oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

security: update python-multipart and starlette to fix high-severity vulnerabilities
Some checks failed
CLI Tests / test-cli (push) Successful in 14s
Details
Cross-Node Transaction Testing / transaction-test (push) Successful in 2s
Details
Deploy to Testnet / deploy-testnet (push) Successful in 1m12s
Details
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Details
Node Failover Simulation / failover-test (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Successful in 8m54s
Details
Package Tests / Python package - aitbc-agent-sdk (push) Failing after 30s
Details
Package Tests / Python package - aitbc-core (push) Successful in 13s
Details
Package Tests / Python package - aitbc-crypto (push) Successful in 9s
Details
Package Tests / Python package - aitbc-sdk (push) Successful in 10s
Details
Package Tests / JavaScript package - aitbc-sdk-js (push) Successful in 6s
Details
Package Tests / JavaScript package - aitbc-token (push) Successful in 15s
Details
Python Tests / test-python (push) Has been cancelled
Details
Security Scanning / security-scan (push) Successful in 30s
Details

Browse Source 
- Updated python-multipart from >=0.0.24 to >=0.0.27 (fixes 3 DoS alerts)
- Updated starlette from >=0.27.0 to >=0.49.1 (fixes 1 O(n^2) DoS alert)
- Updated in requirements.txt, pyproject.toml, coordinator-api requirements, aitbc-core

This addresses 4 of the 11 high-severity security vulnerabilities reported by GitHub Dependabot.
This commit is contained in:
aitbc
2026-05-09 20:55:36 +02:00
parent a9adcc17b7
commit d26d937fb1
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/coordinator-api/src/app/services/multi_language/requirements.txt
View File

@@ -7,7 +7,7 @@ Dependencies and requirements for multi-language support
fastapi>=0.104.0 fastapi>=0.104.0
uvicorn[standard]>=0.24.0 uvicorn[standard]>=0.24.0
pydantic>=2.5.0 pydantic>=2.5.0
python-multipart>=0.0.25 python-multipart>=0.0.27
# Translation providers # Translation providers
openai>=1.3.0 openai>=1.3.0

2
packages/py/aitbc-core/pyproject.toml
View File

@@ -15,7 +15,7 @@ dependencies = [
"redis>=5.0.0", "redis>=5.0.0",
"pydantic>=2.5.0", "pydantic>=2.5.0",
"structlog>=23.0.0", "structlog>=23.0.0",
"starlette>=0.27.0", "starlette>=0.49.1",
] ]
[build-system] [build-system]

4
pyproject.toml
View File

@@ -12,7 +12,7 @@ python = ">=3.13,<3.14"
fastapi = ">=0.115.6" fastapi = ">=0.115.6"
uvicorn = {extras = ["standard"], version = ">=0.34.0"} uvicorn = {extras = ["standard"], version = ">=0.34.0"}
gunicorn = ">=23.0.0" gunicorn = ">=23.0.0"
starlette = ">=0.41.0" starlette = ">=0.49.1"
# Database & ORM # Database & ORM
sqlalchemy = {extras = ["asyncio"], version = ">=2.0.49"} sqlalchemy = {extras = ["asyncio"], version = ">=2.0.49"}
sqlmodel = ">=0.0.38" sqlmodel = ">=0.0.38"
@@ -57,7 +57,7 @@ keyring = ">=25.7.0"
# JSON & Serialization # JSON & Serialization
orjson = ">=3.11.0" orjson = ">=3.11.0"
msgpack = ">=1.1.2" msgpack = ">=1.1.2"
python-multipart = ">=0.0.24" python-multipart = ">=0.0.27"
# Logging & Monitoring # Logging & Monitoring
structlog = ">=25.1.0" structlog = ">=25.1.0"
sentry-sdk = ">=2.20.0" sentry-sdk = ">=2.20.0"

4
requirements.txt
View File

@@ -19,7 +19,7 @@
fastapi>=0.115.6 fastapi>=0.115.6
uvicorn[standard]>=0.34.0 uvicorn[standard]>=0.34.0
gunicorn>=23.0.0 gunicorn>=23.0.0
starlette>=0.27.0 starlette>=0.49.1
# Database & ORM # Database & ORM
sqlalchemy>=2.0.49 sqlalchemy>=2.0.49
@@ -88,7 +88,7 @@ keyring>=25.7.0
# JSON & Serialization # JSON & Serialization
orjson>=3.11.0 orjson>=3.11.0
msgpack>=1.1.2 msgpack>=1.1.2
python-multipart>=0.0.24 python-multipart>=0.0.27
# Logging & Monitoring # Logging & Monitoring
structlog>=25.1.0 structlog>=25.1.0