Hirundo-io · mishana · May 3, 2026 · May 4, 2026 · May 4, 2026 · May 4, 2026
@@ -41,7 +41,7 @@ You can set environment variables directly or use the CLI helper:
 hirundo setup
 ```
 
-This writes `API_KEY` (and optionally `API_HOST`) to `.env` in the current directory or `~/.hirundo.conf`.
+This writes `HIRUNDO_API_KEY` (and optionally `HIRUNDO_API_HOST`) to `.env` in the current directory or `~/.hirundo.conf`.
 
 ## Quickstart examples
 

@@ -31,7 +31,7 @@ Configure API access:
 
    hirundo setup
 
-This writes ``API_KEY`` (and optionally ``API_HOST``) to a local ``.env`` file or
+This writes ``HIRUNDO_API_KEY`` (and optionally ``HIRUNDO_API_HOST``) to a local ``.env`` file or
 ``~/.hirundo.conf`` for subsequent SDK usage.
 
 LLM behavior unlearning

@@ -1,5 +1,6 @@
 import enum
 import os
+import warnings
 from pathlib import Path
 
 from dotenv import find_dotenv, load_dotenv
@@ -15,12 +16,35 @@ class EnvLocation(enum.Enum):
 elif os.path.exists(EnvLocation.HOME.value):
     load_dotenv(EnvLocation.HOME.value)
 
-API_HOST = os.getenv("API_HOST", "https://api.hirundo.io")
-API_KEY = os.getenv("API_KEY")
+
+def _get_env_with_deprecation(new_name: str, old_name: str, default: str | None = None):
+    new_value = os.getenv(new_name)
+    if new_value is not None:
+        return new_value
+
+    old_value = os.getenv(old_name)
+    if old_value is not None:
+        warnings.warn(
+            (
+                f"Environment variable '{old_name}' is deprecated and will be removed "
+                f"in a future release. Use '{new_name}' instead."
+            ),
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return old_value
+
+    return default
+
+
+API_HOST = _get_env_with_deprecation(
+    "HIRUNDO_API_HOST", "API_HOST", default="https://api.hirundo.io"
+)
+API_KEY = _get_env_with_deprecation("HIRUNDO_API_KEY", "API_KEY")
 
 
 def check_api_key():
     if not API_KEY:
         raise ValueError(
-            "API_KEY is not set. Please run `hirundo setup` to set the API key"
+            "HIRUNDO_API_KEY is not set. Please run `hirundo setup` to set the API key"
         )
@@ -88,7 +88,7 @@ def setup_api_key(
     Setup the API key for the Hirundo Python SDK.
     Values are saved to a .env file in the current directory for use by the library in requests.
     """
-    saved_to = upsert_env("API_KEY", api_key)
+    saved_to = upsert_env("HIRUNDO_API_KEY", api_key)
     if saved_to == EnvLocation.HOME.name:
         print(
             "API key saved to ~/.hirundo.conf for future use. Please do not share the ~/.hirundo.conf file since it contains your secret API key."
@@ -117,7 +117,7 @@ def change_api_remote(
     """
     api_host = fix_api_host(api_host)
 
-    saved_to = upsert_env("API_HOST", api_host)
+    saved_to = upsert_env("HIRUNDO_API_HOST", api_host)
     if saved_to == EnvLocation.HOME.name:
         print(
             "API host saved to ~/.hirundo.conf for future use. Please do not share the ~/.hirundo.conf file"
@@ -151,8 +151,8 @@ def setup(
     Setup the Hirundo Python SDK.
     """
     api_host = fix_api_host(api_host)
-    api_host_saved_to = upsert_env("API_HOST", api_host)
-    api_key_saved_to = upsert_env("API_KEY", api_key)
+    api_host_saved_to = upsert_env("HIRUNDO_API_HOST", api_host)
+    api_key_saved_to = upsert_env("HIRUNDO_API_KEY", api_key)
     if api_host_saved_to != api_key_saved_to:
         print(
             "API host and API key saved to different locations. This should not happen. Please report this issue."

