Commit 3239949
Fix security vulnerabilities in dependencies
Security updates:
- Update filelock from 3.18.0 to 3.20.1 (fixes GHSA-w853-jp5j-5j7f)
- Update urllib3 from 2.5.0 to 2.6.0 (fixes GHSA-gm62-xv2j-4w53, GHSA-2xpw-w6gg-jr37)
Severity: High
Vulnerabilities fixed:
- filelock: TOCTOU race condition allowing local attackers to corrupt/truncate files via symlink attacks
- urllib3: Unbounded HTTP encoding chain causing high CPU and memory usage
- urllib3: Excessive resource consumption when streaming compressed responses
Co-authored-by: AI Engineering Maintenance Bot <[email protected]>1 parent c3277aa commit 3239949
2 files changed
+15
-7
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| 11 | + | |
11 | 12 | | |
| 13 | + | |
12 | 14 | | |
13 | 15 | | |
14 | 16 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments