docs: revert supply-chain vulnerability documentation from #580

[olivermeyer]

Why?
The automated solution for bumping transitive dependencies on vulnerability patches (introduced in #580) is being disabled. The accompanying documentation — SUPPLY_CHAIN_VULNERABILITIES.md, its reference in SECURITY.md, and the link in the README footer — described that now-removed workflow and should not outlive it.

How?
Deletes SUPPLY_CHAIN_VULNERABILITIES.md in full (including the record-keeping update from #605), and removes the two references to it added in SECURITY.md and docs/partials/README_footer.md. No code, dependency constraints, or CI changes are touched.

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
859	1	858	15

View the top 1 failed test(s) by shortest run time

tests.aignostics.docker_test::test_core_docker_cli_help_with_love

Stack Traces | 5.92s run time

fixturedef = <FixtureDef argname='docker_services' scope='session' baseid=''>
request = <SubRequest 'docker_services' for <Function test_core_docker_cli_help_with_love>>

    @pytest.hookimpl(wrapper=True)
    def pytest_fixture_setup(fixturedef: FixtureDef, request) -> object | None:
        asyncio_mode = _get_asyncio_mode(request.config)
        if not _is_asyncio_fixture_function(fixturedef.func):
            if asyncio_mode == Mode.STRICT:
                # Ignore async fixtures without explicit asyncio mark in strict mode
                # This applies to pytest_trio fixtures, for example
                return (yield)
            if not _is_coroutine_or_asyncgen(fixturedef.func):
>               return (yield)
                        ^^^^^

..../test-3-14-3/lib/python3.14.../site-packages/pytest_asyncio/plugin.py:730: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
..../test-3-14-3/lib/python3.14............/site-packages/pytest_docker/plugin.py:238: in docker_services
    with get_docker_services(
../...../_temp/uv-python-dir/cpython-3.14.3-linux-x86_64-gnu/lib/python3.14/contextlib.py:141: in __enter__
    return next(self.gen)
           ^^^^^^^^^^^^^^
..../test-3-14-3/lib/python3.14............/site-packages/pytest_docker/plugin.py:212: in get_docker_services
    docker_compose.execute(command)
..../test-3-14-3/lib/python3.14............/site-packages/pytest_docker/plugin.py:140: in execute
    return execute(command, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

command = 'docker compose -f ".../python-sdk/python-sdk/compose.yaml" -p "pytest6925" up --build -d'
success_codes = (0,), ignore_stderr = False

    def execute(command: str, success_codes: Iterable[int] = (0,), ignore_stderr: bool = False) -> Union[bytes, Any]:
        """Run a shell command."""
        try:
            stderr_pipe = subprocess.DEVNULL if ignore_stderr else subprocess.STDOUT
            output = subprocess.check_output(command, stderr=stderr_pipe, shell=True)
            status = 0
        except subprocess.CalledProcessError as error:
            output = error.output or b""
            status = error.returncode
            command = error.cmd
    
