Commit e91f35c
security: upgrade transitive dependencies to fix 100 Dependabot vulnerabilities (#1318)
* security: upgrade transitive dependencies to fix vulnerabilities
Run uv lock --upgrade on all packages (except assistant) to fix:
- h11 CVE-2025-43859 (critical)
- urllib3, cryptography, pillow, pypdf vulnerabilities
Key upgrades:
- cryptography 46.0.4 -> 46.0.5
- pypdf 6.6.2 -> 6.7.5
- h11 to 0.16.0
- pillow 12.1.0 -> 12.1.1
Also fix compatibility with jsonpath-ng 1.8.0 which changed the Index
class API from 'index' attribute to 'indices' tuple.
Skipped: assistant (blocked by robocorp-flet httpx/h11 conflicts)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* security: fix remaining dependabot vulnerabilities
Fix upper-bound version constraints that were blocking secure versions:
- packages/main: cryptography>=44.0.1,<45 -> >=46.0.5
- packages/recognition: pillow >=10.2.0,<12.0.0 -> >=10.2.0 (allows 12.1.1 on Python 3.10+)
- packages/pdf: pypdf >=6.6.2 -> >=6.7.5
Fix sema4ai cryptography via override-dependencies since robocorp-vault 1.3.9
hard-caps cryptography<46.0.0:
- packages/sema4ai: add override-dependencies = ["cryptography>=46.0.5"]
Add recognition and pdf as local uv sources in root pyproject.toml so the
root uv.lock resolves updated constraints (pillow 12.1.1 for Python >= 3.10).
Regenerate lock files for main, recognition, sema4ai, and root.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>1 parent 7a8d1ad commit e91f35c
18 files changed
Lines changed: 5224 additions & 4653 deletions
File tree
- packages
- aws
- core
- devutils
- google
- hubspot
- main
- src/RPA
- openai
- pdf
- recognition
- sema4ai
- windows
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
56 | 56 | | |
57 | 57 | | |
58 | 58 | | |
59 | | - | |
| 59 | + | |
60 | 60 | | |
61 | 61 | | |
62 | 62 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
25 | 29 | | |
26 | 30 | | |
27 | 31 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
30 | | - | |
| 30 | + | |
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
| |||
0 commit comments