{"id":15014102,"url":"https://github.com/rasahq/rasa","last_synced_at":"2025-09-09T20:29:38.800Z","repository":{"id":37299798,"uuid":"70908208","full_name":"RasaHQ/rasa","owner":"RasaHQ","description":"💬   Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants","archived":false,"fork":false,"pushed_at":"2025-08-26T16:48:27.000Z","size":1611014,"stargazers_count":20629,"open_issues_count":139,"forks_count":4844,"subscribers_count":358,"default_branch":"3.6.x","last_synced_at":"2025-09-02T15:03:57.346Z","etag":null,"topics":["bot","bot-framework","botkit","bots","chatbot","chatbots","chatbots-framework","conversation-driven-development","conversational-agents","conversational-ai","conversational-bots","machine-learning","machine-learning-library","mitie","natural-language-processing","nlp","nlu","rasa","spacy","wit"],"latest_commit_sha":null,"homepage":"https://rasa.com/docs/rasa/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RasaHQ.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.mdx","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"security.txt","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-10-14T12:27:49.000Z","updated_at":"2025-09-02T14:43:26.000Z","dependencies_parsed_at":"2023-12-11T14:35:55.397Z","dependency_job_id":"0b554f57-86f6-4450-8eb5-4b770b2e2e8d","html_url":"https://github.com/RasaHQ/rasa","commit_stats":{"total_commits":22316,"total_committers":615,"mean_commits":36.28617886178862,"dds":0.9084065244667503,"last_synced_commit":"7807b19ad5fffab73ca1a04dc710f812115a9288"},"previous_names":["rasahq/rasa_nlu","golastmile/rasa_nlu"],"tags_count":764,"template":false,"template_full_name":null,"purl":"pkg:github/RasaHQ/rasa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RasaHQ%2Frasa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RasaHQ%2Frasa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RasaHQ%2Frasa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RasaHQ%2Frasa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RasaHQ","download_url":"https://codeload.github.com/RasaHQ/rasa/tar.gz/refs/heads/3.6.x","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RasaHQ%2Frasa/sbom","scorecard":{"id":118135,"data":{"date":"2025-08-11","repo":{"name":"github.com/RasaHQ/rasa","commit":"d6829b6acc10fd9548798176bb0f9713107c1555"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/automatic-pr-update.yml:1","Warn: no topLevel permission defined: .github/workflows/ci-docs-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/ci-github-actions.yml:1","Warn: no topLevel permission defined: .github/workflows/ci-model-regression-on-schedule.yml:1","Warn: no topLevel permission defined: .github/workflows/ci-model-regression.yml:1","Warn: no topLevel permission defined: .github/workflows/continous-integration.yml:1","Warn: no topLevel permission defined: .github/workflows/dependabot-batch-updater.yml:1","Warn: no topLevel permission defined: .github/workflows/documentation.yml:1","Warn: no topLevel permission defined: .github/workflows/nightly_release.yml:1","Warn: no topLevel permission defined: .github/workflows/rasa-install-cron-check.yml:1","Warn: no topLevel permission defined: .github/workflows/security-scans.yml:1","Warn: no topLevel permission defined: .github/workflows/semgrep-check.yml:1","Warn: no topLevel permission defined: .github/workflows/spellcheck.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: ': .github/workflows/continous-integration.yml:990","Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: manifest: .github/workflows/continous-integration.yml:1011","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/nightly_release.yml:106","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continous-integration.yml:590: update your workflow using https://app.stepsecurity.io/secureworkflow/RasaHQ/rasa/continous-integration.yml/3.6.x?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continous-integration.yml:561: update your workflow using https://app.stepsecurity.io/secureworkflow/RasaHQ/rasa/continous-integration.yml/3.6.x?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continous-integration.yml:877: update your workflow using https://app.stepsecurity.io/secureworkflow/RasaHQ/rasa/continous-integration.yml/3.6.x?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continous-integration.yml:903: update your workflow using https://app.stepsecurity.io/secureworkflow/RasaHQ/rasa/continous-integration.yml/3.6.x?