JsonPatchFor[Target] defaults to standard registry

[angela-tarantula]

Also some refactoring.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9a4bfc3.

Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/dorny/paths-filter	fbd0ab8f3e69293af611ebaee6363fc25e6d187d	🟢 4.6	Details Check Score Reason Code-Review 🟢 3 Found 8/22 approved changesets -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 11 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/anyio	4.13.0	Unknown	Unknown
pip/click	8.3.2	Unknown	Unknown
pip/fastapi	0.135.3	Unknown	Unknown
pip/mypy	1.20.0	Unknown	Unknown
pip/pygments	2.20.0	Unknown	Unknown
pip/pyinstaller-hooks-contrib	2026.4	🟢 5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 19/24 approved changesets -- score normalized to 7 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pymdown-extensions	10.21.2	Unknown	Unknown
pip/pytest	9.0.3	Unknown	Unknown
pip/ruff	0.15.9	Unknown	Unknown
pip/starlette	1.0.0	Unknown	Unknown
pip/uvicorn	0.44.0	Unknown	Unknown
pip/zensical	0.0.32	Unknown	Unknown

Scanned Files

• .github/workflows/cflite_pr.yml
• uv.lock

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!