v1.2.0: improved CI and alignemtn with the eUDIW reference implementation #6

	# Security audit of Python dependencies (known vulnerabilities)
	name: Dependency security

	on:
	push:
	branches: ["*"]
	pull_request:
	branches: ["*"]

	jobs:
	skip-check:
	runs-on: ubuntu-latest
	outputs:
	should_skip: ${{ steps.check.outputs.should_skip }}
	steps:
	- uses: actions/github-script@v7
	id: check
	with:
	script: \|
	const branch = process.env.BRANCH \|\| '';
	const { data: { workflow_runs } } = await github.rest.actions.listWorkflowRunsForRepo({
	owner: context.repo.owner,
	repo: context.repo.repo,
	status: 'in_progress',
	});
	const otherRunning = workflow_runs.filter(
	r => r.id != context.runId &&
	r.name === context.workflow &&
	(!branch \|\| r.head_branch === branch)
	);
	core.setOutput('should_skip', otherRunning.length > 0 ? 'true' : 'false');
	env:
	BRANCH: ${{ github.head_ref \|\| github.ref_name }}

	pip-audit:
	needs: skip-check
	if: needs.skip-check.outputs.should_skip != 'true'
	name: pip-audit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-python@v5
	with:
	python-version: "3.12"

	- name: Create venv and install
	run: \|
	python -m venv env
	source env/bin/activate
	pip install --upgrade pip pip-audit
	pip install -r requirements-dev.txt
	pip install -e .

	# Exit 1 on any vulnerability (fail CI). --skip-editable whitelists pymdoccbor (local package, not on PyPI).
	# Ignore only unfixable: ecdsa CVE-2024-23342 (no upstream fix; see docs/SECURITY-DEPENDENCIES.md).
	- name: Run pip-audit (dependencies)
	run: \|
	source env/bin/activate
	pip-audit --skip-editable --ignore-vuln CVE-2024-23342

Provide feedback