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semgrep-check.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/RasaHQ/rasa/semgrep-check.yml/3.6.x?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:3","Warn: containerImage not pinned by hash: Dockerfile:6","Warn: containerImage not pinned by hash: Dockerfile:23","Warn: containerImage not pinned by hash: docker/Dockerfile.base:2: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1ec65b2719518e27d4d25f104d93f9fac60dc437f81452302406825c46fcc9cb","Warn: containerImage not pinned by hash: docker/Dockerfile.base-builder:5","Warn: containerImage not pinned by hash: docker/Dockerfile.base-mitie:2: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: docker/Dockerfile.base-poetry:4","Warn: containerImage not pinned by hash: docker/Dockerfile.full:7","Warn: containerImage not pinned by hash: docker/Dockerfile.full:9","Warn: containerImage not pinned by hash: docker/Dockerfile.full:42","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_mitie_en:7","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_mitie_en:9","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_mitie_en:30","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_de:6","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_de:29","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_en:6","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_en:29","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_it:6","Warn: containerImage not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_it:29","Warn: pipCommand not pinned by hash: .devcontainer/Dockerfile:20","Warn: pipCommand not pinned by hash: Dockerfile:14-20","Warn: downloadThenRun not pinned by hash: docker/Dockerfile.base-poetry:10","Warn: pipCommand not pinned by hash: docker/Dockerfile.full:21-23","Warn: pipCommand not pinned by hash: docker/Dockerfile.pretrained_embeddings_mitie_en:21-22","Warn: pipCommand not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_de:16-17","Warn: pipCommand not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_en:16-17","Warn: pipCommand not pinned by hash: docker/Dockerfile.pretrained_embeddings_spacy_it:16-17","Warn: npmCommand not pinned by hash: .github/workflows/ci-docs-tests.yml:94","Warn: pipCommand not pinned by hash: .github/workflows/ci-model-regression-on-schedule.yml:81","Warn: pipCommand not pinned by hash: .github/workflows/ci-model-regression.yml:176","Warn: pipCommand not pinned by hash: .github/workflows/continous-integration.yml:605","Warn: downloadThenRun not pinned by hash: .github/workflows/continous-integration.yml:1284","Warn: pipCommand not pinned by hash: .github/workflows/continous-integration.yml:1298","Warn: pipCommand not pinned by hash: .github/workflows/continous-integration.yml:362","Warn: pipCommand not pinned by hash: .github/workflows/continous-integration.yml:520","Warn: pipCommand not pinned by hash: .github/workflows/documentation.yml:74","Warn: pipCommand not pinned by hash: .github/workflows/nightly_release.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/nightly_release.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/rasa-install-cron-check.yml:29","Warn: pipCommand not pinned by hash: .github/workflows/rasa-install-cron-check.yml:32","Info: 111 out of 116 GitHub-owned GitHubAction dependencies pinned","Info:  68 out of  68 third-party GitHubAction dependencies pinned","Info:   0 out of  19 containerImage dependencies pinned","Info:   6 out of  24 pipCommand dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/continous-integration.yml:947"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"206 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-vpf5-82c8-9v36","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-rrc9-gqf8-8rwg","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p","Warn: Project is vulnerable to: GHSA-p3vf-v8qc-cwcr","Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf","Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674","Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg","Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-mf6x-hrgr-658f","Warn: Project is vulnerable to: GHSA-xrh7-m5pp-39r6","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h","Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr","Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg","Warn: Project is vulnerable to: GHSA-xvf7-4v9q-58w6","Warn: