Skip to content

fix(DATAGO-135081): bump deps for critical/high vuln fixes#166

Merged
cyrus2281 merged 2 commits into
mainfrom
cyrus/DATAGO-135081/vul
May 11, 2026
Merged

fix(DATAGO-135081): bump deps for critical/high vuln fixes#166
cyrus2281 merged 2 commits into
mainfrom
cyrus/DATAGO-135081/vul

Conversation

@cyrus2281

Copy link
Copy Markdown
Collaborator

Summary

  • Bump fastmcp floor from >=2.14.2 to >=3.2.0 in sam-mcp-server-gateway-adapter (CVE-2026-32871, CRITICAL)
  • Bump pydantic from 2.11.9 to 2.12.5 in sam-sql-database, sam-sql-database-tool, and sam-mongodb (required by litellm>=1.83.7 cascade)

Test plan

  • sam-mcp-server-gateway-adapter: 23/23 tests pass
  • sam-sql-database-tool: 77/77 tests pass
  • sam-mongodb: 12/12 tests pass
  • sam-sql-database: install succeeds (placeholder tests only)
  • Clean venv install with SAM + enterprise: all imports OK

Merge order: This PR should be merged first (before solace-ai-connector, solace-agent-mesh, and enterprise).

🤖 Generated with Claude Code

…ability fixes

- fastmcp >=2.14.2 -> >=3.2.0 in sam-mcp-server-gateway-adapter (CVE-2026-32871)
- pydantic 2.11.9 -> 2.12.5 in sam-sql-database, sam-sql-database-tool, sam-mongodb (required by litellm>=1.83.7)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@cyrus2281 cyrus2281 force-pushed the cyrus/DATAGO-135081/vul branch from d573730 to 983a2fa Compare May 6, 2026 16:26
@cyrus2281 cyrus2281 enabled auto-merge (squash) May 11, 2026 19:13
@github-actions

Copy link
Copy Markdown

✅ SonarQube Quality Gate - All Passed

Project Quality Gate Status Analysis
sam-mcp-server-gateway-adapter ✅ Passed See analysis details on SonarQube
sam-mongodb ✅ Passed See analysis details on SonarQube
sam-sql-database-tool ✅ Passed See analysis details on SonarQube

Quality gate checks run for each changed project.

@github-actions

Copy link
Copy Markdown

✅ FOSSA Guard (PR Diff) - No New Issues Introduced

Diff mode compares PR head against base revision and reports only newly introduced issues.

Check Scope Status
FOSSA Vulnerabilities Per-Project (PR Diff) ✅ Passed
License Check Per-Project (PR Diff) ✅ Passed

Projects With New Issues

  • None
Project FOSSA Vulnerabilities License Check FOSSA Report
sam-mcp-server-gateway-adapter ✅ Passed ✅ Passed View report
sam-mongodb ✅ Passed ✅ Passed View report
sam-sql-database-tool ✅ Passed ✅ Passed View report

Only newly introduced issues are shown in this report.

@cyrus2281 cyrus2281 merged commit 8dcf449 into main May 11, 2026
14 checks passed
@cyrus2281 cyrus2281 deleted the cyrus/DATAGO-135081/vul branch May 11, 2026 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants