Skip to content

chore(deps): bump the python-dependencies group across 1 directory with 20 updates #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the python-dependencies group across 1 directory with 20 updates #136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ dependencies = [
"mcp[cli]>=1.8.0,<2.0.0",
# cryptography >=46.0.7 closes CVE-2026-34073 (name constraints bypass)
# and CVE-2026-39892 (Hash.update buffer overflow).
"cryptography>=46.0.7,<47.0.0",
"cryptography>=46.0.7,<49.0.0",
# PyJWT >=2.12.0 closes CVE-2026-32597 (crit header validation bypass).
# This directly impacts Attestix's JWT / Verifiable Credential / UCAN
# verification paths and is the hard blocker for the v0.3.0 release.
Expand Down Expand Up @@ -85,21 +85,21 @@ kms = ["boto3>=1.34,<2.0"]
# extra (not a base runtime dep) so callers who only need the MCP server or
# Python services do not get FastAPI dragged in. The published quickstart at
# attestix.io/docs/quickstart/enterprise-architect now installs `attestix[api]`.
api = ["fastapi>=0.115,<0.130", "uvicorn[standard]>=0.32,<0.40"]
api = ["fastapi>=0.115,<0.130", "uvicorn[standard]>=0.32,<0.50"]
# v0.4.0-rc.3: framework integration extras. The integration callback /
# adapter classes live under `attestix.integrations.<framework>` and import
# their respective SDK lazily so `import attestix.integrations` itself is
# always cheap. Install only the extra you need.
langchain = ["langchain-core>=0.3,<0.5"]
crewai = ["crewai>=0.95,<0.200"]
langchain = ["langchain-core>=0.3,<1.5"]
crewai = ["crewai>=0.95,<1.15"]
openai-agents = ["openai-agents>=0.0.20"]
test = ["pytest>=8.0", "pytest-asyncio>=0.24", "respx>=0.22", "pytest-cov>=5.0"]
lint = ["ruff>=0.6.0", "mypy>=1.11"]
security = ["pip-audit>=2.7", "bandit>=1.7", "safety>=3.2"]
# CycloneDX SBOM generation. Produces a CycloneDX 1.5 (or later) JSON BOM
# with runtime and transitive dependencies. Used in the release workflow to
# attach an authoritative SBOM to every GitHub release.
sbom = ["cyclonedx-bom>=5.0.0,<6.0.0"]
sbom = ["cyclonedx-bom>=5.0.0,<8.0.0"]
dev = [
"pytest>=8.0",
"pytest-asyncio>=0.24",
Expand All @@ -109,7 +109,7 @@ dev = [
"mypy>=1.11",
"pip-audit>=2.7",
"bandit>=1.7",
"cyclonedx-bom>=5.0.0,<6.0.0",
"cyclonedx-bom>=5.0.0,<8.0.0",
"build>=1.2",
]

Expand Down
Loading
Loading