Modernise (#12)

* [bazel] modernize score_tooling

Replace the individual score_* tooling repos with score_tooling, which
is the current method to use score-specific checks.

* [pip] update dependency lock files

Update the pip dependency lock files.

The main purpose is to update urllib to 2.6.2, which includes fixes for
security vulnerabilities, reported by pip-audit.

Author: jannowotsch

BUILD

@@ -10,9 +10,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # *******************************************************************************
-load("@score_cr_checker//:cr_checker.bzl", "copyright_checker")
-load("@score_dash_license_checker//:dash.bzl", "dash_license_checker")
-load("@score_format_checker//:macros.bzl", "use_format_targets")
+load("@score_tooling//:defs.bzl", "copyright_checker", "dash_license_checker", "use_format_targets")
 load("//:project_config.bzl", "PROJECT_CONFIG")
 
 copyright_checker(
@@ -26,8 +24,8 @@ copyright_checker(
         "//:BUILD",
         "//:MODULE.bazel",
     ],
-    config = "@score_cr_checker//resources:config",
-    template = "@score_cr_checker//resources:templates",
+    config = "@score_tooling//cr_checker/resources:config",
+    template = "@score_tooling//cr_checker/resources:templates",
     visibility = ["//visibility:public"],
 )
 

MODULE.bazel

@@ -17,20 +17,13 @@ module(
     repo_name = "bazel_tools_python",
 )
 
-# Checker rule for CopyRight checks/fixs
-bazel_dep(name = "score_cr_checker", version = "0.3.1", dev_dependency = True)
-bazel_dep(name = "score_python_basics", version = "0.3.4", dev_dependency = True)
-
-# Dash license checker
-bazel_dep(name = "score_dash_license_checker", version = "0.1.2", dev_dependency = True)
-
 # Format checker
 bazel_dep(name = "score_format_checker", version = "0.1.1", dev_dependency = True)
 bazel_dep(name = "aspect_rules_lint", version = "1.4.4", dev_dependency = True)
 bazel_dep(name = "buildifier_prebuilt", version = "8.2.0.2", dev_dependency = True)
 
 # docs-as-code
-bazel_dep(name = "score_docs_as_code", version = "1.0.1", dev_dependency = True)
+bazel_dep(name = "score_tooling", version = "1.0.4", dev_dependency = True)
 bazel_dep(name = "platforms", version = "0.0.11", dev_dependency = True)
 
 # Unfortunately bazel_skylib can not be dev_dependency because we use some of its libraries.

SECURITY.md

@@ -55,9 +55,7 @@ The following table lists all known vulnerabilities that could not be fixed:
 
 | Package    | Vulnerability ID    | Vulnerable Version | Fixed Version | Python Version | Reason                               |
 | ---------- | ------------------- | ------------------ | ------------- | -------------- | ------------------------------------ |
-| urllib3    | GHSA-48p4-8xcf-vxj5 | 2.2.3              | 2.5.0         | 3.8            | Fixed package requires Python >= 3.9 |
-| urllib3    | GHSA-pq67-6m6q-mj2v | 2.2.3              | 2.5.0         | 3.8            | Fixed package requires Python >= 3.9 |
-| pip        | GHSA-4xh5-x5gv-qwph | 25.0.1             | 25.3          | 3.8            | Fixed package requires Python >= 3.9 |
+|            |                     |                    |               |                |                                      |
 
 ### Vulnerable Python Versions