# Dependency Vulnerability Scan

**Date**: 2026-05-07
**Tool**: `pip-audit 2.10.0`
**Manifest**: `pyproject.toml`
**Result**: PASS

## Scope

The scan covered the Python dependencies declared in `pyproject.toml`, including the `dev` optional dependency group:

- `pydantic==2.13.3`
- `black>=24.0`
- `pytest>=8.0`
- `ruff>=0.5`

## Findings

No known vulnerabilities were reported.

## Audit Output Summary

`pip-audit` resolved and checked the project dependency set and returned:

```text
No known vulnerabilities found
```

Resolved packages with no advisories included `pydantic`, `pydantic-core`, `black`, `pytest`, and `ruff`.

## Notes

- `pip-audit` and its own transitive packages were installed as an audit tool in the local Python environment.
- The repository does not currently include a locked production dependency file, so the audit used the version constraints from `pyproject.toml`.