Commit 789ec23
fix(deps): address Trivy security scan findings and dependency conflicts
Security updates:
- starlette: 0.48.0 → 0.50.0 (fixes CVE-2025-62727 Range header DoS)
- langchain-core: 0.2.1 → 1.1.0 (security fixes)
- pydantic-ai: 0.0.13 → 1.22.0 (resolves dependency conflicts)
Dependency resolution:
- Resolved pydantic-evals/pydantic-ai-slim version mismatch
- Resolved cohere/httpx-sse version conflict
- All pydantic-ai packages now consistent at 1.22.0
Go client cleanup:
- Removed unused golang.org/x/net and golang.org/x/text dependencies
- Cleaned via go mod tidy
Notes:
- urllib3 remains at <2.4.0 due to kubernetes client constraint
- CVE-2025-50181, CVE-2025-50182 fixes pending kubernetes-client/python#2439
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>1 parent 9b428c6 commit 789ec23
4 files changed
Lines changed: 909 additions & 909 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
4 | 6 | | |
5 | 7 | | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
6 | 11 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
2 | | - | |
3 | | - | |
4 | | - | |
5 | | - | |
6 | | - | |
7 | | - | |
8 | | - | |
9 | | - | |
10 | | - | |
11 | | - | |
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
31 | | - | |
| 31 | + | |
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
| |||
46 | 46 | | |
47 | 47 | | |
48 | 48 | | |
49 | | - | |
| 49 | + | |
50 | 50 | | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
51 | 54 | | |
52 | | - | |
| 55 | + | |
53 | 56 | | |
54 | 57 | | |
55 | 58 | | |
| |||
0 commit comments