Update SECURITY.md

Signed-off-by: SR Murthy <s.murthy@tutanota.com>
sr-murthy · Jun 7, 2024 · 49b5473 · 49b5473
1 parent d3b2583
commit 49b5473
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,9 +2,9 @@
 
 ## Supported Versions
 
-The package currently only uses Python standard libraries (see the [project TOML](https://github.com/sr-murthy/continuedfractions/blob/main/pyproject.toml)), and has no 3rd party dependencies. Therefore the only security / vulnerability alerts that are relevant relate to [Python itself](https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html), which would be addressed within Python.
+The package currently only uses Python standard libraries (see the [project TOML](https://github.com/sr-murthy/continuedfractions/blob/main/pyproject.toml)), and has no 3rd party dependencies. Security / vulnerability alerts related to [Python itself](https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html), which would be addressed within Python.
 
-If 3rd party dependencies are added there may be security patches applied as and when needed.
+A listing of current security / vulnerability alerts is available via [Dependabot alerts](https://github.com/sr-murthy/continuedfractions/security), and these usually related to sub-dependencies of optional or development dependencies, and these are addressed via dedicated PRs as they arise.
 
 The repository is enabled with a number of features to ensure security, including [CodeQL analysis](https://github.com/sr-murthy/continuedfractions/actions/workflows/codeql-analysis.yml), 
 [Dependabot alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [secrets scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning).