📝 Switch form safety to uv-secure

Author: veit

docs/productive/envs/uv/dependency-bot.rst

@@ -4,8 +4,11 @@ Dependency bot
 It is good practice to update dependencies regularly to avoid vulnerabilities,
 limit incompatibilities between dependencies and avoid complex upgrades when
 upgrading from a version that is too old. A variety of tools can help you stay
-up to date. :term:`uv` is supported by `Renovate
-<https://docs.renovatebot.com/>`_.
+up to date. :ref:`update-uv-lock` describes how you can use ``uv lock
+--upgrade``  update all dependencies and :samp:`uv lock --upgrade-package
+{PACKAGE}=={VERSION}` to update individual dependencies in a controlled manner.
+However, you can also use `Renovate <https://docs.renovatebot.com/>`_ to help
+you with this.
 
 Renovate uses the :ref:`uv_lock` file to detect that ``uv`` is being used to
 manage dependencies and suggests updates for project dependencies, optional

docs/productive/envs/uv/index.rst

@@ -49,12 +49,12 @@ packages <Distribution Package>` and :term:`wheels <wheel>`.
 Declare, lock and automatically update dependencies
 ---------------------------------------------------
 
-Updating :ref:`update-uv-lock` describes how you can use ``uv lock --upgrade``
-to update all dependencies and :samp:`uv lock --upgrade-package
-{PACKAGE}=={VERSION}` to update individual dependencies in a controlled manner.
-We describe how you can regularly update the dependencies of your project
-automatically in :doc:`dependency-bot`. These measures significantly increase
-the security of your project.
+:ref:`update-uv-lock` describes how you can use ``uv lock --upgrade`` to update
+all dependencies and :samp:`uv lock --upgrade-package {PACKAGE}=={VERSION}` to
+update individual dependencies in a controlled manner. We describe how you can
+regularly update the dependencies of your project automatically in
+:doc:`dependency-bot`. These measures significantly increase the security of
+your project.
 
 .. seealso::
    * :ref:`lock-dependencies`

docs/productive/security.rst

@@ -11,6 +11,8 @@ doing so, we will be guided by the `OpenSSF
 Scorecard <https://securityscorecards.dev/>`_. Alternatively, you can also
 follow :ref:`open_chain`.
 
+.. _check-vulnerabilities:
+
 Check vulnerabilities
 ---------------------
 
@@ -20,8 +22,8 @@ This check determines whether the project has open, unfixed vulnerabilities in
 its own code base or in its dependencies. An open vulnerability can be easily
 exploited and should be closed as soon as possible.
 
-For such a check, you can use for example `safety
-<https://github.com/pyupio/safety>`_. Alternatively, you can use `osv
+For such a check, you can use for example `uv-secure
+<https://pypi.org/project/uv-secure/>`_. Alternatively, you can use `osv
 <https://pypi.org/project/osv/>`_ or `pip-audit
 <https://pypi.org/project/pip-audit/>`_, which uses the `Open Source
 Vulnerability Database <https://osv.dev>`_.
@@ -282,7 +284,8 @@ not just to a mutable version or version range.
 :ref:`spack_lock`, :doc:`envs/uv/index` in :ref:`uv_lock`. These files should
 therefore also be checked in with the source code.
 
-This can reduce the following security risks for :doc:`python-basics:apps`:
+This can reduce the following security risks for
+:doc:`python-basics:packs/apps`:
 
 * Testing and deployment are done with the same software, which reduces
   deployment risks, simplifies debugging and enables reproducibility.