Skip to content

Commit 4e39e60

Browse files
dependabot[bot]aieng-bot[bot]
andauthored
Bump ruff from 0.14.11 to 0.14.13 (#47)
* Bump ruff from 0.14.11 to 0.14.13 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.11 to 0.14.13. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.11...0.14.13) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.14.13 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Fix security vulnerability in virtualenv dependency Security updates: - Update virtualenv from 20.35.4 to 20.36.1 (fixes CVE-2026-22702) Severity: High CVE-2026-22702 is a TOCTOU (Time-of-Check-Time-of-Use) vulnerability that allows local attackers to perform symlink-based attacks on directory creation operations. The vulnerability has been patched in virtualenv 20.36.1+ by replacing check-then-act patterns with atomic os.makedirs operations. Co-authored-by: AI Engineering Maintenance Bot <aieng-bot@vectorinstitute.ai> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: aieng-bot[bot] <aieng-bot@vectorinstitute.ai>
1 parent d1f71a3 commit 4e39e60

2 files changed

Lines changed: 28 additions & 25 deletions

File tree

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ dependencies = [
1212
"jupyterlab>=4.4.8",
1313
"pip>=25.3",
1414
"urllib3>=2.6.0",
15+
"virtualenv==20.36.1",
1516
]
1617

1718
[dependency-groups]

uv.lock

Lines changed: 27 additions & 25 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)