        if status not in success_codes:
>           raise Exception(
                'Command {} returned {}: """{}""".'.format(command, status, output.decode("utf-8"))
            )
E           Exception: Command docker compose -f ".../python-sdk/python-sdk/compose.yaml" -p "pytest6925" up --build -d returned 1: """#1 [internal] load local bake definitions
E           #1 reading from stdin 446B done
E           #1 DONE 0.0s
E           
E           #2 [internal] load build definition from Dockerfile
E           #2 transferring dockerfile: 30B
E           #2 transferring dockerfile: 3.63kB done
E           #2 DONE 0.0s
E           
E           #3 [internal] load metadata for docker.io/library/python:3.14.3-slim-trixie
E           #3 ...
E           
E           #4 [auth] library/python:pull token for registry-1.docker.io
E           #4 DONE 0.0s
E           
E           #5 [internal] load metadata for ghcr.io/astral-sh/uv:0.11.7
E           #5 ...
E           
E           #3 [internal] load metadata for docker.io/library/python:3.14.3-slim-trixie
E           #3 DONE 0.9s
E           
E           #5 [internal] load metadata for ghcr.io/astral-sh/uv:0.11.7
E           #5 DONE 1.1s
E           
E           #6 [internal] load .dockerignore
E           #6 transferring context: 1.07kB done
E           #6 DONE 0.0s
E           
E           #7 [base 1/1] FROM docker.io/library/python:3.14.3-slim-trixie@sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b
E           #7 resolve docker.io/library/python:3.14.3-slim-trixie@sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b done
E           #7 sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b 10.37kB / 10.37kB done
E           #7 sha256:69f1ba39d930d9510073db2edf85af17f1552a5591b0d56c9e44524532271cae 1.75kB / 1.75kB done
E           #7 sha256:398dbb04a0f226ceff619c79635262f2c9964b6fdeb33422d7698a206d41e581 4.93kB / 4.93kB done
E           #7 sha256:5435b2dcdf5cb7faa0d5b1d4d54be2c72a776fab9a605336f5067d6e9ecb5976 0B / 29.78MB 0.1s
E           #7 sha256:5435b2dcdf5cb7faa0d5b1d4d54be2c72a776fab9a605336f5067d6e9ecb5976 26.21MB / 29.78MB 0.2s
E           #7 sha256:5435b2dcdf5cb7faa0d5b1d4d54be2c72a776fab9a605336f5067d6e9ecb5976 29.78MB / 29.78MB 0.2s done
E           #7 extracting sha256:5435b2dcdf5cb7faa0d5b1d4d54be2c72a776fab9a605336f5067d6e9ecb5976
E           #7 sha256:2b468aa1cc2678d42a62d391635dc10f5bec7974ae92954638c09ec0248f15b4 0B / 1.29MB 0.3s
E           #7 sha256:2b468aa1cc2678d42a62d391635dc10f5bec7974ae92954638c09ec0248f15b4 1.29MB / 1.29MB 0.3s done
E           #7 sha256:e059066f7195dffa49a5b6262bc1081ad7fd6adf83cddf49276247dc10daaff6 0B / 12.24MB 0.4s
E           #7 ...
E           
E           #8 [internal] load build context
E           #8 transferring context: 13.33MB 0.4s done
E           #8 DONE 0.4s
E           
E           #7 [base 1/1] FROM docker.io/library/python:3.14.3-slim-trixie@sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b
E           #7 sha256:e059066f7195dffa49a5b6262bc1081ad7fd6adf83cddf49276247dc10daaff6 12.24MB / 12.24MB 0.5s done
E           #7 sha256:9a2311f9ba8658fad6bd5a1376b322a5ea1bb11f9da7dd4fde7bed06f22e2c3a 0B / 251B 0.5s
E           #7 sha256:9a2311f9ba8658fad6bd5a1376b322a5ea1bb11f9da7dd4fde7bed06f22e2c3a 251B / 251B 0.5s done
E           #7 ...
E           
E           #9 FROM ghcr.io/astral-sh/uv:0.11.7@sha256:240fb85ab0f263ef12f492d8476aa3a2e4e1e333f7d67fbdd923d00a506a516a
E           #9 resolve ghcr.io/astral-sh/uv:0.11.7@sha256:240fb85ab0f263ef12f492d8476aa3a2e4e1e333f7d67fbdd923d00a506a516a done
E           #9 sha256:240fb85ab0f263ef12f492d8476aa3a2e4e1e333f7d67fbdd923d00a506a516a 2.19kB / 2.19kB done
E           #9 sha256:733b4042187702f832f7fdecb3aff14a61b288c4ca37af188bb5715c1caebaf8 669B / 669B done
E           #9 sha256:cb2ad5e30ff0670030dd0c4e54f0ac783ec7a98b58d7c2ec0f3751f66ad0ae1c 1.30kB / 1.30kB done
E           #9 sha256:f9ad3574974a8f7afb3c3ccf40e0357b6d8b8d0c7ca3b26977c4b8f3e2559c70 25.28MB / 25.28MB 0.6s done
