Skip to content

Commit e8e6db1

Browse files
fsecada01claude
andcommitted
Upgrade all dependencies to resolve Dependabot alerts
- urllib3 → 2.6.3 (fixes HIGH: decompression-bomb + redirect chain) - pypdf → 6.7.1 (fixes MEDIUM/LOW: DoS loops + RAM exhaustion) - cryptography → 46.0.5 (fixes HIGH: SECT curve subgroup attack) - nbconvert → 7.17.0 (fixes HIGH: uncontrolled search path on Windows) - jupyterlab → 4.5.4 (fixes LOW: LaTeX noopener attribute) - tornado → 6.5.4 (fixes HIGH: excessive logging via malformed multipart) All 15 open Dependabot alerts addressed. No version pins in pyproject.toml that would prevent future upgrades. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 5eb0d1e commit e8e6db1

1 file changed

Lines changed: 858 additions & 617 deletions

File tree

0 commit comments

Comments
 (0)