[PR #174] [MERGED] fix(deps): upgrade Python dependencies to patch 27 known vulnerabilities #3243

Closed
opened 2026-06-17 01:19:11 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/reconurge/flowsint/pull/174
Author: @dextmorgn
Created: 6/5/2026
Status: Merged
Merged: 6/5/2026
Merged by: @dextmorgn

Base: mainHead: chore/security-dependency-upgrades


📝 Commits (1)

  • 9fcc60c fix(deps): upgrade Python dependencies to patch 27 known vulnerabilities

📊 Changes

6 files changed (+1295 additions, -1385 deletions)

View changed files

📝 flowsint-api/pyproject.toml (+3 -3)
📝 flowsint-core/pyproject.toml (+6 -6)
📝 flowsint-enrichers/pyproject.toml (+3 -3)
📝 flowsint-types/pyproject.toml (+2 -2)
📝 pyproject.toml (+1 -1)
📝 uv.lock (+1280 -1370)

📄 Description

pip-audit reported 27 vulnerabilities across 12 packages, including cryptography PYSEC-2026-36 (CVSS 9.8) used by the vault, a starlette Host-header path bypass, and python-multipart arbitrary file write.

  • cryptography 45.0.7 -> 46.0.7 (pin was capped at <46)
  • fastapi 0.115 -> 0.136, pulling starlette 0.46 -> 1.2
  • python-multipart 0.0.20 -> 0.0.32
  • pyjwt, urllib3, aiohttp, lxml, idna, mako and transitive bumps
  • dev tools: pytest 8 -> 9 (requires pytest-httpx >=0.36), black 25 -> 26

All four module test suites pass (458 tests). pip-audit now reports no known vulnerabilities.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/reconurge/flowsint/pull/174 **Author:** [@dextmorgn](https://github.com/dextmorgn) **Created:** 6/5/2026 **Status:** ✅ Merged **Merged:** 6/5/2026 **Merged by:** [@dextmorgn](https://github.com/dextmorgn) **Base:** `main` ← **Head:** `chore/security-dependency-upgrades` --- ### 📝 Commits (1) - [`9fcc60c`](https://github.com/reconurge/flowsint/commit/9fcc60ca636436d6101fe9defa9eecec83bf7784) fix(deps): upgrade Python dependencies to patch 27 known vulnerabilities ### 📊 Changes **6 files changed** (+1295 additions, -1385 deletions) <details> <summary>View changed files</summary> 📝 `flowsint-api/pyproject.toml` (+3 -3) 📝 `flowsint-core/pyproject.toml` (+6 -6) 📝 `flowsint-enrichers/pyproject.toml` (+3 -3) 📝 `flowsint-types/pyproject.toml` (+2 -2) 📝 `pyproject.toml` (+1 -1) 📝 `uv.lock` (+1280 -1370) </details> ### 📄 Description pip-audit reported 27 vulnerabilities across 12 packages, including cryptography PYSEC-2026-36 (CVSS 9.8) used by the vault, a starlette Host-header path bypass, and python-multipart arbitrary file write. - cryptography 45.0.7 -> 46.0.7 (pin was capped at <46) - fastapi 0.115 -> 0.136, pulling starlette 0.46 -> 1.2 - python-multipart 0.0.20 -> 0.0.32 - pyjwt, urllib3, aiohttp, lxml, idna, mako and transitive bumps - dev tools: pytest 8 -> 9 (requires pytest-httpx >=0.36), black 25 -> 26 All four module test suites pass (458 tests). pip-audit now reports no known vulnerabilities. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-17 01:19:11 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/flowsint#3243