Skip to content

Commit 36b8ccd

Browse files
committed
chore(deps): bump pyjwt/cryptography/python-multipart to patched versions; sync lock
Remediate Dependabot CVEs in transitive deps: pyjwt 2.12.1->2.13.0, cryptography 48.0.0->49.0.0, python-multipart 0.0.28->0.0.32 (starlette already 1.3.1). Also reconciles uv.lock with pyproject (the pillow [dev] extra was missing from the committed lock). Full-lock re-audit: no known vulnerabilities. Validated: mcp/attest/cga/sbom/signing suites pass with the bumped deps.
1 parent ac69512 commit 36b8ccd

1 file changed

Lines changed: 154 additions & 57 deletions

File tree

0 commit comments

Comments
 (0)