Skip to content

fix(deps): patch 12 Dependabot security vulnerabilities#283

Merged
FernandoCelmer merged 1 commit intodevelopfrom
fix/dependabot-vulnerabilities
May 2, 2026
Merged

fix(deps): patch 12 Dependabot security vulnerabilities#283
FernandoCelmer merged 1 commit intodevelopfrom
fix/dependabot-vulnerabilities

Conversation

@FernandoCelmer
Copy link
Copy Markdown
Member

@FernandoCelmer FernandoCelmer commented May 2, 2026

Summary

  • Update poetry.lock to resolve 12 of 14 open Dependabot security alerts
  • All 474 tests pass

Packages Updated

Package From To Alerts Fixed
GitPython 3.1.46 3.1.49 #20, #21 (HIGH)
cryptography 46.0.6 46.0.7 #16, #17, #18 (HIGH, MEDIUM, LOW)
filelock 3.19.1 3.29.0 #8, #11 (MEDIUM)
urllib3 2.6.3 #6, #7, #9 (HIGH)
requests 2.32.5 2.33.1 #13 (MEDIUM)
cryptography (old) kept 43.0.3 #15 (LOW) — Python 3.9.0/3.9.1 compat

Not Fixed (acceptable)

Alert Package Reason
#4 urllib3 1.26.x Transitive via botocore (pins urllib3<2) — cannot remove
#19 pytest <9.0.3 pytest 9+ requires Python ≥3.10; project supports 3.9

Test Plan

  • poetry run pytest tests/ --ignore=tests/test_integration.py → 474 passed
  • CI pipeline green

@FernandoCelmer FernandoCelmer force-pushed the fix/dependabot-vulnerabilities branch 3 times, most recently from 776ed8d to e0326eb Compare May 2, 2026 20:12
@FernandoCelmer
⚠️ SECURITY: Patch 12 Dependabot security vulnerabilities
9c7fa29 
- Update poetry.lock: GitPython 3.1.49, cryptography 46.0.7,
  filelock 3.29.0, urllib3 2.6.3, requests 2.33.1
- Add `from __future__ import annotations` to workflow.py and task.py
  to fix Python 3.9 compatibility (PEP 604 union syntax)

Resolves: Dependabot alerts #6, #7, #8, #9, #11, #13, #15, #16, #17, #18, #20, #21
@FernandoCelmer FernandoCelmer force-pushed the fix/dependabot-vulnerabilities branch from e0326eb to 9c7fa29 Compare May 2, 2026 20:16
@FernandoCelmer FernandoCelmer merged commit 333220d into develop May 2, 2026
10 checks passed
@FernandoCelmer FernandoCelmer deleted the fix/dependabot-vulnerabilities branch May 2, 2026 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FernandoCelmer