Project is vulnerable to: GHSA-7mg4-w3w5-x5pc","Warn: Project is vulnerable to: GHSA-6xrf-q977-5vgc","Warn: Project is vulnerable to: GHSA-v5vg-g7rq-363w","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-r6rj-9ch6-g264","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-px4h-xg32-q955","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-gj77-59wh-66hg","Warn: Project is vulnerable to: GHSA-hqhp-5p83-hx96","Warn: Project is vulnerable to: GHSA-3949-f494-cm99","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x","Warn: Project is vulnerable to: GHSA-9rhg-254w-fh9x","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-gp95-ppv5-3jc5","Warn: Project is vulnerable to: GHSA-54xq-cgqr-rpm3","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv","Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq","Warn: Project is vulnerable to: GHSA-v834-rhv4-65m3","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-662x-fhqg-9p8v","Warn: Project is vulnerable to: GHSA-394c-5j6w-4xmx","Warn: Project is vulnerable to: GHSA-78cj-fxph-m83p","Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3","Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442","Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc","Warn: Project is vulnerable to: GHSA-rqff-837h-mm52","Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2","Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j","Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-mpwj-fcr6-x34c","Warn: Project is vulnerable to: GHSA-5m98-qgg9-wh84","Warn: Project is vulnerable to: GHSA-7gpw-8wmc-pm8g","Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: PYSEC-2024-225 / GHSA-6vqw-3v5j-54x4","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: GHSA-h4gh-qq45-vh27","Warn: Project is vulnerable to: GHSA-3rq5-2g8h-59hc","Warn: Project is vulnerable to: GHSA-6673-4983-2vx5","Warn: Project is vulnerable to: PYSEC-2024-4 / GHSA-2mqj-m65w-jghx","Warn: Project is vulnerable to: PYSEC-2023-165 / GHSA-cwvm-v4w8-q58c","Warn: Project is vulnerable to: PYSEC-2023-137 / GHSA-pr76-5cm5-w9cj","Warn: Project is vulnerable to: PYSEC-2023-161 / GHSA-wfm5-v35h-vwf4","Warn: Project is vulnerable to: GHSA-496j-2rq6-j6cc","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: GHSA-mr82-8j83-vxmv","Warn: Project is vulnerable to: GHSA-m87m-mmvp-v9qm","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2024-110 / GHSA-jw8x-6495-233v","Warn: Project is vulnerable to: GHSA-g92j-qhmh-64v2","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-378x-6p4f-8jgm","Warn: Project is vulnerable to: GHSA-4v6w-xpmh-gfgp","Warn: Project is vulnerable to: GHSA-m7f4-hrc6-fwg3","Warn: Project is vulnerable to: GHSA-q49c-6v6g-wgq3","Warn: Project is vulnerable to: GHSA-gjh7-xx4r-x345","Warn: Project is vulnerable to: GHSA-g7vv-2v7x-gj9p","Warn: Project is vulnerable to: GHSA-37mw-44qp-f5jm","Warn: Project is vulnerable to: GHSA-37q5-v5qm-c9v8","Warn: Project is vulnerable to: GHSA-6rvg-6v2m-4j46","Warn: Project is vulnerable to: GHSA-9356-575x-2w9m","Warn: Project is vulnerable to: GHSA-fpwr-67px-3qhx","Warn: Project is vulnerable to: PYSEC-2024-229 / GHSA-hxxf-235m-72v3","Warn: Project is vulnerable to: GHSA-jjph-296x-mrcr","Warn: Project is vulnerable to: GHSA-phhr-52qp-3mj4","Warn: Project is vulnerable to: GHSA-q2wp-rjmx-x6x9","Warn: Project is vulnerable to: PYSEC-2025-40 / GHSA-qq3j-4f4f-9583","Warn: Project is vulnerable to: PYSEC-2024-227 / GHSA-qxrp-vhvm-j765","Warn: Project is vulnerable to: PYSEC-2024-228 / GHSA-wrfc-pvp9-mr9g","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985","Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j","Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw","Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T01:53:04.604Z","repository_id":37299798,"created_at":"2025-08-16T01:53:04.604Z","updated_at":"2025-08-16T01:53:04.604Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274357760,"owners_count":25270676,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","bot-framework","botkit","bots","chatbot","chatbots","chatbots-framework","conversation-driven-development","conversational-agents","conversational-ai","conversational-bots","machine-learning","machine-learning-library","mitie","natural-language-processing","nlp","nlu","rasa","spacy","wit"],"created_at":"2024-09-24T19:45:11.543Z","updated_at":"2025-09-09T20:29:38.766Z","avatar_url":"https://github.com/RasaHQ.