dependabot, ruff, security checks

Made-with: Cursor

Author: subodh101

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5

.github/workflows/python-package.yml

@@ -28,6 +28,12 @@ jobs:
       - name: Install dependencies
         run: uv sync --extra dev
 
+      - name: Audit dependencies
+        run: uv run pip-audit --ignore-vuln CVE-2026-4539
+
+      - name: Run bandit
+        run: uv run bandit -r . -c pyproject.toml
+
       - name: Run pre-commit (format & lint)
         run: uv run pre-commit run --all-files
 

.pre-commit-config.yaml

@@ -1,21 +1,10 @@
 repos:
-  - repo: https://github.com/psf/black
-    rev: 26.1.0
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.15.8
     hooks:
-      - id: black
-        args: [--line-length=127]
-
-  - repo: https://github.com/pycqa/isort
-    rev: 7.0.0
-    hooks:
-      - id: isort
-        args: [--profile=black, --line-length=127]
-
-  - repo: https://github.com/pycqa/flake8
-    rev: 7.3.0
-    hooks:
-      - id: flake8
-        args: [--max-line-length=127]
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
 
   - repo: https://github.com/pre-commit/mirrors-mypy
     rev: v1.19.1

README.md

@@ -4,16 +4,21 @@
 This repository provides a basic Python project template, ideal for quick setup and efficient development.
 
 ## Features
-- **Workflow Configurations:** Automated testing and linting workflows in `.github/workflows` for multiple python versions.
+- **Workflow Configurations:** Automated testing, linting, `pip-audit`, and `bandit` in `.github/workflows` for multiple Python versions.
+- **Dependabot:** Weekly PRs for pip ([pyproject.toml](pyproject.toml)) and GitHub Actions.
 - **Testing Setup:** Ready-to-use test cases in `tests` directory.
-- **Essential Files:** Includes `.pre-commit-config.yaml`, `.gitignore`, `pyproject.toml`.
+- **Essential Files:** Includes `.pre-commit-config.yaml` (Ruff + mypy), `.gitignore`, `pyproject.toml`.
 - **Python Scripts:** Sample `main.py` and `utils.py` for a quick start.
 
 ## Usage
 Use the template and modify the existing structure to suit your project needs.
 
 ## Updates
 
+### Dependabot and `uv.lock`
+
+Dependabot may update [pyproject.toml](pyproject.toml) only. After merging or applying those changes, run `uv lock` (or `uv lock --upgrade-package <name>`) and commit the updated [uv.lock](uv.lock) so installs and CI stay in sync.
+
 ### python3.12
 
 **Faster Python:**

pyproject.toml

@@ -7,6 +7,19 @@ dependencies = []
 
 [project.optional-dependencies]
 dev = [
+    "bandit[toml]",
+    "pip-audit",
     "pre-commit",
     "pytest",
+    "ruff",
 ]
+
+[tool.ruff]
+line-length = 127
+target-version = "py312"
+
+[tool.ruff.lint]
+select = ["E", "F", "I"]
+
+[tool.bandit]
+exclude_dirs = ["tests", ".venv"]

utils.py

@@ -1,4 +1,4 @@
-def concatenate_strings(str1: str, str2: str):
+def concatenate_strings(str1: str, str2: str) -> str:
     """
     Concatenates two given strings.