Remove dependency scan (#40)

* ci: remove dependency vulnerability scan from security workflow

Remove the dependency-scan job that ran safety and pip-audit checks.
Retain CodeQL, secrets scanning, and cryptographic analysis jobs.

* docs: update minimum Python version to 3.10

---------

Co-authored-by: Hernan Monserrat <16483541+hemonserrat@users.noreply.github.com>

Author: hemonserrat

.github/workflows/security.yml

@@ -40,42 +40,6 @@ jobs:
       with:
         category: "/language:${{matrix.language}}"
 
-  dependency-scan:
-    name: Dependency Vulnerability Scan
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v6
-
-    - name: Set up Python
-      uses: actions/setup-python@v6
-      with:
-        python-version: '3.11'
-
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r requirements.txt
-        pip install safety pip-audit
-
-    - name: Run safety check
-      run: |
-        safety check --json --output safety-report.json || true
-        safety check
-
-    - name: Run pip-audit
-      run: |
-        pip-audit --format=json --output=pip-audit-report.json || true
-        pip-audit
-
-    - name: Upload vulnerability reports
-      uses: actions/upload-artifact@v7
-      if: always()
-      with:
-        name: vulnerability-reports
-        path: |
-          safety-report.json
-          pip-audit-report.json
-
   secrets-scan:
     name: Secrets Scan
     runs-on: ubuntu-latest

CONTRIBUTING.md

@@ -27,7 +27,7 @@ This project adheres to a code of conduct that we expect all contributors to fol
 
 ### Prerequisites
 
-- Python 3.8 or higher
+- Python 3.10 or higher
 - Git
 - GPG (for testing GPG functionality)
 

README.md

@@ -88,7 +88,7 @@ pip install -e ".[dev,security]"
 
 ### System Requirements
 
-- Python 3.8 or higher
+- Python 3.10 or higher
 - GPG (for keyfile sharing functionality)
   - **Ubuntu/Debian**: `sudo apt-get install gnupg`
   - **macOS**: `brew install gnupg`