📝 Switch form safety to uv-secure

cusyio · Jan 19, 2025 · 4667a32 · 4667a32
1 parent f1b8b1c
commit 4667a32
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 11 deletions.
diff --git a/docs/productive/envs/uv/dependency-bot.rst b/docs/productive/envs/uv/dependency-bot.rst
@@ -4,8 +4,11 @@ Dependency bot
 It is good practice to update dependencies regularly to avoid vulnerabilities,
 limit incompatibilities between dependencies and avoid complex upgrades when
 upgrading from a version that is too old. A variety of tools can help you stay
-up to date. :term:`uv` is supported by `Renovate
-<https://docs.renovatebot.com/>`_.
+up to date. :ref:`update-uv-lock` describes how you can use ``uv lock
+--upgrade``  update all dependencies and :samp:`uv lock --upgrade-package
+{PACKAGE}=={VERSION}` to update individual dependencies in a controlled manner.
+However, you can also use `Renovate <https://docs.renovatebot.com/>`_ to help
+you with this.
 
 Renovate uses the :ref:`uv_lock` file to detect that ``uv`` is being used to
 manage dependencies and suggests updates for project dependencies, optional

diff --git a/docs/productive/envs/uv/index.rst b/docs/productive/envs/uv/index.rst
@@ -49,12 +49,12 @@ packages <Distribution Package>` and :term:`wheels <wheel>`.
 Declare, lock and automatically update dependencies
 ---------------------------------------------------
 
-Updating :ref:`update-uv-lock` describes how you can use ``uv lock --upgrade``
-to update all dependencies and :samp:`uv lock --upgrade-package
-{PACKAGE}=={VERSION}` to update individual dependencies in a controlled manner.
-We describe how you can regularly update the dependencies of your project
-automatically in :doc:`dependency-bot`. These measures significantly increase
-the security of your project.
+:ref:`update-uv-lock` describes how you can use ``uv lock --upgrade`` to update
+all dependencies and :samp:`uv lock --upgrade-package {PACKAGE}=={VERSION}` to
+update individual dependencies in a controlled manner. We describe how you can
+regularly update the dependencies of your project automatically in
+:doc:`dependency-bot`. These measures significantly increase the security of
+your project.
 
 .. seealso::
    * :ref:`lock-dependencies`

diff --git a/docs/productive/security.rst b/docs/productive/security.rst
@@ -11,6 +11,8 @@ doing so, we will be guided by the `OpenSSF
 Scorecard <https://securityscorecards.dev/>`_. Alternatively, you can also
 follow :ref:`open_chain`.
 
+.. _check-vulnerabilities:
+
 Check vulnerabilities
 ---------------------
 
@@ -20,8 +22,8 @@ This check determines whether the project has open, unfixed vulnerabilities in
 its own code base or in its dependencies. An open vulnerability can be easily
 exploited and should be closed as soon as possible.
 
-For such a check, you can use for example `safety
-<https://github.com/pyupio/safety>`_. Alternatively, you can use `osv
+For such a check, you can use for example `uv-secure
+<https://pypi.org/project/uv-secure/>`_. Alternatively, you can use `osv
 <https://pypi.org/project/osv/>`_ or `pip-audit
 <https://pypi.org/project/pip-audit/>`_, which uses the `Open Source
 Vulnerability Database <https://osv.dev>`_.
@@ -282,7 +284,8 @@ not just to a mutable version or version range.
 :ref:`spack_lock`, :doc:`envs/uv/index` in :ref:`uv_lock`. These files should
 therefore also be checked in with the source code.
 
-This can reduce the following security risks for :doc:`python-basics:apps`:
+This can reduce the following security risks for
+:doc:`python-basics:packs/apps`:
 
 * Testing and deployment are done with the same software, which reduces
   deployment risks, simplifies debugging and enables reproducibility.