You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security hardening for the repository and release pipeline:
Dependabot (.github/dependabot.yml): weekly automated PRs for Python dependency and GitHub Actions updates; minor and patch updates grouped to reduce noise.
CodeQL (.github/workflows/codeql.yml): SAST scanning on every push, PR, and weekly schedule; results surface in the GitHub Security tab.
Dependency vulnerability scanning (.github/workflows/security.yml): pip-audit checks all locked dependencies against OSV/PyPI advisory databases on push, PR, and weekly.
Publish gate (publish.yml): pip-audit now runs before every PyPI release; a known-vulnerable dependency blocks the publish job.
SECURITY.md: published security policy with private vulnerability reporting instructions and scope definition.
Updated idna (transitive dependency via httpx) from 3.11 to 3.18 to address PYSEC-2026-215, a DoS vulnerability in idna.encode() for arbitrarily large inputs.