CR: netapi Security Hardening — Verification

Pre-Change Checklist

Check Status

Check	Status
Dependabot shows 4 security vulnerabilities (2 HIGH, 1 MEDIUM, 1 LOW)	[ ]
`cryptography` version ⇐ 46.0.4	[ ]
`pyasn1` version ⇐ 0.6.2	[ ]
No unified exception hierarchy exists	[ ]
Bare `except:` clauses present in pfsense and mnt clients	[ ]
genie/pyats in `parsing` extra conflicts with security patches	[ ]

Dependabot shows 4 security vulnerabilities (2 HIGH, 1 MEDIUM, 1 LOW)

[ ]

cryptography version ⇐ 46.0.4

[ ]

pyasn1 version ⇐ 0.6.2

[ ]

No unified exception hierarchy exists

[ ]

Bare except: clauses present in pfsense and mnt clients

[ ]

genie/pyats in parsing extra conflicts with security patches

[ ]

Check Status

Check	Status
`uv lock` succeeds without conflicts	[ ]
`uv sync --extra all` installs patched versions	[ ]
`uv pip list \| grep -E "cryptography\|pyasn1\|requests\|socketio"` shows patched versions	[ ]
`python -c "from netapi.primitives.exceptions import NetapiError; print('OK')"` succeeds	[ ]
All vendor exceptions inherit from NetapiError: `issubclass(GitHubError, NetapiError)` is True	[ ]
No bare `except:` clauses remain in codebase	[ ]
Dependabot alerts resolved (0 open vulnerabilities)	[ ]
genie/pyats removed from `parsing` extra in `pyproject.toml`	[ ]

uv lock succeeds without conflicts

[ ]

uv sync --extra all installs patched versions

[ ]

uv pip list | grep -E "cryptography|pyasn1|requests|socketio" shows patched versions

[ ]

python -c "from netapi.primitives.exceptions import NetapiError; print('OK')" succeeds

[ ]

All vendor exceptions inherit from NetapiError: issubclass(GitHubError, NetapiError) is True

[ ]

No bare except: clauses remain in codebase

[ ]

Dependabot alerts resolved (0 open vulnerabilities)

[ ]

genie/pyats removed from parsing extra in pyproject.toml

[ ]