oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

security: update pyproject.toml files for Phase 2 vulnerability fixes
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 13s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 3s
Details
Integration Tests / test-service-integration (push) Successful in 38s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Successful in 4s
Details
P2P Network Verification / p2p-verification (push) Successful in 7s
Details
Package Tests / Python package - aitbc-agent-sdk (push) Has been cancelled
Details
Package Tests / Python package - aitbc-core (push) Has been cancelled
Details
Package Tests / Python package - aitbc-crypto (push) Has been cancelled
Details
Package Tests / Python package - aitbc-sdk (push) Has been cancelled
Details
Package Tests / JavaScript package - aitbc-sdk-js (push) Successful in 9s
Details
Python Tests / test-python (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
Package Tests / JavaScript package - aitbc-token (push) Successful in 16s
Details

Browse Source 
- cryptography: 41.0.0 → 47.0.0 in aitbc-sdk, aitbc-crypto, aitbc-core
- cryptography: added >=47.0.0 to blockchain-node dependencies
- pytest: 8.2.0 → 8.3.0 in blockchain-node, coordinator-api, wallet, pool-hub
- pytest: ^8.3.0 → >=8.3.0 in blockchain-event-bridge

This addresses remaining cryptography buffer overflow and pytest tmpdir vulnerabilities
in poetry.lock files. Lock files will be regenerated with poetry lock.
This commit is contained in:
aitbc
2026-04-23 17:10:54 +02:00
parent fa78825433
commit 213c288cac
8 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/blockchain-event-bridge/pyproject.toml
View File

@@ -16,7 +16,7 @@ prometheus-client = "^0.21.0"
aiosqlite = "^0.20.0" aiosqlite = "^0.20.0"
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]
pytest = "^8.3.0" pytest = ">=8.3.0"
pytest-asyncio = "^0.24.0" pytest-asyncio = "^0.24.0"
pytest-cov = "^6.0.0" pytest-cov = "^6.0.0"
black = "^24.10.0" black = "^24.10.0"

3
apps/blockchain-node/pyproject.toml
View File

@@ -9,6 +9,7 @@ packages = [
[tool.poetry.dependencies] [tool.poetry.dependencies]
python = "^3.13" python = "^3.13"
cryptography = ">=47.0.0"
# All dependencies managed centrally in /opt/aitbc/requirements-consolidated.txt # All dependencies managed centrally in /opt/aitbc/requirements-consolidated.txt
# Use: ./scripts/install-profiles.sh web database blockchain # Use: ./scripts/install-profiles.sh web database blockchain
@@ -16,7 +17,7 @@ python = "^3.13"
uvloop = ["uvloop"] uvloop = ["uvloop"]
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]
pytest = ">=8.2.0" pytest = ">=8.3.0"
pytest-asyncio = ">=0.23.0" pytest-asyncio = ">=0.23.0"
[build-system] [build-system]

2
apps/coordinator-api/pyproject.toml
View File

@@ -13,7 +13,7 @@ python = ">=3.13,<3.15"
# Use: ./scripts/install-profiles.sh web database blockchain # Use: ./scripts/install-profiles.sh web database blockchain
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]
pytest = ">=8.2.0" pytest = ">=8.3.0"
pytest-asyncio = ">=0.23.0" pytest-asyncio = ">=0.23.0"
httpx = {extras=["cli"], version=">=0.27.0"} httpx = {extras=["cli"], version=">=0.27.0"}

2
apps/pool-hub/pyproject.toml
View File

@@ -22,7 +22,7 @@ alembic = "^1.13.0"
aitbc-core = {path = "../../packages/py/aitbc-core"} aitbc-core = {path = "../../packages/py/aitbc-core"}
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]
pytest = "^8.2.0" pytest = ">=8.3.0"
pytest-asyncio = "^0.23.0" pytest-asyncio = "^0.23.0"
[build-system] [build-system]

2
apps/wallet/pyproject.toml
View File

@@ -21,7 +21,7 @@ asyncpg = "^0.29.0"
aitbc-core = {path = "../../packages/py/aitbc-core"} aitbc-core = {path = "../../packages/py/aitbc-core"}
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]
pytest = "^8.2.0" pytest = ">=8.3.0"
pytest-asyncio = "^0.23.0" pytest-asyncio = "^0.23.0"
[build-system] [build-system]

2
packages/py/aitbc-core/pyproject.toml
View File

@@ -8,7 +8,7 @@ authors = [
readme = "README.md" readme = "README.md"
requires-python = ">=3.13" requires-python = ">=3.13"
dependencies = [ dependencies = [
"cryptography>=41.0.0", "cryptography>=47.0.0",
"sqlmodel>=0.0.14", "sqlmodel>=0.0.14",
"fastapi>=0.104.0", "fastapi>=0.104.0",
"uvicorn>=0.24.0", "uvicorn>=0.24.0",

2
packages/py/aitbc-crypto/pyproject.toml
View File

@@ -8,7 +8,7 @@ authors = [
readme = "README.md" readme = "README.md"
requires-python = ">=3.13" requires-python = ">=3.13"
dependencies = [ dependencies = [
"cryptography>=41.0.0", "cryptography>=47.0.0",
"pynacl>=1.5.0" "pynacl>=1.5.0"
] ]

2
packages/py/aitbc-sdk/pyproject.toml
View File

@@ -8,7 +8,7 @@ authors = [
readme = "README.md" readme = "README.md"
requires-python = ">=3.13" requires-python = ">=3.13"
dependencies = [ dependencies = [
"cryptography>=41.0.0", "cryptography>=47.0.0",
"requests>=2.31.0", "requests>=2.31.0",
"pydantic>=2.5.0", "pydantic>=2.5.0",
"httpx>=0.25.0", "httpx>=0.25.0",