c5-g5mq
pillow@7.2.0 · poetry.lock
GHSA-pw3c-h7wp-cvhx
pillow@7.2.0 · poetry.lock
GHSA-q5hq-fp76-qmrc
pillow@7.2.0 · poetry.lock
GHSA-r73j-pqj5-w3x7
pillow@7.2.0 · poetry.lock
GHSA-rwv7-3v45-hg29
pillow@7.2.0 · poetry.lock
GHSA-vqcj-wrf2-7v73
pillow@7.2.0 · poetry.lock
GHSA-wjx4-4jcj-g98j
pillow@7.2.0 · poetry.lock
GHSA-xrcv-f9gm-v42c
pillow@7.2.0 · poetry.lock
PYSEC-2021-137
pillow@7.2.0 · poetry.lock
PYSEC-2021-138
pillow@7.2.0 · poetry.lock
PYSEC-2021-139
pillow@7.2.0 · poetry.lock
PYSEC-2021-317
pillow@7.2.0 · poetry.lock
PYSEC-2021-331
pillow@7.2.0 · poetry.lock
PYSEC-2021-35
pillow@7.2.0 · poetry.lock
PYSEC-2021-36
pillow@7.2.0 · poetry.lock
PYSEC-2021-37
pillow@7.2.0 · poetry.lock
PYSEC-2021-38
pillow@7.2.0 · poetry.lock
PYSEC-2021-39
pillow@7.2.0 · poetry.lock
PYSEC-2021-40
pillow@7.2.0 · poetry.lock
PYSEC-2021-41
pillow@7.2.0 · poetry.lock
PYSEC-2021-42
pillow@7.2.0 · poetry.lock
PYSEC-2021-69
pillow@7.2.0 · poetry.lock
PYSEC-2021-70
pillow@7.2.0 · poetry.lock
PYSEC-2021-71
pillow@7.2.0 · poetry.lock
PYSEC-2021-92
pillow@7.2.0 · poetry.lock
PYSEC-2021-93
pillow@7.2.0 · poetry.lock
PYSEC-2021-94
pillow@7.2.0 · poetry.lock
PYSEC-2022-10
pillow@7.2.0 · poetry.lock
PYSEC-2022-168
pillow@7.2.0 · poetry.lock
PYSEC-2022-42979
pillow@7.2.0 · poetry.lock
PYSEC-2022-42980
pillow@7.2.0 · poetry.lock
PYSEC-2022-8
pillow@7.2.0 · poetry.lock
PYSEC-2022-9
pillow@7.2.0 · poetry.lock
PYSEC-2023-175
pillow@7.2.0 · poetry.lock
PYSEC-2023-227
pillow@7.2.0 · poetry.lock
PYSEC-2026-165
pillow@7.2.0 · poetry.lock
PYSEC-2026-1793
pillow@7.2.0 · poetry.lock
PYSEC-2026-1794
pillow@7.2.0 · poetry.lock
PYSEC-2026-457
pillow@7.2.0 · poetry.lock
GHSA-9hjg-9r4m-mvj7
requests@2.28.1 · poetry.lock
GHSA-9wx4-h78v-vm56
requests@2.28.1 · poetry.lock
GHSA-gc5v-m9x4-r6x2
requests@2.28.1 · poetry.lock
GHSA-j8r2-6x86-q33q
requests@2.28.1 · poetry.lock
PYSEC-2023-74
requests@2.28.1 · poetry.lock
PYSEC-2026-1872
requests@2.28.1 · poetry.lock
PYSEC-2026-1873
requests@2.28.1 · poetry.lock
PYSEC-2023-102
scipy@1.6.1 · poetry.lock
PYSEC-2023-114
scipy@1.6.1 · poetry.lock
GHSA-g7vv-2v7x-gj9p
tqdm@4.64.0 · poetry.lock
PYSEC-2026-1976
tqdm@4.64.0 · poetry.lock
GHSA-2xpw-w6gg-jr37
urllib3@1.26.9 · poetry.lock
GHSA-34jh-p97f-mpxf
urllib3@1.26.9 · poetry.lock
GHSA-38jv-5279-wg99
urllib3@1.26.9 · poetry.lock
GHSA-g4mx-q9vg-27p4
urllib3@1.26.9 · poetry.lock
GHSA-gm62-xv2j-4w53
urllib3@1.26.9 · poetry.lock
GHSA-pq67-6m6q-mj2v
urllib3@1.26.9 · poetry.lock
GHSA-qccp-gfcp-xxvc
urllib3@1.26.9 · poetry.lock
GHSA-v845-jxx5-vc9f
urllib3@1.26.9 · poetry.lock
PYSEC-2023-192
urllib3@1.26.9 · poetry.lock
PYSEC-2023-212
urllib3@1.26.9 · poetry.lock
PYSEC-2026-141
urllib3@1.26.9 · poetry.lock
PYSEC-2026-1994
urllib3@1.26.9 · poetry.lock
PYSEC-2026-1995
urllib3@1.26.9 · poetry.lock
PYSEC-2026-1996
urllib3@1.26.9 · poetry.lock
PYSEC-2026-1998
urllib3@1.26.9 · poetry.lock
PYSEC-2026-1999
urllib3@1.26.9 · poetry.lock
GHSA-597g-3phw-6986
virtualenv@20.15.1 · poetry.lock
GHSA-rqc4-2hc7-8c8v
virtualenv@20.15.1 · poetry.lock
PYSEC-2024-187
virtualenv@20.15.1 · poetry.lock
PYSEC-2026-2009
virtualenv@20.15.1 · poetry.lock
GHSA-jfmj-5v4g-7637
zipp@3.8.0 · poetry.lock
PYSEC-2026-2074
zipp@3.8.0 · poetry.lock

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/learn-to-race-l2r/trust.

Common questions

Is l2r maintained?
GraphCanon rates l2r "Dormant" (18% maintenance signal from public GitHub metadata, computed today). Last push was 933 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is l2r safe to use?
Last scanned today (deps profile). Status: 118 low - 118 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify l2r as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is l2r a fork?
No. l2r is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does l2r have known security vulnerabilities?
Last scanned today (deps profile). Status: 118 low - 118 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the l2r trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about l2r?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for l2r. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for l2r?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.