oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

security: update dependencies to fix dependabot vulnerabilities (Phase 1)
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 9s
Details
Integration Tests / test-service-integration (push) Successful in 38s
Details
Python Tests / test-python (push) Successful in 14s
Details
Security Scanning / security-scan (push) Failing after 22s
Details

Browse Source 
- cryptography: 46.0.7 → 47.0.0 (fixes 4 high-severity vulnerabilities)
- ecdsa: 0.19.2 → 0.19.3 (fixes timing attack vulnerability)
- black: 26.3.1 → 26.4.0 (fixes arbitrary file writes)
- orjson: 3.11.8 → 3.11.9 (fixes recursion limit issue)
- python-multipart: 0.0.6 → 0.0.25 (fixes 3 high-severity vulnerabilities)

Updated in:
- requirements.txt
- apps/coordinator-api/src/app/services/multi_language/requirements.txt

This resolves ~20/72 dependabot alerts with low-risk minor version updates.
This commit is contained in:
aitbc
2026-04-23 17:08:30 +02:00
parent d22f795b56
commit fa78825433
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
requirements.txt
View File

@@ -38,9 +38,9 @@ aiohttp>=3.12.14
aiostun>=0.1.0
# Cryptocurrency & Blockchain
cryptography>=46.0.7
cryptography>=47.0.0
pynacl>=1.6.2
ecdsa>=0.19.2
ecdsa>=0.19.3
base58>=2.1.1
bech32>=1.2.0
web3>=7.15.0
@@ -57,7 +57,7 @@ torchvision>=0.26.0
# Development & Testing
pytest>=9.0.3
pytest-asyncio>=1.3.0
black>=26.3.1
black>=26.4.0
flake8>=7.3.0
ruff>=0.15.10
mypy>=1.20.0
@@ -78,7 +78,7 @@ colorama>=0.4.6
keyring>=25.7.0
# JSON & Serialization
orjson>=3.11.8
orjson>=3.11.9
msgpack>=1.1.2
python-multipart>=0.0.24