Currently, the only external dependency is requests. Security / vulnerability alerts are addressed as they arise from Dependabot alerts.
The project is enabled with a number of features to ensure security, including CodeQL analysis, Dependabot alerts and secrets scanning.
Any vulnerability that could potentially impact package installation, performance or results should be reported privately via email to the maintainer: [email protected].