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eRasa Open Source\u003c/h1\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Join the chat on Rasa Community Forum](https://img.shields.io/badge/forum-join%20discussions-brightgreen.svg)](https://forum.rasa.com/?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n[![PyPI version](https://badge.fury.io/py/rasa.svg)](https://badge.fury.io/py/rasa)\n[![Supported Python Versions](https://img.shields.io/pypi/pyversions/rasa.svg)](https://pypi.python.org/pypi/rasa)\n[![Build Status](https://github.com/RasaHQ/rasa/workflows/Continuous%20Integration/badge.svg)](https://github.com/RasaHQ/rasa/actions)\n[![Coverage Status](https://api.codeclimate.com/v1/badges/756dc6fea1d5d3e127f7/test_coverage)](https://codeclimate.com/github/RasaHQ/rasa/)\n[![Documentation Status](https://img.shields.io/badge/docs-stable-brightgreen.svg)](https://rasa.com/docs)\n![Documentation Build](https://img.shields.io/netlify/d2e447e4-5a5e-4dc7-be5d-7c04ae7ff706?label=Documentation%20Build)\n[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B8141%2Fgit%40github.com%3ARasaHQ%2Frasa.git.svg?type=shield)](https://app.fossa.com/projects/custom%2B8141%2Fgit%40github.com%3ARasaHQ%2Frasa.git?ref=badge_shield)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](https://github.com/orgs/RasaHQ/projects/23)\n\n\u003c/div\u003e\n\n\u003chr /\u003e\n\n💡 **We're migrating issues to Jira** 💡\n\nStarting January 2023, issues for Rasa Open Source are located in\n[this Jira board](https://rasa-open-source.atlassian.net/browse/OSS). You can browse issues without being logged in;\nif you want to create issues, you'll need to create a Jira account.\n\n\u003chr /\u003e\n\n\u003cimg align=\"right\" height=\"255\" src=\"https://www.rasa.com/assets/img/sara/sara-open-source-2.0.png\" alt=\"An image of Sara, the Rasa mascot bird, holding a flag that reads Open Source with one wing, and a wrench in the other\" title=\"Rasa Open Source\"\u003e\n\nRasa is an open source machine learning framework to automate text and voice-based conversations. With Rasa, you can build contextual assistants on:\n- Facebook Messenger\n- Slack\n- Google Hangouts\n- Webex Teams\n- Microsoft Bot Framework\n- Rocket.Chat\n- Mattermost\n- Telegram\n- Twilio\n- Your own custom conversational channels\n\nor voice assistants as:\n- Alexa Skills\n- Google Home Actions\n\nRasa helps you build contextual assistants capable of having layered conversations with\nlots of back-and-forth. In order for a human to have a meaningful exchange with a contextual\nassistant, the assistant needs to be able to use context to build on things that were previously\ndiscussed – Rasa enables you to build assistants that can do this in a scalable way.\n\nThere's a lot more background information in this\n[blog post](https://medium.com/rasa-blog/a-new-approach-to-conversational-software-2e64a5d05f2a).\n\n---\n- 🤔 [Learn more about Rasa](https://rasa.community/)\n\n- 🤓 [Read The Docs](https://rasa.com/docs/rasa/)\n\n- 😁 [Install Rasa](https://rasa.com/docs/rasa/installation/environment-set-up)\n\n- 🚀 [Dive deeper in the learning center](https://learning.rasa.com/)\n\n- 🤗 [Contribute](#how-to-contribute)\n\n- ❓ [Get enterprise-grade support](https://rasa.com/support/)\n\n- 🏢 [Explore the features of our commercial platform](https://rasa.com/product/rasa-platform/)\n\n- 📚 [Learn more about research papers that leverage Rasa](https://scholar.google.com/scholar?oi=bibs\u0026hl=en\u0026authuser=1\u0026cites=16243802403383697687,353275993797024115,14567308604105196228,9067977709825839723,9855847065463746011\u0026as_sdt=5)\n\n\n\n---\n## Where to get help\n\nThere is extensive documentation in the [Rasa Docs](https://rasa.com/docs/rasa).\nMake sure to select the correct version so you are looking at\nthe docs for the version you installed.\n\nPlease use [Rasa Community Forum](https://forum.rasa.com) for quick answers to\nquestions.\n\n### README Contents:\n- [How to contribute](#how-to-contribute)\n- [Development Internals](#development-internals)\n- [Releases](#releases)\n- [License](#license)\n\n### How to contribute\nWe are very happy to receive and merge your contributions into this repository!\n\nTo contribute via pull request, follow these steps:\n\n1. Create an issue describing the feature you want to work on (or\n   have a look at the [contributor board](https://github.com/orgs/RasaHQ/projects/23))\n2. Write your code, tests and documentation, and format them with ``black``\n3. Create a pull request describing your changes\n\nFor more detailed instructions on how to contribute code, check out these [code contributor guidelines](CONTRIBUTING.md).