v3.5.0

🔒 Logicytics v3.5.0 - Security Enhancements, CI Refactor, and VulnScan Isolation

✨ New Features

• Implemented Least Privileged GitHub Actions Token Permissions for hardened CI workflows.
• Added dedicated Dependency Review workflow for improved security tracking and approval processes.
• Introduced Harden Runner configuration to tighten runtime behavior in CI.

---

⚙️ Improvements

• Updated Logicytics.py --dev flag to be more consistent.
• Moved VulnScan tools and v3 modules to a separate repository to streamline scope. The output files still exist, but the trainer and helper files were moved
• Updated README and VulnScan installation instructions for a new structure.
• Improved file management and flag handling logic across modules.
• Removed unimplemented flags for cleaner CLI behavior (2 flags one of which was --webhook).
• Updated requirements with proper pinning and included sentence-transformers.

---

🐛 Bug Fixes

• Fixed a critical bug in dump_memory.py:
  Binary mode now avoids setting encoding, resolving a crash during memory dumps.
• Re-added and fixed the previously broken CodeQL Action to ensure continued static analysis.

---

🔐 Security

• Patched a vulnerability in the requests package:
  • GHSA-9hjg-9r4m-mvj7 (CVSS 5.3 — Medium) via (#233)
  • All GitHub Actions dependencies are now explicitly pinned for deterministic builds.

---

🧹 Chores

• Updated security.md documentation with clarified practices and new automation.
• Refreshed GitHub issue labels and updated the CodeClimate badge for clarity.

---

What's Changed

• v3.5.0 - Fix CI bugs, dev refactoring, and issue fixes by @DefinetlyNotAI in #229
• Create codeql.yml by @DefinetlyNotAI in #231
• Patching github related stuff by @DefinetlyNotAI in #230
• [StepSecurity] Apply security best practices by @step-security-bot in #232
• Updated dependency of requests due to vuln by @DefinetlyNotAI in #233

Full Changelog: v3.4.2...v3.5.0