Skip to content

Commit b2a94a2

Browse files
olaservoclaude
andauthored
fix(deps): bump python-multipart, cryptography, pyjwt to clear HIGH alerts (#4398)
Resolves a fresh batch of Dependabot alerts (disclosed 2026-06-15/16, after PR #4376 merged) across the fetch, git, and time server lockfiles: - python-multipart 0.0.27 -> 0.0.32 (CVE-2026-53539 HIGH querystring DoS, plus CVE-2026-53537/53538/53540 parameter smuggling / buffering) - cryptography 48.0.0 -> 49.0.0 (GHSA-537c-gmf6-5ccf HIGH, vulnerable OpenSSL statically linked in wheels < 48.0.1) - pyjwt 2.12.1 -> 2.13.0 (HIGH + medium JWT advisories) All three are transitive deps; lockfiles only. Diff scoped to exactly these 9 version bumps with no other resolution churn. git server tests unchanged vs base (43 passed; 37 pre-existing Windows tempdir errors). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 7b1170d commit b2a94a2

3 files changed

Lines changed: 161 additions & 170 deletions

File tree

0 commit comments

Comments
 (0)