fix(security): Resolve Dependabot alerts for protobuf, cryptography, and time

quantDIY · quantDIY · commit 85bbe85f0036 · 2026-02-11T14:43:05.000-05:00
diff --git a/client/react/desktop/tauri-app/src-tauri/Cargo.lock b/client/react/desktop/tauri-app/src-tauri/Cargo.lock
diff --git a/extensions/python/gemini-cli-extension/requirements.txt b/extensions/python/gemini-cli-extension/requirements.txt
@@ -4,3 +4,4 @@ openai
 passlib
 bcrypt
 keyring
+cryptography>=46.0.5
diff --git a/project_status.md b/project_status.md
@@ -10,7 +10,7 @@
 ## 📥 Staged Issues (Ready for GitHub)
 *Items parsed from chat/docs, waiting for user approval to push.*
 
-*(No staged issues yet. Waiting for Brain Dump...)*
+- [ ] [Feature: Visual DevOps Globe (3D Infrastructure Visualization)](https://github.com/quantDIY/QuanuX/issues/NEW) `label:feature,ui,3d`
 
 ## 🚧 Active Issues (In Progress)
 *Synced from GitHub.*
@@ -44,6 +44,7 @@
 - [x] [Feature: QuickFIX Engine] Verified C++ Engine + Python Bindings + Go Integration.
 - [x] [Feature: DuckDB Ecosystem] C++ & Python Connectors (Databento -> DuckDB), MotherDuck Integration.
 - [x] [Feature: Rithmic Integration] Verified RApiPlus Cython Wrapper with Test Coverage.
+- [x] [Security: Remediation] Fixed `protobuf` (recursion), `cryptography` (ECC), and Rust `time` (DoS) alerts.
 - [x] [Feature: Topstep Extension] Pure Cython Implementation (No Node.js Bridge). 100% Test Parity. Legacy Python Removed.
 - [x] [Feature: Cython Execution Node] High-Performance "Edge" Node Scaffold. Runs `.so` strategies. Supports Direct/Relay Adapters.
 - [x] [Feature: Execution Engine] Hybrid Go/C++ Node, Portable/Deployable (Push Deployment).
diff --git a/requirements.txt b/requirements.txt
@@ -20,7 +20,8 @@ typer>=0.9.0
 rich>=13.0.0
 async-rithmic>=1.4.0
 datamodel-code-generator>=0.25.0
-protobuf>=4.25.6,<5.0.0
+protobuf>=4.25.8,<5.0.0
+cryptography>=46.0.5
 urllib3>=2.6.3
 PyYAML>=6.0.0
 textual>=0.47.0

-Original file line number
+Diff line change
 passlib
 bcrypt
 keyring
 +cryptography>=46.0.5