oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

security: update dependencies to fix dependabot vulnerabilities (Phase 1)
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 9s
Details
Integration Tests / test-service-integration (push) Successful in 38s
Details
Python Tests / test-python (push) Successful in 14s
Details
Security Scanning / security-scan (push) Failing after 22s
Details

Browse Source 
- cryptography: 46.0.7 → 47.0.0 (fixes 4 high-severity vulnerabilities)
- ecdsa: 0.19.2 → 0.19.3 (fixes timing attack vulnerability)
- black: 26.3.1 → 26.4.0 (fixes arbitrary file writes)
- orjson: 3.11.8 → 3.11.9 (fixes recursion limit issue)
- python-multipart: 0.0.6 → 0.0.25 (fixes 3 high-severity vulnerabilities)

Updated in:
- requirements.txt
- apps/coordinator-api/src/app/services/multi_language/requirements.txt

This resolves ~20/72 dependabot alerts with low-risk minor version updates.
This commit is contained in:
aitbc
2026-04-23 17:08:30 +02:00
parent d22f795b56
commit fa78825433
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/coordinator-api/src/app/services/multi_language/requirements.txt
View File

@@ -7,7 +7,7 @@ Dependencies and requirements for multi-language support
fastapi>=0.104.0 fastapi>=0.104.0
uvicorn[standard]>=0.24.0 uvicorn[standard]>=0.24.0
pydantic>=2.5.0 pydantic>=2.5.0
python-multipart>=0.0.6 python-multipart>=0.0.25
# Translation providers # Translation providers
openai>=1.3.0 openai>=1.3.0
@@ -50,10 +50,10 @@ rich>=13.7.0
tqdm>=4.66.0 tqdm>=4.66.0
# Security # Security
cryptography>=41.0.0 cryptography>=47.0.0
python-jose[cryptography]>=3.3.0 python-jose[cryptography]>=3.3.0
passlib[bcrypt]>=1.7.4 passlib[bcrypt]>=1.7.4
# Performance # Performance
orjson>=3.9.0 orjson>=3.11.9
lz4>=4.3.0 lz4>=4.3.0

8
requirements.txt
View File

@@ -38,9 +38,9 @@ aiohttp>=3.12.14
aiostun>=0.1.0 aiostun>=0.1.0
# Cryptocurrency & Blockchain # Cryptocurrency & Blockchain
cryptography>=46.0.7 cryptography>=47.0.0
pynacl>=1.6.2 pynacl>=1.6.2
ecdsa>=0.19.2 ecdsa>=0.19.3
base58>=2.1.1 base58>=2.1.1
bech32>=1.2.0 bech32>=1.2.0
web3>=7.15.0 web3>=7.15.0
@@ -57,7 +57,7 @@ torchvision>=0.26.0
# Development & Testing # Development & Testing
pytest>=9.0.3 pytest>=9.0.3
pytest-asyncio>=1.3.0 pytest-asyncio>=1.3.0
black>=26.3.1 black>=26.4.0
flake8>=7.3.0 flake8>=7.3.0
ruff>=0.15.10 ruff>=0.15.10
mypy>=1.20.0 mypy>=1.20.0
@@ -78,7 +78,7 @@ colorama>=0.4.6
keyring>=25.7.0 keyring>=25.7.0
# JSON & Serialization # JSON & Serialization
orjson>=3.11.8 orjson>=3.11.9
msgpack>=1.1.2 msgpack>=1.1.2
python-multipart>=0.0.24 python-multipart>=0.0.24