Commit 4e39e60
Bump ruff from 0.14.11 to 0.14.13 (#47)
* Bump ruff from 0.14.11 to 0.14.13
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.11 to 0.14.13.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.11...0.14.13)
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.14.13
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix security vulnerability in virtualenv dependency
Security updates:
- Update virtualenv from 20.35.4 to 20.36.1 (fixes CVE-2026-22702)
Severity: High
CVE-2026-22702 is a TOCTOU (Time-of-Check-Time-of-Use) vulnerability
that allows local attackers to perform symlink-based attacks on
directory creation operations. The vulnerability has been patched
in virtualenv 20.36.1+ by replacing check-then-act patterns with
atomic os.makedirs operations.
Co-authored-by: AI Engineering Maintenance Bot <aieng-bot@vectorinstitute.ai>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: aieng-bot[bot] <aieng-bot@vectorinstitute.ai>1 parent d1f71a3 commit 4e39e60
2 files changed
Lines changed: 28 additions & 25 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
| 15 | + | |
15 | 16 | | |
16 | 17 | | |
17 | 18 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments