Skip to content

fix(deps): refresh vulnerable transitive locks#77

Merged
ayhammouda merged 1 commit into
mainfrom
fix/security-audit-transitives
Jun 29, 2026
Merged

fix(deps): refresh vulnerable transitive locks#77
ayhammouda merged 1 commit into
mainfrom
fix/security-audit-transitives

Conversation

@ayhammouda

Copy link
Copy Markdown
Owner

Summary

  • Refresh vulnerable transitive lockfile entries after the mcp 1.27.2 bump did not move them.
  • Updates cryptography, pydantic-settings, python-multipart, and starlette to versions past the current pip-audit fixes.

Validation

  • uv export --locked --format requirements-txt --all-groups --all-extras --no-emit-project --no-hashes --output-file requirements-audit.txt >/dev/null && uvx pip-audit --requirement requirements-audit.txt --no-deps --disable-pip --progress-spinner off
  • uv run ruff check src/ tests/
  • uv run pyright src/
  • uv run pytest --tb=short -q — 307 passed
  • uv build + wheel contents check

@coderabbiteu

coderabbiteu Bot commented Jun 29, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f5e7b97d-0621-4fb2-9b7b-b0fc96004300

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/security-audit-transitives

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock and included by none

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: abee6bb8-4927-4e01-9a81-9685e694a0db

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/security-audit-transitives

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@ayhammouda ayhammouda merged commit ab6d75f into main Jun 29, 2026
8 checks passed
@ayhammouda ayhammouda deleted the fix/security-audit-transitives branch June 29, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant