Skip to content

Commit 8c4227d

Browse files
dependabot[bot]aieng-bot-maintain[bot]
dependabot[bot]
and
aieng-bot-maintain[bot]
authored
Bump pytest-cov from 6.1.1 to 7.0.0 (#33)
* Bump pytest-cov from 6.1.1 to 7.0.0 Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 6.1.1 to 7.0.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v6.1.1...v7.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-version: 7.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Fix security vulnerabilities in dependencies Security updates: - Update filelock from 3.18.0 to 3.20.1 (fixes GHSA-w853-jp5j-5j7f) - Critical TOCTOU race condition allowing local attackers to corrupt files - Fixed by adding O_NOFOLLOW flag on Unix and reparse point detection on Windows - Add temporary ignore for nbconvert GHSA-xm59-rqc7-hhvf - Windows-specific vulnerability (CI runs on Linux) - No fix available yet (published 2025-12-18, 4 days old) - TODO: Remove ignore once patch is released Severity: Critical (filelock), High (nbconvert - mitigated) All tests pass. The filelock vulnerability is fully resolved. Co-authored-by: AI Engineering Maintenance Bot <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: aieng-bot-maintain[bot] <[email protected]>
1 parent 6dc9d1c commit 8c4227d

File tree

3 files changed

+629
-584
lines changed

3 files changed

+629
-584
lines changed

.github/workflows/code_checks.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,9 @@ jobs:
5454
uses: pypa/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266
5555
with:
5656
virtual-environment: .venv/
57+
# GHSA-xm59-rqc7-hhvf: nbconvert Windows-only vulnerability (no fix available as of 2025-12-22)
58+
# This is a Windows-specific code execution vulnerability via inkscape.bat path traversal
59+
# CI runs on Linux, and no patch exists yet (published 2025-12-18)
60+
# TODO: Remove this ignore once nbconvert releases a patched version
61+
ignore-vulns: |
62+
GHSA-xm59-rqc7-hhvf

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ repository = "https://github.com/VectorInstitute/aieng-template-implementation"
88
requires-python = ">=3.12"
99
dependencies = [
1010
"aieng-topic-impl",
11+
"filelock==3.20.1",
1112
"jupyterlab>=4.4.8",
1213
"pip>=25.3",
1314
"urllib3>=2.6.0",

0 commit comments

Comments
 (0)