From 4d432596cff9672ea9a43db921f545ac14bfef93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bern=C3=A1t=20G=C3=A1bor?= <bgabor8@bloomberg.net>
Date: Fri, 8 Sep 2023 10:11:09 -0700
Subject: [PATCH] Add security and funding
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bernát Gábor <bgabor8@bloomberg.net>
---
 .github/FUNDING.yml     |  1 +
 .github/SECURITY.md     | 13 +++++++++++++
 .pre-commit-config.yaml |  2 +-
 pyproject.toml          |  2 +-
 tox.ini                 |  6 +++---
 5 files changed, 19 insertions(+), 5 deletions(-)
 create mode 100644 .github/FUNDING.yml
 create mode 100644 .github/SECURITY.md

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 0000000..d128d4f
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+tidelift: pypi/devpi-process
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..5968e5b
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.0 + | :white_check_mark: |
+| < 1.0.0 | :x:                |
+
+## Reporting a Vulnerability
+
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift
+will coordinate the fix and disclosure.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f72c6e7..58d3a68 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -22,7 +22,7 @@ repos:
     rev: "1.1.0"
     hooks:
       - id: pyproject-fmt
-        additional_dependencies: ["tox>=4.8"]
+        additional_dependencies: ["tox>=4.11.2"]
   - repo: https://github.com/pre-commit/mirrors-prettier
     rev: "v3.0.3"
     hooks:
diff --git a/pyproject.toml b/pyproject.toml
index 0900d20..3c567d4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -48,7 +48,7 @@ dependencies = [
 optional-dependencies.test = [
   "covdefaults>=2.3",
   "httpx>=0.24.1",
-  "pytest>=7.4",
+  "pytest>=7.4.2",
   "pytest-cov>=4.1",
 ]
 urls.Homepage = "https://github.com/tox-dev/devpi-process#readme"
diff --git a/tox.ini b/tox.ini
index a0ea982..9aaad13 100644
--- a/tox.ini
+++ b/tox.ini
@@ -34,7 +34,7 @@ commands =
 description = run static analysis and style check using flake8
 skip_install = true
 deps =
-    pre-commit>=3.3.3
+    pre-commit>=3.4
 pass_env =
     HOMEPATH
     PROGRAMDATA
@@ -44,7 +44,7 @@ commands =
 [testenv:type]
 description = run type check on code base
 deps =
-    mypy==1.5
+    mypy==1.5.1
 set_env =
     {tty:MYPY_FORCE_COLOR = 1}
 commands =
@@ -55,7 +55,7 @@ commands =
 description = check that the long description is valid
 skip_install = true
 deps =
-    build[virtualenv]>=0.10
+    build[virtualenv]>=1.0.3
     twine>=4.0.2
 commands =
     python -m build --sdist --wheel -o {envtmpdir} .