\n\nYou can find more information about how to contribute to Rasa (in lots of\ndifferent ways!) [on our website.](http://rasa.community).\n\nYour pull request will be reviewed by a maintainer, who will get\nback to you about any necessary changes or questions. You will\nalso be asked to sign a\n[Contributor License Agreement](https://cla-assistant.io/RasaHQ/rasa).\n\n\n## Development Internals\n\n### Installing Poetry\n\nRasa uses Poetry for packaging and dependency management. If you want to build it from source,\nyou have to install Poetry first. Please follow\n[the official guide](https://python-poetry.org/docs/#installation) to see all possible options.\n\nTo update an existing poetry version to the [version](.github/poetry_version.txt), currently used in rasa, run:\n```shell\n    poetry self update \u003cversion\u003e\n```\n\n### Managing environments\n\nThe official [Poetry guide](https://python-poetry.org/docs/managing-environments/) suggests to use\n[pyenv](https://github.com/pyenv/pyenv) or any other similar tool to easily switch between Python versions.\nThis is how it can be done:\n\n```bash\npyenv install 3.10.10\npyenv local 3.10.10  # Activate Python 3.10.10 for the current project\n```\n*Note*: If you have trouble installing a specific version of python on your system\nit might be worth trying other supported versions.\n\nBy default, Poetry will try to use the currently activated Python version to create the virtual environment\nfor the current project automatically. You can also create and activate a virtual environment manually — in this\ncase, Poetry should pick it up and use it to install the dependencies. For example:\n\n```bash\npython -m venv .venv\nsource .venv/bin/activate\n```\n\nYou can make sure that the environment is picked up by executing\n\n```bash\npoetry env info\n```\n\n### Building from source\n\nTo install dependencies and `rasa` itself in editable mode execute\n\n```bash\nmake install\n```\n\n*Note for macOS users*: under macOS Big Sur we've seen some compiler issues for\ndependencies. Using `export SYSTEM_VERSION_COMPAT=1` before the installation helped.\n\n\n#### Installing optional dependencies\n\nIn order to install rasa's optional dependencies, you need to run:\n\n```bash\nmake install-full\n```\n\n*Note for macOS users*: The command `make install-full` could result in a failure while installing `tokenizers`\n(issue described in depth [here](https://github.com/huggingface/tokenizers/issues/1050)).\n\nIn order to resolve it, you must follow these steps to install a Rust compiler:\n```bash\nbrew install rustup\nrustup-init\n```\n\nAfter initialising the Rust compiler, you should restart the console and check its installation:\n```bash\nrustc --version\n```\n\nIn case the PATH variable had not been automatically setup, run:\n```bash\nexport PATH=\"$HOME/.cargo/bin:$PATH\"\n```\n\n\n### Running and changing the documentation\n\nFirst of all, install all the required dependencies:\n\n```bash\nmake install install-docs\n```\n\nAfter the installation has finished, you can run and view the documentation\nlocally using:\n\n```bash\nmake livedocs\n```\n\nIt should open a new tab with the local version of the docs in your browser;\nif not, visit http://localhost:3000 in your browser.\nYou can now change the docs locally and the web page will automatically reload\nand apply your changes.\n\n### Running the Tests\n\nIn order to run the tests, make sure that you have the development requirements installed:\n\n```bash\nmake prepare-tests-ubuntu # Only on Ubuntu and Debian based systems\nmake prepare-tests-macos  # Only on macOS\n```\n\nThen, run the tests:\n\n```bash\nmake test\n```\n\nThey can also be run at multiple jobs to save some time:\n\n```bash\nJOBS=[n] make test\n```\n\nWhere `[n]` is the number of jobs desired. If omitted, `[n]` will be automatically chosen by pytest.