Skip to content

Commit 6aa0757

Browse files
eoinfennessyeoinfennessy
authored
fix: bump pyasn1 to 0.6.3 (CVE-2026-30922) (#5207)
Addresses GHSA-jr27-m4p2-rc6r
1 parent 20bd067 commit 6aa0757

File tree

2 files changed

+21
-15
lines changed

2 files changed

+21
-15
lines changed

pyproject.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ fallback_version = "0.6.1.dev0"
77

88
[tool.uv]
99
required-version = ">=0.7.0"
10+
constraint-dependencies = [
11+
"pyasn1>=0.6.3", # CVE-2026-30922: DoS via unbounded recursion
12+
]
1013

1114
[project]
1215
name = "llama_stack"

uv.lock

Lines changed: 18 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)