fix: bump vulnerable transitive deps

[johnnygreco]

📋 Summary

Addresses vulnerability scan findings by constraining vulnerable transitive dependencies to patched versions. The lockfile now resolves Starlette to 1.3.1 and Tornado to 6.5.7 so the affected MCP and JupyterLab dependency paths no longer pull the flagged versions.

🔗 Related Issue

N/A

🔄 Changes

• Added starlette>=1.2.0,<2 to the data-designer-engine dependency metadata for the transitive mcp path.
• Added tornado>=6.5.7,<7 to the workspace notebooks dependency group for the transitive JupyterLab path.
• Regenerated uv.lock, updating starlette from 0.52.1 to 1.3.1 and tornado from 6.5.5 to 6.5.7.

🔍 Attention Areas

⚠️ Reviewers: Please pay special attention to the following:

• packages/data-designer-engine/pyproject.toml — Adds a direct Starlette security floor while preserving the existing mcp>=1.26.0,<2 range.
• pyproject.toml — Adds a notebook-group Tornado security floor for the JupyterLab dependency path.

🧪 Testing

• make test passes (not run)
• Unit tests added/updated: N/A — dependency-only security bump
• E2E tests added/updated: N/A — dependency-only security bump
• uv lock --check
• uv run --all-packages pytest packages/data-designer-engine/tests/engine/mcp -q
• uv run --all-packages --group notebooks python -c 'import starlette, tornado; print(f"starlette={starlette.__version__}"); print(f"tornado={tornado.version}")'

✅ Checklist

• Follows commit message conventions
• Commits are signed off (DCO)
• Architecture docs updated (N/A — dependency-only security bump)

[greptile-apps]

Greptile Summary

This PR constrains two vulnerable transitive dependencies — starlette (via mcp) and tornado (via JupyterLab) — to patched versions by adding explicit security floors to the relevant pyproject.toml files and regenerating the lockfile.

• Adds starlette>=1.2.0,<2 to data-designer-engine's dependency list so the mcp resolution path is pinned to ≥ 1.2.0 (resolved to 1.3.1 in the lockfile).
• Adds tornado>=6.5.7,<7 to the workspace notebooks group so the JupyterLab path is pinned to ≥ 6.5.7 (resolved from 6.5.5 to 6.5.7 in the lockfile).
• The lockfile is fully regenerated with updated hashes; the pattern and inline comment style match the existing security floors already present in both files.

Confidence Score: 5/5

Safe to merge — the change is limited to dependency version floors and a regenerated lockfile with no modifications to application code.

Both security floors follow the established pattern already used for cryptography, pyjwt, python-multipart, and others in the same files. The starlette jump from 0.52.x to 1.3.1 is a major-series change, but the lockfile resolved cleanly and the author confirmed MCP tests pass against the new version. The tornado bump is a minor patch update with no compatibility concerns. No logic, API surface, or runtime behavior changes are introduced.

No files require special attention.

Important Files Changed

Filename	Overview
packages/data-designer-engine/pyproject.toml	Adds starlette>=1.2.0,<2 as a direct dependency floor to force a patched version for the transitive mcp path; follows the existing pattern of security floor comments in this file.
pyproject.toml	Adds tornado>=6.5.7,<7 to the notebooks dependency group to enforce a patched version over the transitive JupyterLab path; consistent with the other security floor entries in the same group.
uv.lock	Regenerated lockfile: starlette bumped 0.52.1 → 1.3.1 and tornado bumped 6.5.5 → 6.5.7, with updated hashes and source URLs; all resolved entries are consistent with the new constraints.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[data-designer-engine] -->|direct dep| B[mcp >= 1.26.0, < 2]
    A -->|security floor added| C[starlette >= 1.2.0, < 2\nresolved: 1.3.1]
    B -->|transitive dep| C