\n\n\n### Running the Integration Tests\n\nIn order to run the integration tests, make sure that you have the development requirements installed:\n\n```bash\nmake prepare-tests-ubuntu # Only on Ubuntu and Debian based systems\nmake prepare-tests-macos  # Only on macOS\n```\n\nThen, you'll need to start services with the following command which uses\n[Docker Compose](https://docs.docker.com/compose/install/):\n\n```bash\nmake run-integration-containers\n```\n\nFinally, you can run the integration tests like this:\n\n```bash\nmake test-integration\n```\n\n\n### Resolving merge conflicts\n\nPoetry doesn't include any solution that can help to resolve merge conflicts in\nthe lock file `poetry.lock` by default.\nHowever, there is a great tool called [poetry-merge-lock](https://poetry-merge-lock.readthedocs.io/en/latest/).\nHere is how you can install it:\n\n```bash\npip install poetry-merge-lock\n```\n\nJust execute this command to resolve merge conflicts in `poetry.lock` automatically:\n\n```bash\npoetry-merge-lock\n```\n\n### Build a Docker image locally\n\nIn order to build a Docker image on your local machine execute the following command:\n\n```bash\nmake build-docker\n```\n\nThe Docker image is available on your local machine as `rasa:localdev`.\n\n### Code Style\n\nTo ensure a standardized code style we use the formatter [black](https://github.com/ambv/black).\nTo ensure our type annotations are correct we use the type checker [pytype](https://github.com/google/pytype).\nIf your code is not formatted properly or doesn't type check, GitHub will fail to build.\n\n#### Formatting\n\nIf you want to automatically format your code on every commit, you can use [pre-commit](https://pre-commit.com/).\nJust install it via `pip install pre-commit` and execute `pre-commit install` in the root folder.\nThis will add a hook to the repository, which reformats files on every commit.\n\nIf you want to set it up manually, install black via `poetry install`.\nTo reformat files execute\n```\nmake formatter\n```\n\n#### Type Checking\n\nIf you want to check types on the codebase, install `mypy` using `poetry install`.\nTo check the types execute\n```\nmake types\n```\n\n### Deploying documentation updates\n\nWe use `Docusaurus v2` to build docs for tagged versions and for the `main` branch.\nTo run Docusaurus, install `Node.js 12.x`.\nThe static site that gets built is pushed to the `documentation` branch of this repo.\n\nWe host the site on netlify. On `main` branch builds (see `.github/workflows/documentation.yml`), we push the built docs to\nthe `documentation` branch. Netlify automatically re-deploys the docs pages whenever there is a change to that branch.\n\n## Releases\nRasa has implemented robust policies governing version naming, as well as release pace for major, minor, and patch releases.\n\nThe values for a given version number (MAJOR.MINOR.PATCH) are incremented as follows:\n- MAJOR version for incompatible API changes or other breaking changes.\n- MINOR version for functionality added in a backward compatible manner.\n- PATCH version for backward compatible bug fixes.\n\nThe following table describes the version types and their expected *release cadence*:\n\n| Version Type |                                                                  Description                                                                  |  Target Cadence |\n|--------------|-----------------------------------------------------------------------------------------------------------------------------------------------|-----------------|\n| Major        | For significant changes, or when any backward-incompatible changes are introduced to the API or data model.                                   | Every 1 - 2 yrs |\n| Minor        | For when new backward-compatible functionality is introduced, a minor feature is introduced, or when a set of smaller features is rolled out. | +/- Quarterly   |\n| Patch        | For backward-compatible bug fixes that fix incorrect behavior.                                                                                | As needed       |\n\nWhile this table represents our target release frequency, we reserve the right to modify it based on changing market conditions and technical requirements.\n\n### Maintenance Policy\nOur End of Life policy defines how long a given release is considered supported, as well as how long a release is\nconsidered to be still in active development or maintenance.\n\nThe maintentance duration and end of life for every release are shown on our website as part of the [Product Release and Maintenance Policy](https://rasa.com/rasa-product-release-and-maintenance-policy/).\n\n### Cutting a Major / Minor release\n#### A week before release day\n\n1. **Make sure the [milestone](https://github.com/RasaHQ/rasa/milestones) already exists and is scheduled for the\ncorrect date.