security: fix Dependabot vulnerabilities
Some checks failed
Cross-Node Transaction Testing / transaction-test (push) Successful in 8s
Deploy to Testnet / deploy-testnet (push) Successful in 1m53s
Multi-Node Stress Testing / stress-test (push) Successful in 3s
Python Tests / test-python (push) Failing after 33s
Build Debian Miner Binary / build-miner (push) Failing after 14m18s
Some checks failed
Cross-Node Transaction Testing / transaction-test (push) Successful in 8s
Deploy to Testnet / deploy-testnet (push) Successful in 1m53s
Multi-Node Stress Testing / stress-test (push) Successful in 3s
Python Tests / test-python (push) Failing after 33s
Build Debian Miner Binary / build-miner (push) Failing after 14m18s
- Update idna from 3.13 to 3.15 (fixes CVE-2026-45409) - Update ujson from 5.12.0 to 5.12.1 (fixes CVE-2026-44660) - Update urllib3 from 2.6.3 to 2.7.0 (fixes CVE-2026-44431, CVE-2026-44432) - Remove vllm (transitive dependency causing diskcache vulnerability) - Remove diskcache (CVE-2025-69872 - no longer required) - Update requirements.txt with secure dependency versions All vulnerabilities now resolved: pip-audit shows no known vulnerabilities found
This commit is contained in:
aitbc
@@ -44,6 +44,7 @@ httpx>=0.28.1
|
||||
requests>=2.32.4
|
||||
aiohttp>=3.12.14
|
||||
aiostun>=0.1.0
|
||||
urllib3>=2.7.0
|
||||
|
||||
# Cryptocurrency & Blockchain
|
||||
cryptography>=46.0.0
|
||||
@@ -89,6 +90,7 @@ keyring>=25.7.0
|
||||
orjson>=3.11.0
|
||||
msgpack>=1.1.2
|
||||
python-multipart>=0.0.27
|
||||
ujson>=5.12.1
|
||||
|
||||
# Logging & Monitoring
|
||||
structlog>=25.1.0
|
||||
@@ -113,3 +115,4 @@ opencv-python>=4.11.0
|
||||
redis>=5.2.1
|
||||
psutil>=6.1.0
|
||||
tenseal>=0.3.0
|
||||
idna>=3.15
|
||||
|
||||
Reference in New Issue
Block a user