Skip to content

Commit 328e004

Browse files
RoiGlinikclaude
andauthored
fix(deps): bump requests/filelock/virtualenv to remediate CVEs (#2106)
- requests ^2.32.3 -> ^2.33.0 (CVE-2026-25645) - pin filelock >=3.20.3 (CVE-2026-22701, transitive via virtualenv) - pin virtualenv ^20.36.1 (CVE-2026-22702, transitive via pre-commit) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 7f40b28 commit 328e004

2 files changed

Lines changed: 21 additions & 21 deletions

File tree

poetry.lock

Lines changed: 16 additions & 20 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ pydash = "8.0.0"
6969
botocore = "^1.42.19"
7070
boto3 = "^1.42.19"
7171
prometheus-api-client = "0.5.4"
72-
requests = "^2.32.3"
72+
requests = "^2.33.0"
7373
# Bump to fix certifi CVE flagged by customer scan; date-versioned, so use >= rather than caret
7474
certifi = ">=2026.4.22"
7575
regex = "2024.5.15"
@@ -81,6 +81,10 @@ postgrest = "0.16.8"
8181
h2 = "^4.3.0"
8282
# Pin to fix CVE-2026-30922 (transitive via google-auth)
8383
pyasn1 = ">=0.6.3"
84+
# Pin to fix CVE-2026-22701 (transitive via virtualenv/pre-commit)
85+
filelock = ">=3.20.3"
86+
# Pin to fix CVE-2026-22702 (transitive via pre-commit)
87+
virtualenv = "^20.36.1"
8488

8589
[tool.poetry.dev-dependencies]
8690
pre-commit = "^2.13.0"

0 commit comments

Comments
 (0)