**\n2. **Take a look at the issues \u0026 PRs that are in the milestone**: does it look about right for the release highlights\nwe are planning to ship? Does it look like anything is missing? Don't worry about being aware of every PR that should\nbe in, but it's useful to take a moment to evaluate what's assigned to the milestone.\n3. **Post a message on the engineering Slack channel**, letting the team know you'll be the one cutting the upcoming\nrelease, as well as:\n    1. Providing the link to the appropriate milestone\n    2. Reminding everyone to go over their issues and PRs and please assign them to the milestone\n    3. Reminding everyone of the scheduled date for the release\n\n#### A day before release day\n\n1. **Go over the milestone and evaluate the status of any PR merging that's happening. Follow up with people on their\nbugs and fixes.** If the release introduces new bugs or regressions that can't be fixed in time, we should discuss on\nSlack about this and take a decision on how to move forward. If the issue is not ready to be merged in time, we remove the issue / PR from the milestone and notify the PR owner and the product manager on Slack about it. The PR / issue owners are responsible for\ncommunicating any issues which might be release relevant. Postponing the release should be considered as an edge case scenario.\n\n#### Release day! 🚀\n\n1. **At the start of the day, post a small message on slack announcing release day!** Communicate you'll be handling\nthe release, and the time you're aiming to start releasing (again, no later than 4pm, as issues may arise and\ncause delays). This message should be posted early in the morning and before moving forward with any of the steps of the release,\n   in order to give enough time to people to check their PRs and issues. That way they can plan any remaining work. A template of the slack message can be found [here](https://rasa-hq.slack.com/archives/C36SS4N8M/p1613032208137500?thread_ts=1612876410.068400\u0026cid=C36SS4N8M).\n   The release time should be communicated transparently so that others can plan potentially necessary steps accordingly. If there are bigger changes this should be communicated.\n2. Make sure the milestone is empty (everything has been either merged or moved to the next milestone)\n3. Once everything in the milestone is taken care of, post a small message on Slack communicating you are about to\nstart the release process (in case anything is missing).\n4. **You may now do the release by following the instructions outlined in the\n[Rasa Open Source README](#steps-to-release-a-new-version) !**\n\n#### After a Major release\n\nAfter a Major release has been completed, please follow [these instructions to complete the documentation update](./docs/README.md#manual-steps-after-a-new-version).\n\n### Steps to release a new version\nReleasing a new version is quite simple, as the packages are build and distributed by GitHub Actions.\n\n*Release steps*:\n1. Make sure all dependencies are up to date (**especially Rasa SDK**)\n    - For Rasa SDK, except in the case of a patch release, that means first creating a [new Rasa SDK release](https://github.com/RasaHQ/rasa-sdk#steps-to-release-a-new-version) (make sure the version numbers between the new Rasa and Rasa SDK releases match)\n    - Once the tag with the new Rasa SDK release is pushed and the package appears on [pypi](https://pypi.org/project/rasa-sdk/), the dependency in the rasa repository can be resolved (see below).\n2. If this is a minor / major release: Make sure all fixes from currently supported minor versions have been merged from their respective release branches (e.g. 3.3.x) back into main.\n3. In case of a minor release, create a new branch that corresponds to the new release, e.g.\n   ```bash\n    git checkout -b 1.2.x\n    git push origin 1.2.x\n    ```\n4. Switch to the branch you want to cut the release from (`main` in case of a major, the `\u003cmajor\u003e.\u003cminor\u003e.x` branch for minors and patches)\n    - Update the `rasa-sdk` entry in `pyproject.toml` with the new release version and run `poetry update`. This creates a new `poetry.lock` file with all dependencies resolved.\n    - Commit the changes with `git commit -am \"bump rasa-sdk dependency\"` but do not push them. They will be automatically picked up by the following step.