Only Python standard libraries are used (see the project TOML) - no 3rd party dependencies are involved. Security / vulnerability alerts related to Python itself would be addressed within Python.

In general, security / vulnerability alerts are managed via Dependabot alerts - these are usually related to sub-dependencies of optional or development dependencies, and are addressed via PRs as they arise.

The repository is enabled with a number of features to ensure security, including CodeQL analysis, Dependabot alerts and secrets scanning.

Any vulnerability that could potentially impact the installation or performance of the package, or the accuracy of its results in computations, should be reported privately via email to the maintainer: s.murthy@tutanota.com.