Merge branch 'main' into issue/875/replace-safety-with-pip-audit

.github/workflows/benchmark.yml

@@ -37,7 +37,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5
         with:
-          python-version: "3.9"
+          python-version: "3.10"
 
       - name: "Install dev dependencies"
         run: |

.github/workflows/scorecards.yaml

@@ -25,7 +25,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: block
           disable-telemetry: false

.github/workflows/tests.yml

@@ -24,7 +24,7 @@ jobs:
       USING_COVERAGE: '3.10'
     strategy:
       matrix:
-        python-version: ["3.10"]
+        python-version: ["3.10","3.11","3.12"]
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # tag=v1.4

.pre-commit-config.yaml

@@ -4,7 +4,7 @@
 
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
     -   id: trailing-whitespace
     -   id: end-of-file-fixer

CONTRIBUTING.md

@@ -37,7 +37,7 @@ Request features on the [Issue Tracker].
 
 ## How to set up your development environment
 
-You need Python 3.8+ and the following tools:
+You need Python 3.10+ and the following tools:
 
 - [Poetry]
 - [Nox]

README.md

@@ -1,16 +1,14 @@
 # Asciize
 
-[![PyPI](https://img.shields.io/pypi/v/asciize.svg)][pypi_]
-[![Status](https://img.shields.io/pypi/status/asciize.svg)][status]
-[![Python Version](https://img.shields.io/pypi/pyversions/asciize)][python version]
-[![License](https://img.shields.io/pypi/l/asciize)][license]
 
 [![Read the documentation at https://asciize.readthedocs.io/](https://img.shields.io/readthedocs/asciize/latest.svg?label=Read%20the%20Docs)][read the docs]
 [![Tests](https://github.com/sett.and.hive/asciize/workflows/Tests/badge.svg)][tests]
 [![Codecov](https://codecov.io/gh/sett.and.hive/asciize/branch/main/graph/badge.svg)][codecov]
 
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)][pre-commit]
 [![Black](https://img.shields.io/badge/code%20style-black-000000.svg)][black]
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10027/badge)](https://www.bestpractices.dev/projects/10027)
+
 
 [pypi_]: https://pypi.org/project/asciize/
 [status]: https://pypi.org/project/asciize/

RELEASE_NOTES.md

@@ -0,0 +1,7 @@
+# RELEASE NOTES
+
+This project is alpha, pre-release.
+
+## KNOWN CRITICAL and HIGH VULNERABILITIES
+
+There are no know critical and high vulnerabilities with CVE numbers.

SECURITY.md

@@ -2,7 +2,7 @@
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
+These versions of your project are
 currently being supported with security updates.
 
 | Version | Supported          |
@@ -11,4 +11,6 @@ currently being supported with security updates.
 
 ## Reporting a Vulnerability
 
-Please raise an issue and we'll triage it as soon as we can.
+Please raise an [issue](https://github.com/sett-and-hive/asciize/issues) and we'll triage it within 30 days.
+
+This is a sleepy low risk repository but we will disclose any serious security issues as they arise.

noxfile.py

@@ -22,8 +22,8 @@
 
 
 package = "asciize"
-python_versions = ["3.10"]
-nox.needs_version = ">= 2021.6.6"
+python_versions = ["3.10", "3.11", "3.12"]
+nox.needs_version = ">= 2024.4.15"
 nox.options.sessions = (
     "pre-commit",
     "pip-audit",

pyproject.toml

@@ -38,7 +38,7 @@ sphinx-click = ">=3.0.2"
 typeguard = ">=2.13.3"
 xdoctest = {extras = ["colors"], version = ">=0.15.10"}
 myst-parser = {version = ">=0.16.1"}
-pytest-benchmark = {extras = ["histogram"], version = "^4.0.0"}
+pytest-benchmark = {extras = ["histogram"], version = "^5.0.0"}
 pytest-randomly = "^3.12.0"
 virtualenv = "20.26.6"