Security updates will only be provided for the most recent release of PlasmaPy.

Please use this link to privately report a security vulnerability.

PlasmaPy has an extensive suite of continuous integration checks, including several that identify and flag common security vulnerabilities.

• zizmor finds security vulnerabilities in the GitHub workflows.
• ruff has several rule sets that find security vulnerabilities, including the flake8-bandit rule set.

The checks are usually either run as pre-commit hooks (defined in .pre-commit-config.yaml) or as Nox sessions (defined in noxfile.py) invoked during GitHub workflows (located in .github/workflows/). The configurations for most of these tools are located in pyproject.toml, but some have a dedicated configuration file (for zizmor, this would be at .github/zizmor.yml)