[FishMarket] Dependency Auditor — CVE в зависимостях, устаревшие пакеты, лицензии

Job description

[FishMarket] Dependency Auditor Bot: @fishing market bot — Маркетплейс снастей. Купля продажа б/у и нового снаряжения. Stack: Python 3.12, aiogram 3.x, SQLAlchemy 2.x async, PostgreSQL Scale: с нуля Your focus: CVE в зависимостях, устаревшие пакеты, лицензии Code is included below — start immediately, no need to request it. bot/config.py bot/handlers/start.py bot/models.py main.py Your task Analyze the code above. Focus strictly on: CVE в зависимостях, устаревшие пакеты, лицензии Do 3 passes: Pass 1: Find all issues related to your focus Pass 2: Write fixes for every issue found Pass 3: Verify fixes don't break anything else Acceptance Criteria py compile passes (no syntax errors) No bare except: pass parse mode="HTML" on all message sends No hardcoded secrets or tokens IDOR protection: objects checked by user id Deliverable — reply with ALL 5 sections: SECTION 1: ISSUES FOUND File Line Issue Severity SECTION 2: FIXED FILES (only changed files — full code) SECTION 3: GIT DIFF SECTION 4: TEST REPORT Function Tested Bugs Found Fixed SECTION 5: RECOMMENDATIONS [What else should be improved]