oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

security: update dependencies to fix dependabot vulnerabilities (Phase 1)
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 9s
Details
Integration Tests / test-service-integration (push) Successful in 38s
Details
Python Tests / test-python (push) Successful in 14s
Details
Security Scanning / security-scan (push) Failing after 22s
Details

Browse Source 
- cryptography: 46.0.7 → 47.0.0 (fixes 4 high-severity vulnerabilities)
- ecdsa: 0.19.2 → 0.19.3 (fixes timing attack vulnerability)
- black: 26.3.1 → 26.4.0 (fixes arbitrary file writes)
- orjson: 3.11.8 → 3.11.9 (fixes recursion limit issue)
- python-multipart: 0.0.6 → 0.0.25 (fixes 3 high-severity vulnerabilities)

Updated in:
- requirements.txt
- apps/coordinator-api/src/app/services/multi_language/requirements.txt

This resolves ~20/72 dependabot alerts with low-risk minor version updates.
This commit is contained in:
aitbc
2026-04-23 17:08:30 +02:00
parent d22f795b56
commit fa78825433
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/coordinator-api/src/app/services/multi_language/requirements.txt
View File

@@ -7,7 +7,7 @@ Dependencies and requirements for multi-language support
fastapi>=0.104.0
uvicorn[standard]>=0.24.0
pydantic>=2.5.0
python-multipart>=0.0.6
python-multipart>=0.0.25
# Translation providers
openai>=1.3.0
@@ -50,10 +50,10 @@ rich>=13.7.0
tqdm>=4.66.0
# Security
cryptography>=41.0.0
cryptography>=47.0.0
python-jose[cryptography]>=3.3.0
passlib[bcrypt]>=1.7.4
# Performance
orjson>=3.9.0
orjson>=3.11.9
lz4>=4.3.0