mirror of
https://github.com/azaion/gps-denied-onboard.git
synced 2026-06-22 02:41:14 +00:00
Oleksandr Bezdieniezhnykh
35 lines
901 B
Markdown
35 lines
901 B
Markdown
# Dependency Vulnerability Scan
|
|
|
|
**Date**: 2026-05-07
|
|
**Tool**: `pip-audit 2.10.0`
|
|
**Manifest**: `pyproject.toml`
|
|
**Result**: PASS
|
|
|
|
## Scope
|
|
|
|
The scan covered the Python dependencies declared in `pyproject.toml`, including the `dev` optional dependency group:
|
|
|
|
- `pydantic==2.13.3`
|
|
- `black>=24.0`
|
|
- `pytest>=8.0`
|
|
- `ruff>=0.5`
|
|
|
|
## Findings
|
|
|
|
No known vulnerabilities were reported.
|
|
|
|
## Audit Output Summary
|
|
|
|
`pip-audit` resolved and checked the project dependency set and returned:
|
|
|
|
```text
|
|
No known vulnerabilities found
|
|
```
|
|
|
|
Resolved packages with no advisories included `pydantic`, `pydantic-core`, `black`, `pytest`, and `ruff`.
|
|
|
|
## Notes
|
|
|
|
- `pip-audit` and its own transitive packages were installed as an audit tool in the local Python environment.
|
|
- The repository does not currently include a locked production dependency file, so the audit used the version constraints from `pyproject.toml`.
|