@@ -37,11 +37,11 @@
         "try:\n",
         "    from google.colab import userdata  # type: ignore  In Google Colab, this will work\n",
         "\n",
-        "    os.environ[\"API_HOST\"] = userdata.get(\"API_HOST\")\n",
-        "    os.environ[\"API_KEY\"] = userdata.get(\"API_KEY\")\n",
+        "    os.environ[\"HIRUNDO_API_HOST\"] = userdata.get(\"HIRUNDO_API_HOST\")\n",
+        "    os.environ[\"HIRUNDO_API_KEY\"] = userdata.get(\"HIRUNDO_API_KEY\")\n",
         "except ModuleNotFoundError:\n",
         "    print(\n",
-        "        \"You are not in Google Colab. Please set the API_HOST and API_KEY environment variables manually.\"\n",
+        "        \"You are not in Google Colab. Please set the HIRUNDO_API_HOST and HIRUNDO_API_KEY environment variables manually.\"\n",
         "    )"
       ]
     },

@@ -45,12 +45,12 @@
         "\n",
         "    os.environ[\"AWS_ACCESS_KEY\"] = userdata.get(\"AWS_ACCESS_KEY\")\n",
         "    os.environ[\"AWS_SECRET_ACCESS_KEY\"] = userdata.get(\"AWS_ACCESS_KEY\")\n",
-        "    os.environ[\"API_HOST\"] = userdata.get(\"API_HOST\")\n",
-        "    os.environ[\"API_KEY\"] = userdata.get(\"API_KEY\")\n",
+        "    os.environ[\"HIRUNDO_API_HOST\"] = userdata.get(\"HIRUNDO_API_HOST\")\n",
+        "    os.environ[\"HIRUNDO_API_KEY\"] = userdata.get(\"HIRUNDO_API_KEY\")\n",
         "except ModuleNotFoundError:\n",
         "    print(\n",
-        "        \"You are not in Google Colab, so you need to set AWS_ACCESS_KEY, AWS_SECRET_ACCESS_KEY, API_HOST, \"\n",
-        "        \"and API_KEY environment variables manually.\"\n",
+        "        \"You are not in Google Colab, so you need to set AWS_ACCESS_KEY, AWS_SECRET_ACCESS_KEY, HIRUNDO_API_HOST, \"\n",
+        "        \"and HIRUNDO_API_KEY environment variables manually.\"\n",
         "    )"
       ]
     },

@@ -43,11 +43,11 @@
         "try:\n",
         "    from google.colab import userdata  # type: ignore  In Google Colab, this will work\n",
         "\n",
-        "    os.environ[\"API_HOST\"] = userdata.get(\"API_HOST\")\n",
-        "    os.environ[\"API_KEY\"] = userdata.get(\"API_KEY\")\n",
+        "    os.environ[\"HIRUNDO_API_HOST\"] = userdata.get(\"HIRUNDO_API_HOST\")\n",
+        "    os.environ[\"HIRUNDO_API_KEY\"] = userdata.get(\"HIRUNDO_API_KEY\")\n",
         "except ModuleNotFoundError:\n",
         "    print(\n",
-        "        \"You are not in Google Colab. Please set the API_HOST and API_KEY environment variables manually.\"\n",
+        "        \"You are not in Google Colab. Please set the HIRUNDO_API_HOST and HIRUNDO_API_KEY environment variables manually.\"\n",
         "    )"
       ]
     },

diff --git a/pyproject.toml b/pyproject.toml
@@ -23,16 +23,17 @@ dependencies = [
     "pyyaml>=6.0.1",
     "types-PyYAML>=6.0.12",
     "pydantic>=2.7.1",
-    "python-dotenv>=1.0.1",
+    "python-dotenv>=1.2.2",
+    #  ⬆️ Required to fix vulnerability CVE-2026-28684
     "types-requests>=2.31.0",
     "typer>=0.12.3",
     "httpx>=0.27.0",
     "stamina>=24.2.0",
     "httpx-sse>=0.4.0",
     "tqdm>=4.66.5",
     "h11>=0.16.0",
-    #  ⬆️ Required to fix vulnerability GHSA-vqfr-h8mv-ghfj
-    "requests>=2.32.4",
+    "requests>=2.33.0",
+    #  ⬆️ Required to fix vulnerability CVE-2026-25645
     #  ⬆️ Required to fix vulnerability GHSA-9hjg-9r4m-mvj7
     "urllib3>=2.6.3",
     #  ⬆️ Required to fix vulnerability CVE-2026-21441
@@ -51,28 +52,35 @@ Homepage = "https://github.com/Hirundo-io/hirundo-python-sdk"
 [project.optional-dependencies]
 pandas = ["pandas>=2.2.3"]
 polars = ["polars>=1.0.0"]
-transformers = ["transformers>=4.57.3", "peft>=0.18.1", "accelerate>=1.12.0"]
+transformers = [
+    "transformers>=5.0.0",
+    #  ⬆️ Required to fix vulnerability CVE-2026-1839
+    "peft>=0.18.1",
+    "accelerate>=1.12.0",
+]
 
 [dependency-groups]
 dev = [
     "hirundo[pandas,polars,transformers]",
     "numpy>=2.1.3; sys_platform == 'darwin'",
     #  ⬆️ Ensure macOS runners resolve a NumPy version with prebuilt wheels in `pytest_sanity`.
     "types-setuptools>=69.5.0",
-    "pytest>=8.2.0",
+    "pytest>=9.0.3",
+    #  ⬆️ Required to fix vulnerability CVE-2025-71176
     "pytest-asyncio>=0.23.6",
-    "uv>=0.9.29",
+    "uv>=0.11.6",
+    #  ⬆️ Required to fix vulnerability GHSA-pjjw-68hj-v9mw
     "pre-commit>=3.7.1",
     "basedpyright==1.37.1",
     "virtualenv>=20.36.1",
     #  ⬆️ Needed for `pre-commit` version fix for vulnerability GHSA-rqc4-2hc7-8c8v
-    "authlib>=1.6.6",
-    #  ⬆️ Required to fix vulnerability CVE-2025-68158
+    "authlib>=1.6.11",
+    #  ⬆️ Required to fix vulnerability GHSA-jj8c-mmj3-mmgv
     "ruff>=0.12.0",
     "bumpver>=2025.1131",
     "platformdirs>=4.3.6",
-    "cryptography>=46.0.5",
-    #  ⬆️ Required to fix vulnerability CVE-2026-26007
+    "cryptography>=46.0.7",
+    #  ⬆️ Required to fix vulnerability CVE-2026-39892
     "jinja2>=3.1.6",
     #  ⬆️ Required to fix vulnerabilities GHSA-cpwx-vrp4-4pq7 , GHSA-gmj6-6f8f-6699 & GHSA-q2x7-8rv6-6q7h
     "filelock>=3.20.3",