Skip to content

Commit ec9e198

Browse files
author
aieng-bot-maintain[bot]
committed
Fix run-code-check after dependency updates
- Pin filelock>=3.20.1 to address vulnerability GHSA-w853-jp5j-5j7f - Update uv.lock to use filelock 3.20.1 The pip-audit check was failing due to a security vulnerability in filelock 3.20.0. This vulnerability is a Time-of-Check-Time-of-Use (TOCTOU) race condition that allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. Co-authored-by: AI Engineering Maintenance Bot <[email protected]>
1 parent 6d2c0ab commit ec9e198

File tree

2 files changed

+2071
-2068
lines changed

2 files changed

+2071
-2068
lines changed

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ packages = ["src/gaca_ews"]
5252
[dependency-groups]
5353
dev = [
5454
"codecov>=2.1.13",
55+
"filelock>=3.20.1", # Pinning version to address vulnerability GHSA-w853-jp5j-5j7f
5556
"mypy>=1.14.1",
5657
"nbqa>=1.9.1",
5758
"pip>=25.2", # Pinning version to address vulnerability GHSA-4xh5-x5gv-qwph

0 commit comments

Comments
 (0)