SA Example #67
SA Example #67
Conversation
![arnica-github-connector[bot]](https://avatars.githubusercontent.com/in/144692?s=60&v=4){kind=small}
| kiwisolver==1.4.9 | ||
| markdown-it-py==4.0.0 | ||
| markupsafe==3.0.3 | ||
| matplotlib==3.10.8 |
There was a problem hiding this comment.
License Risk: matplotlib@3.10.8 uses CAL-1.0
CAL-1.0 violates license policy.
Severity: High 🚨
Status: Open 🔴
License Details:
Suggested reviewers 🧐: @VProv
More details:
If you see an issue, please contact Shasheen in the #security-engineering Slack channel.
Details
Take action by replying with an [arnica] command 💬
Actions
Use [arnica] or [a] to interact with the Arnica bot to acknowledge or dismiss code risks.
To acknowledge the finding as a valid code risk:
[arnica] ack <acknowledge additional details>
To dismiss the risk with a reason:
[arnica] dismiss <fp|accept|capacity> <dismissal reason>
Examples
-
[arnica] ack This is a valid risk and im looking into it -
[arnica] dismiss fp Dismissed - Risk Not Accurate: (i.e. False Positive) -
[arnica] dismiss accept Dismiss - Risk Accepted: Allow the risk to exist in the system -
[arnica] dismiss capacity Dismiss - No Capacity: This will need to wait for a future sprint
| pytz==2025.2 | ||
| pyyaml==6.0.3 | ||
| pyzmq==27.1.0 | ||
| regex==2025.11.3 |
There was a problem hiding this comment.
License Risk: regex@2025.11.3 uses CNRI-Python
CNRI-Python violates license policy.
Severity: High 🚨
Status: Open 🔴
License Details:
Suggested reviewers 🧐: @VProv
More details:
If you see an issue, please contact Shasheen in the #security-engineering Slack channel.
Details
Take action by replying with an [arnica] command 💬
Actions
Use [arnica] or [a] to interact with the Arnica bot to acknowledge or dismiss code risks.
To acknowledge the finding as a valid code risk:
[arnica] ack <acknowledge additional details>
To dismiss the risk with a reason:
[arnica] dismiss <fp|accept|capacity> <dismissal reason>
Examples
-
[arnica] ack This is a valid risk and im looking into it -
[arnica] dismiss fp Dismissed - Risk Not Accurate: (i.e. False Positive) -
[arnica] dismiss accept Dismiss - Risk Accepted: Allow the risk to exist in the system -
[arnica] dismiss capacity Dismiss - No Capacity: This will need to wait for a future sprint
Note
Adds two evaluation notebooks, an install script, and a DPO training JSONL under Evals.
Evals/Helpsteer_exercise.ipynbandEvals/Optimizing_LLM_Judges.ipynb.Evals/install.shfor environment/setup.Evals/judge_dpo_data/rewardbench2_dpo_train.jsonlDPO training dataset.Written by Cursor Bugbot for commit 281096b. This will update automatically on new commits. Configure here.