\n5. If this is a major release, update the list of actively maintained versions [in the README](#actively-maintained-versions) and in [the docs](./docs/docs/actively-maintained-versions.mdx).\n6. Run `make release`\n7. Create a PR against the release branch (e.g. `1.2.x`)\n8. Once your PR is merged, tag a new release (this SHOULD always happen on the release branch), e.g. using\n    ```bash\n    git checkout 1.2.x\n    git pull origin 1.2.x\n    git tag 1.2.0 -m \"next release\"\n    git push origin 1.2.0 --tags\n    ```\n    GitHub will build this tag and publish the build artifacts.\n9. After all the steps are completed and if everything goes well then we should see a message automatically posted in the company's Slack (`product` channel) like this [one](https://rasa-hq.slack.com/archives/C7B08Q5FX/p1614354499046600)\n10. If no message appears in the channel then you can do the following checks:\n    - Check the workflows in [Github Actions](https://github.com/RasaHQ/rasa/actions) and make sure that the merged PR of the current release is completed successfully. To easily find your PR you can use the filters `event: push` and `branch: \u003cversion number\u003e` (example on release 2.4 you can see [here](https://github.com/RasaHQ/rasa/actions/runs/643344876))\n    - If the workflow is not completed, then try to re run the workflow in case that solves the problem\n    - If the problem persists, check also the log files and try to find the root cause of the issue\n    - If you still cannot resolve the error, contact the infrastructure team by providing any helpful information from your investigation\n11.  After the message is posted correctly in the `product` channel, check also in the `product-engineering-alerts` channel if there are any alerts related to the Rasa Open Source release like this [one](https://rasa-hq.slack.com/archives/C01585AN2NP/p1615486087001000)\n\n### Cutting a Patch release\n\nPatch releases are simpler to cut, since they are meant to contain only bugfixes.\n\n**The only things you need to do to cut a patch release are:**\n\n1. Notify the engineering team on Slack that you are planning to cut a patch, in case someone has an important fix\nto add.\n2. Make sure the bugfix(es) are in the release branch you will use (p.e if you are cutting a `2.0.4` patch, you will\nneed your fixes to be on the `2.0.x` release branch). All patch releases must come from a `.x` branch!\n3. Once you're ready to release the Rasa Open Source patch, checkout the branch, run `make release` and follow the\nsteps + get the PR merged.\n4. Once the PR is in, pull the `.x` branch again and push the tag!\n\n### Additional Release Tasks \n**Note: This is only required if the released version is the highest version available.\nFor instance, perform the following steps when version \u003e [version](https://github.com/RasaHQ/rasa/blob/main/rasa/version.py) on main.**\n\nIn order to check compatibility between the new released Rasa version to the latest version of Rasa X/Enterprise, we perform the following steps:\n1. Following a new Rasa release, an automated pull request is created in [Rasa-X-Demo](https://github.com/RasaHQ/rasa-x-demo/pulls). \n2. Once the above PR is merged, follow instructions [here](https://github.com/RasaHQ/rasa-x-demo/blob/master/.github/VERSION_BUMPER_PR_COMMENT.md), to release a version.\n3. Update the new version in the Rasa X/Enterprise [env file](https://github.com/RasaHQ/rasa-x/blob/main/.env).\nThe [Rasa-X-Demo](https://github.com/RasaHQ/rasa-x-demo) project uses the new updated Rasa version to train and test a model which in turn is used by our CI to run tests in the Rasa X/Enterprise repository, \nthus validating compatibility between Rasa and Rasa X/Enterprise.\n\n### Actively maintained versions\n\nPlease refer to the [Rasa Product Release and Maintenance Policy](https://rasa.com/rasa-product-release-and-maintenance-policy/) page.\n\n## License\nLicensed under the Apache License, Version 2.0.\nCopyright 2022 Rasa Technologies GmbH. [Copy of the license](LICENSE.txt).\n\nA list of the Licenses of the dependencies of the project can be found at\nthe bottom of the\n[Libraries Summary](https://libraries.io/github/RasaHQ/rasa).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frasahq%2Frasa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frasahq%2Frasa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frasahq%2Frasa/lists"}