    D[workspace notebooks group] -->|direct dep| E[jupyterlab >= 4.6.0a5, < 5]
    D -->|security floor added| F[tornado >= 6.5.7, < 7\nresolved: 6.5.7]
    E -->|transitive dep| F

    style C fill:#d4edda,stroke:#28a745
    style F fill:#d4edda,stroke:#28a745

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[data-designer-engine] -->|direct dep| B[mcp >= 1.26.0, < 2]
    A -->|security floor added| C[starlette >= 1.2.0, < 2\nresolved: 1.3.1]
    B -->|transitive dep| C

    D[workspace notebooks group] -->|direct dep| E[jupyterlab >= 4.6.0a5, < 5]
    D -->|security floor added| F[tornado >= 6.5.7, < 7\nresolved: 6.5.7]
    E -->|transitive dep| F

    style C fill:#d4edda,stroke:#28a745
    style F fill:#d4edda,stroke:#28a745

Loading

_{Reviews (1): Last reviewed commit: "fix: bump vulnerable transitive deps" | Re-trigger Greptile}

[github-actions]

Summary

This PR adds direct version floors for two transitive dependencies pulled in via mcp and jupyterlab, regenerating uv.lock to lift starlette from 0.52.1 → 1.3.1 and tornado from 6.5.5 → 6.5.7. The intent is to escape vulnerable versions flagged by a vulnerability scan without changing application code.

Diff is small (3 files, +22/-16) and the manifest changes are mechanical:

• packages/data-designer-engine/pyproject.toml: adds "starlette>=1.2.0,<2" next to other engine deps.
• pyproject.toml: adds "tornado>=6.5.7,<7" to the notebooks group.
• uv.lock: corresponding regeneration.

No source files reference starlette or tornado directly (verified via grep), so these are pure transitive constraints.

Findings

Correctness / risk

• Starlette is a 0.x → 1.x jump, not a patch bump. Even though mcp 1.26.0's lockfile entry tolerates Starlette 1.3.1 and uv lock --check passes, Starlette only crossed 1.0 very recently and has had API churn around middleware/exception handling and multipart parsing. The author ran the targeted packages/data-designer-engine/tests/engine/mcp suite, which is the right minimum, but make test was explicitly not run per the PR checklist. Worth letting the full CI suite green-light this before merging — particularly anything that exercises an MCP server end-to-end.
• Tornado 6.5.5 → 6.5.7 is a patch bump and should be low-risk. JupyterLab is dev-only (notebooks group), so the blast radius is limited to local notebook work, not shipped engine code.
• Floors and upper bounds are sensible. <2 on starlette and <7 on tornado match the major-version-pin convention used elsewhere in the file (mistune<4, nbconvert<8, notebook<8). Floor (>=1.2.0) is below the resolved version (1.3.1), which gives uv room to satisfy other constraints without requiring another lockfile update.

Style / conventions

• Alphabetical ordering preserved in both pyproject.toml blocks (starlette between sqlfluff and tiktoken; tornado after notebook).
• Inline comments follow the established pattern ("X.Y.Z fixes security advisory pulled in by ...") — consistent with the surrounding mistune/nbconvert/notebook entries the author already added.
• Minor suggestion (non-blocking): consider including the CVE or GHSA identifier in the comment, e.g. # fixes GHSA-xxxx-xxxx — pulled in by mcp. The neighboring entries also lack this, so it's a project-wide style nit rather than a regression introduced here. A reviewer six months from now trying to figure out whether the pin is still load-bearing has to dig through scan history.

Tests / coverage

• No source changes, no test changes — appropriate for a transitive-pin bump.
• The PR description notes uv lock --check and the targeted mcp test suite passed locally. Those are the right local checks; CI's full suite will catch any latent Starlette 1.x incompatibility.

Security

• This is a purely defensive bump. No new attack surface introduced. Confirms that the engine package now has an explicit Starlette security floor it did not have before, which is good hygiene even though Starlette isn't imported directly — it documents intent and resists future transitive resolution drift.

Verdict

LGTM pending green CI. The Starlette major-version jump is the only thing that warrants attention; everything else is mechanical and matches existing conventions. No blocking issues.