Commit 0cf0f59
committed
Update vulnerable dependencies to secure versions
Updated the following dependencies to address security vulnerabilities
identified by pip-audit:
- urllib3: 2.2.1 → 2.6.0 (fixes GHSA-gm62-xv2j-4w53, GHSA-2xpw-w6gg-jr37)
* Prevents unbounded HTTP encoding chain attacks (high CPU/memory usage)
* Fixes streaming API decompression bomb vulnerability
- scapy: 2.5.0 → 2.7.0 (fixes GHSA-cq46-m9x9-j8w2)
* Removes unsafe pickle deserialization in session loading
* Eliminates arbitrary code execution risk via malicious session files
- scrapy: 2.12.0 → 2.14.0 (addresses PYSEC-2017-83)
* Mitigates memory consumption DoS from large file handling
These updates complement the security fixes already applied to the code
examples and will resolve pip-audit failures in CI/CD pipelines.
Note: filelock (→3.20.1) and fonttools (→4.61.0) updates are handled
by dependabot PRs #29 and #27 respectively. pip (→25.3) will be updated
by the GitHub Actions runner environment.1 parent 7b06e04 commit 0cf0f59
2 files changed
+6
-8
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
20 | | - | |
| 20 | + | |
21 | 21 | | |
22 | | - | |
| 22 | + | |
23 | 23 | | |
24 | | - | |
25 | | - | |
26 | 24 | | |
27 | 25 | | |
28 | 26 | | |
| |||
36 | 34 | | |
37 | 35 | | |
38 | 36 | | |
39 | | - | |
| 37 | + | |
40 | 38 | | |
41 | 39 | | |
42 | 40 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
| 10 | + | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| |||
0 commit comments