feat: repurpose the repo into smoke test repo after migrating the integration tests in main repo

[lhoupert]

Integration tests moved in developmentseed/action-python-security-auditing#43

[github-actions]

Security Audit Report

View workflow run

Bandit — Static Security Analysis (Security tab)

2 issue(s) found: 1 high, 1 low

Severity	Confidence	File	Line	Issue
🔴 HIGH	HIGH	08-poetry-src-both/src/auth.py	8	[B324] Use of weak MD5 hash for security. Consider usedforsecurity=False

1 low issue(s) below threshold not shown in table.

pip-audit — Dependency Vulnerabilities (Security tab)

Package	Version	ID	Fix Versions	Description
cryptography	38.0.0	PYSEC-2023-11	39.0.1	Previously, Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immut
cryptography	38.0.0	PYSEC-2023-254	41.0.6	### Summary Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer derefer
cryptography	38.0.0	PYSEC-2023-254	41.0.6	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pe
cryptography	38.0.0	PYSEC-2024-225	42.0.4	If pkcs12.serialize_key_and_certificates is called with both: 1. A certificate whose public key did not match the pro
cryptography	38.0.0	PYSEC-2024-225	42.0.4	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in vers
cryptography	38.0.0	PYSEC-2023-11	39.0.1	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected vers
cryptography	38.0.0	GHSA-39hc-v87j-747x	38.0.3	pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography
cryptography	38.0.0	CVE-2023-0286	39.0.1	pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography
cryptography	38.0.0	GHSA-5cpq-8wj7-hf2v	41.0.0	pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography
cryptography	38.0.0	GHSA-jm77-qphf-c4w8	41.0.3	pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography
cryptography	38.0.0	CVE-2023-50782	42.0.0	A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages
cryptography	38.0.0	GHSA-v8gr-m533-ghj9	41.0.4	pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography
cryptography	38.0.0	CVE-2024-0727	42.0.2	Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of
cryptography	38.0.0	GHSA-h4gh-qq45-vh27	43.0.1	pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography
cryptography	38.0.0	CVE-2026-26007	46.0.5	## Vulnerability Summary The public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), `EllipticCurvePu
cryptography	38.0.0	CVE-2026-34073	46.0.6	## Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within ch
idna	2.10	PYSEC-2024-60	3.7	### Impact A specially crafted argument to the idna.encode() function could consume significant resources. This may le
idna	2.10	PYSEC-2024-60	3.7	A vulnerability was identified in the kjd/idna library, specifically within the idna.encode() function, affecting vers
requests	2.25.0	PYSEC-2023-74	2.31.0	### Impact Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to
requests	2.25.0	PYSEC-2023-74	2.31.0	Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination s
requests	2.25.0	CVE-2024-35195	2.32.0	When using a requests.Session, if the first request to a given origin is made with verify=False, TLS certificate ver
requests	2.25.0	CVE-2024-47081	2.32.4	### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties f
requests	2.25.0	CVE-2026-25645	2.33.0	### Impact The requests.utils.extract_zipped_paths() utility function uses a predictable filename when extracting file
urllib3	1.26.20	CVE-2025-50181	2.5.0	urllib3 handles redirects and retries using the same mechanism, which is controlled by the Retry object. The most comm
urllib3	1.26.20	CVE-2025-66418	2.6.0	## Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., `Content-
urllib3	1.26.20	CVE-2025-66471	2.6.0	### Impact urllib3's streaming API is
urllib3	1.26.20	CVE-2026-21441	2.6.3	### Impact urllib3's streaming API is

27 vulnerability/vulnerabilities found (27 fixable) across 4 package(s).

---

Result: ❌ Blocking issues found — see details above.

[github-actions]

✅ All test workflows behaved as expected

3 passed, 0 failed

Test	Name	Expected	Actual	Bandit	pip-audit	Result
01	requirements · flat · clean	success	success	—	—	✅
03	requirements · src/+scripts/ · bandit HIGH + pip-audit	failure	failure	B105, B404, B602	cryptography, idna, requests, urllib3	✅
08	poetry · src/ · bandit MEDIUM + pip-audit	failure	failure	B105, B324	cryptography, idna, requests, urllib3	✅