fix: fix warning

.github/workflows/ci.yml

@@ -18,7 +18,8 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
-      - run: pip install pre-commit                                                                                                                                                                                                
+      - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.3.1
+      - run: uv pip install --system pre-commit==4.2.0
       - run: pre-commit run --all-files --show-diff-on-failure --color=always
 
 
@@ -31,8 +32,9 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
+      - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.3.1
       - name: Install package and dev dependencies
-        run: pip install -e ".[dev]"
+        run: uv pip install --system -e ".[dev]"
       - name: Run tests
         run: pytest
 
@@ -45,8 +47,9 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
+      - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.3.1
       - name: Install zizmor
-        run: pip install zizmor
+        run: uv pip install --system zizmor==1.6.0
       - name: Run zizmor
         run: zizmor --min-severity medium .github/
 

.github/workflows/release-please.yml

@@ -4,13 +4,14 @@ on:
   push:
     branches: [main]
 
-permissions:
-  contents: write
-  pull-requests: write
+permissions: {}
 
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
         id: release

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Do not open a public GitHub issue for security vulnerabilities.**
+
+Instead, please use [GitHub's private vulnerability reporting](https://github.com/lhoupert/action-python-security-auditing/security/advisories/new) to submit your report.
+
+### What to expect
+
+- **Acknowledgement** within 48 hours of your report.
+- **Status update** within 7 days with an assessment and remediation timeline.
+- **Credit** in the release notes (unless you prefer to remain anonymous).
+
+Thank you for helping keep this project and its users safe.

action.yml

@@ -36,10 +36,11 @@ runs:
   steps:
     - name: Run Bandit (static security analysis)
       if: contains(inputs.tools, 'bandit')
+      continue-on-error: true
       uses: lhoupert/bandit-action@18022d5292d04b21fae1bfa44597b94402ba7365
       with:
         targets: ${{ inputs.bandit_scan_dirs }}
-        level: ${{ inputs.bandit_severity_threshold }}
+        severity: ${{ inputs.bandit_severity_threshold }}
 
     - name: Set up uv
       uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0