security: dependency audit and pin critical dependencies in CI

**Task Description**
Run `pip-audit` or `safety` in CI and pin versions of critical dependencies. Add a scheduled workflow to run dependency audit weekly.

**Goal**
Avoid introducing known-vulnerable versions via updates.

**Suggestions**
- Add job in `.github/workflows/security.yml` to run `pip-audit`
- Add `requirements-dev.txt` with pinned versions for CI, or use Poetry lock file

**Labels:** `security`, `ci`
**Difficulty:** easy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

security: dependency audit and pin critical dependencies in CI #14

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

security: dependency audit and pin critical dependencies in CI #14

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions