From 213c288cac19546220821e8397a416006456d9dc Mon Sep 17 00:00:00 2001
From: aitbc <aitbc@keisanki.net>
Date: Thu, 23 Apr 2026 17:10:54 +0200
Subject: [PATCH] security: update pyproject.toml files for Phase 2
 vulnerability fixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- cryptography: 41.0.0 → 47.0.0 in aitbc-sdk, aitbc-crypto, aitbc-core
- cryptography: added >=47.0.0 to blockchain-node dependencies
- pytest: 8.2.0 → 8.3.0 in blockchain-node, coordinator-api, wallet, pool-hub
- pytest: ^8.3.0 → >=8.3.0 in blockchain-event-bridge

This addresses remaining cryptography buffer overflow and pytest tmpdir vulnerabilities
in poetry.lock files. Lock files will be regenerated with poetry lock.
---
 apps/blockchain-event-bridge/pyproject.toml | 2 +-
 apps/blockchain-node/pyproject.toml         | 3 ++-
 apps/coordinator-api/pyproject.toml         | 2 +-
 apps/pool-hub/pyproject.toml                | 2 +-
 apps/wallet/pyproject.toml                  | 2 +-
 packages/py/aitbc-core/pyproject.toml       | 2 +-
 packages/py/aitbc-crypto/pyproject.toml     | 2 +-
 packages/py/aitbc-sdk/pyproject.toml        | 2 +-
 8 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/apps/blockchain-event-bridge/pyproject.toml b/apps/blockchain-event-bridge/pyproject.toml
index 25941e65..cd9e5da6 100644
--- a/apps/blockchain-event-bridge/pyproject.toml
+++ b/apps/blockchain-event-bridge/pyproject.toml
@@ -16,7 +16,7 @@ prometheus-client = "^0.21.0"
 aiosqlite = "^0.20.0"
 
 [tool.poetry.group.dev.dependencies]
-pytest = "^8.3.0"
+pytest = ">=8.3.0"
 pytest-asyncio = "^0.24.0"
 pytest-cov = "^6.0.0"
 black = "^24.10.0"
diff --git a/apps/blockchain-node/pyproject.toml b/apps/blockchain-node/pyproject.toml
index 1e6da78c..b4bc96ce 100644
--- a/apps/blockchain-node/pyproject.toml
+++ b/apps/blockchain-node/pyproject.toml
@@ -9,6 +9,7 @@ packages = [
 
 [tool.poetry.dependencies]
 python = "^3.13"
+cryptography = ">=47.0.0"
 # All dependencies managed centrally in /opt/aitbc/requirements-consolidated.txt
 # Use: ./scripts/install-profiles.sh web database blockchain
 
@@ -16,7 +17,7 @@ python = "^3.13"
 uvloop = ["uvloop"]
 
 [tool.poetry.group.dev.dependencies]
-pytest = ">=8.2.0"
+pytest = ">=8.3.0"
 pytest-asyncio = ">=0.23.0"
 
 [build-system]
diff --git a/apps/coordinator-api/pyproject.toml b/apps/coordinator-api/pyproject.toml
index feab0c80..a3b09f89 100644
--- a/apps/coordinator-api/pyproject.toml
+++ b/apps/coordinator-api/pyproject.toml
@@ -13,7 +13,7 @@ python = ">=3.13,<3.15"
 # Use: ./scripts/install-profiles.sh web database blockchain
 
 [tool.poetry.group.dev.dependencies]
-pytest = ">=8.2.0"
+pytest = ">=8.3.0"
 pytest-asyncio = ">=0.23.0"
 httpx = {extras=["cli"], version=">=0.27.0"}
 
diff --git a/apps/pool-hub/pyproject.toml b/apps/pool-hub/pyproject.toml
index bf362d0f..6bbf787b 100644
--- a/apps/pool-hub/pyproject.toml
+++ b/apps/pool-hub/pyproject.toml
@@ -22,7 +22,7 @@ alembic = "^1.13.0"
 aitbc-core = {path = "../../packages/py/aitbc-core"}
 
 [tool.poetry.group.dev.dependencies]
-pytest = "^8.2.0"
+pytest = ">=8.3.0"
 pytest-asyncio = "^0.23.0"
 
 [build-system]
diff --git a/apps/wallet/pyproject.toml b/apps/wallet/pyproject.toml
index afcd71f2..bf62754f 100644
--- a/apps/wallet/pyproject.toml
+++ b/apps/wallet/pyproject.toml
@@ -21,7 +21,7 @@ asyncpg = "^0.29.0"
 aitbc-core = {path = "../../packages/py/aitbc-core"}
 
 [tool.poetry.group.dev.dependencies]
-pytest = "^8.2.0"
+pytest = ">=8.3.0"
 pytest-asyncio = "^0.23.0"
 
 [build-system]
diff --git a/packages/py/aitbc-core/pyproject.toml b/packages/py/aitbc-core/pyproject.toml
index 31be84fd..ad7468e3 100644
--- a/packages/py/aitbc-core/pyproject.toml
+++ b/packages/py/aitbc-core/pyproject.toml
@@ -8,7 +8,7 @@ authors = [
 readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
-    "cryptography>=41.0.0",
+    "cryptography>=47.0.0",
     "sqlmodel>=0.0.14",
     "fastapi>=0.104.0",
     "uvicorn>=0.24.0",
diff --git a/packages/py/aitbc-crypto/pyproject.toml b/packages/py/aitbc-crypto/pyproject.toml
index 60ec1352..63c95fab 100644
--- a/packages/py/aitbc-crypto/pyproject.toml
+++ b/packages/py/aitbc-crypto/pyproject.toml
@@ -8,7 +8,7 @@ authors = [
 readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
-    "cryptography>=41.0.0",
+    "cryptography>=47.0.0",
     "pynacl>=1.5.0"
 ]
 
diff --git a/packages/py/aitbc-sdk/pyproject.toml b/packages/py/aitbc-sdk/pyproject.toml
index 9fb4ba48..d34aa725 100644
--- a/packages/py/aitbc-sdk/pyproject.toml
+++ b/packages/py/aitbc-sdk/pyproject.toml
@@ -8,7 +8,7 @@ authors = [
 readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
-    "cryptography>=41.0.0",
+    "cryptography>=47.0.0",
     "requests>=2.31.0",
     "pydantic>=2.5.0",
     "httpx>=0.25.0",