Commit e8e6db1
Upgrade all dependencies to resolve Dependabot alerts
- urllib3 → 2.6.3 (fixes HIGH: decompression-bomb + redirect chain)
- pypdf → 6.7.1 (fixes MEDIUM/LOW: DoS loops + RAM exhaustion)
- cryptography → 46.0.5 (fixes HIGH: SECT curve subgroup attack)
- nbconvert → 7.17.0 (fixes HIGH: uncontrolled search path on Windows)
- jupyterlab → 4.5.4 (fixes LOW: LaTeX noopener attribute)
- tornado → 6.5.4 (fixes HIGH: excessive logging via malformed multipart)
All 15 open Dependabot alerts addressed. No version pins in pyproject.toml
that would prevent future upgrades.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent 5eb0d1e commit e8e6db1
1 file changed
Lines changed: 858 additions & 617 deletions
0 commit comments