The package currently only uses Python standard libraries (see the project TOML), and has no 3rd party dependencies. Security / vulnerability alerts related to Python itself would be addressed within Python.

A listing of current security / vulnerability alerts is available via Dependabot alerts - these are usually related to sub-dependencies of optional or development dependencies, and are addressed via dedicated PRs as they arise.

The repository is enabled with a number of features to ensure security, including CodeQL analysis, Dependabot alerts and secrets scanning.

Any vulnerability that could potentially impact the installation or performance of the package, or the accuracy of its results in computations, should be reported privately via email to the maintainer: s.murthy@tutanota.com.