Merge pull request #31 from Smart-AI-Memory/dependabot/pip/dev-dependencies-31adc6bfb2

silversurfer562 · web-flow · commit bc71577a6e26 · 2026-01-27T21:12:14.000-05:00
Merge Dependabot PR #31: Dev dependencies update with black security patch (CVE-2024-21503)
diff --git a/pyproject.toml b/pyproject.toml
@@ -184,7 +184,7 @@ dev = [
     "pytest-xdist>=3.5.0,<4.0",  # Parallel test execution (4-8x faster)
     "pytest-testmon>=2.1.0,<3.0",  # Run only tests affected by changes
     "pytest-picked>=0.5.0,<1.0",  # Run tests for uncommitted changes
-    "black>=24.3.0,<26.0",  # CVE fix: PYSEC-2024-48
+    "black>=24.3.0,<27.0",  # CVE fix: PYSEC-2024-48
     "mypy>=1.0,<2.0",
     "ruff>=0.1,<1.0",
     "coverage>=7.0,<8.0",
@@ -303,15 +303,15 @@ all = [
     "mkdocs-with-pdf>=0.9.3,<1.0.0",
     "pymdown-extensions>=10.0,<11.0",
     # Dev tools
-    "pytest>=7.0,<9.0",
-    "pytest-asyncio>=0.21,<1.0",
-    "pytest-cov>=4.0,<5.0",
-    "black>=24.3.0,<26.0",  # CVE fix
+    "pytest>=7.0,<10.0",
+    "pytest-asyncio>=0.21,<2.0",
+    "pytest-cov>=4.0,<8.0",
+    "black>=24.3.0,<27.0",  # CVE fix
     "mypy>=1.0,<2.0",
     "ruff>=0.1,<1.0",
     "coverage>=7.0,<8.0",
     "bandit>=1.7,<2.0",
-    "pre-commit>=3.0,<4.0",
+    "pre-commit>=3.0,<5.0",
     "httpx>=0.27.0,<1.0.0",  # For API testing
     # Security constraint overrides for transitive dependencies
     "urllib3>=2.3.0,<3.0.0",  # CVE fix: GHSA-gm62, GHSA-2xpw
