Skip to content

Commit 0537d58

Browse files
committed
fix(security): resolve remaining Dependabot alerts
- Upgrade golang.org/x/crypto to v0.47.0 (Go) to fix memory/panic vulnerabilities. - Pin protobuf>=5.29.3 (Python) to fix JSON recursion CVE. - Pin @modelcontextprotocol/sdk and figma-developer-mcp (Node) to safe versions.
1 parent cb2a881 commit 0537d58

4 files changed

Lines changed: 9 additions & 8 deletions

File tree

execution-node/go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,6 @@ require (
1515
github.com/nats-io/nkeys v0.4.11 // indirect
1616
github.com/nats-io/nuid v1.0.1 // indirect
1717
github.com/spf13/pflag v1.0.10 // indirect
18-
golang.org/x/crypto v0.37.0 // indirect
19-
golang.org/x/sys v0.32.0 // indirect
18+
golang.org/x/crypto v0.47.0 // indirect
19+
golang.org/x/sys v0.40.0 // indirect
2020
)

execution-node/go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
1818
github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
1919
github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
2020
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
21-
golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
22-
golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
23-
golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
24-
golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
21+
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
22+
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
23+
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
24+
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
2525
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
2626
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
2727
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

extensions/node/figma/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"start": "node index.js"
99
},
1010
"dependencies": {
11-
"figma-developer-mcp": "latest",
12-
"@modelcontextprotocol/sdk": "latest"
11+
"figma-developer-mcp": "^1.0.3",
12+
"@modelcontextprotocol/sdk": "^1.4.1"
1313
}
1414
}

requirements.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,6 @@ typer>=0.9.0
1818
rich>=13.0.0
1919
async-rithmic>=1.4.0
2020
datamodel-code-generator>=0.25.0
21+
protobuf>=5.29.3
2122
urllib3>=2.6.3
2223
PyYAML>=6.0.0

0 commit comments

Comments
 (0)