E           #9 sha256:2b78844fc5992617d15bfc14bca7b2828a4ad0ce71b68b60e0d8be89e677958f 98B / 98B 0.4s done
E           #9 extracting sha256:f9ad3574974a8f7afb3c3ccf40e0357b6d8b8d0c7ca3b26977c4b8f3e2559c70 0.5s done
E           #9 extracting sha256:2b78844fc5992617d15bfc14bca7b2828a4ad0ce71b68b60e0d8be89e677958f done
E           #9 DONE 1.2s
E           
E           #7 [base 1/1] FROM docker.io/library/python:3.14.3-slim-trixie@sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b
E           #7 extracting sha256:5435b2dcdf5cb7faa0d5b1d4d54be2c72a776fab9a605336f5067d6e9ecb5976 1.3s done
E           #7 extracting sha256:2b468aa1cc2678d42a62d391635dc10f5bec7974ae92954638c09ec0248f15b4
E           #7 extracting sha256:2b468aa1cc2678d42a62d391635dc10f5bec7974ae92954638c09ec0248f15b4 0.2s done
E           #7 extracting sha256:e059066f7195dffa49a5b6262bc1081ad7fd6adf83cddf49276247dc10daaff6 0.1s
E           #7 extracting sha256:e059066f7195dffa49a5b6262bc1081ad7fd6adf83cddf49276247dc10daaff6 0.7s done
E           #7 extracting sha256:9a2311f9ba8658fad6bd5a1376b322a5ea1bb11f9da7dd4fde7bed06f22e2c3a
E           #7 extracting sha256:9a2311f9ba8658fad6bd5a1376b322a5ea1bb11f9da7dd4fde7bed06f22e2c3a done
E           #7 DONE 2.6s
E           
E           #10 [builder 1/2] COPY --from=ghcr.io/astral-sh/uv:0.11.7 /uv /bin/uv
E           #10 DONE 0.1s
E           
E           #11 [target 1/1] RUN <<EOT (groupadd -r app...)
E           #11 ...
E           
E           #12 [builder 2/2] WORKDIR /app
E           #12 DONE 0.0s
E           
E           #11 [target 1/1] RUN <<EOT (groupadd -r app...)
E           #11 DONE 0.3s
E           
E           #13 [builder-all  1/12] RUN --mount=type=cache,target=/root/.cache/uv     --mount=type=bind,source=uv.lock,target=uv.lock     --mount=type=bind,source=pyproject.toml,target=pyproject.toml     uv sync --frozen --no-build --no-install-project --all-extras --no-dev --no-editable
E           #13 0.678 Using CPython 3.14.3 interpreter at: .../local/bin/python3
E           #13 0.678 Creating virtual environment at: .venv
E           #13 0.726 error: Distribution `proxy-tools==0.1.0 @ registry+https://pypi.org/simple` can't be installed because it is marked as `--no-build` but has no binary distribution
E           #13 ERROR: process "/bin/sh -c uv sync --frozen --no-build --no-install-project --all-extras --no-dev --no-editable" did not complete successfully: exit code: 2
E           ------
E            > [builder-all  1/12] RUN --mount=type=cache,target=/root/.cache/uv     --mount=type=bind,source=uv.lock,target=uv.lock     --mount=type=bind,source=pyproject.toml,target=pyproject.toml     uv sync --frozen --no-build --no-install-project --all-extras --no-dev --no-editable:
E           0.678 Using CPython 3.14.3 interpreter at: .../local/bin/python3
E           0.678 Creating virtual environment at: .venv
E           0.726 error: Distribution `proxy-tools==0.1.0 @ registry+https://pypi.org/simple` can't be installed because it is marked as `--no-build` but has no binary distribution
E           ------
E           Dockerfile:59
E           
E           --------------------
E           
E             58 |     # Install the project's dependencies using the lockfile and settings
E           
E             59 | >>> RUN --mount=type=cache,target=/root/.cache/uv \
E           
E             60 | >>>     --mount=type=bind,source=uv.lock,target=uv.lock \
E           
E             61 | >>>     --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
E           
E             62 | >>>     uv sync --frozen --no-build --no-install-project --all-extras --no-dev --no-editable
E           
E             63 |     
E           
E           --------------------
E           
E           failed to solve: process "/bin/sh -c uv sync --frozen --no-build --no-install-project --all-extras --no-dev --no-editable" did not complete successfully: exit code: 2
E           
E           """.

..../test-3-14-3/lib/python3.14............/site-packages/pytest_docker/plugin.py:37: Exception

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.