From 04ecb974d1f70d003110e870691bf1bc2ac264d5 Mon Sep 17 00:00:00 2001
From: mkagenius <mkagenius@users.noreply.github.com>
Date: Wed, 8 Apr 2026 16:58:40 +0530
Subject: [PATCH] fix: upgrade requests and add workflow permissions

- Upgrade requests from 2.32.4 to >=2.33.0 to fix CVE vulnerability
- Add explicit permissions block to docker-build workflow (contents: read)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/docker-build.yml | 3 +++
 requirements.txt                   | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 57a1dca..8e2dbf1 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -12,6 +12,9 @@ env:
   REGISTRY: docker.io
   IMAGE_NAME: instavm/coderunner
 
+permissions:
+  contents: read
+
 jobs:
   docker-build:
     runs-on: ubuntu-latest
diff --git a/requirements.txt b/requirements.txt
index 336350f..52ecaad 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,7 +29,7 @@ aiofiles
 
 openai
 
-requests==2.32.4
+requests>=2.33.0
 
 mcp[cli]