Commit 22acfe5
Fix 10 backend CVEs by updating dependencies
Direct bumps:
- fastapi 0.135.3 → 0.136.0
- python-multipart 0.0.22 → 0.0.26 (CVE-2026-24486, CVE-2026-40347)
- pytest 8.3.4 → 9.0.3 (CVE-2025-71176)
- pytest-asyncio 0.25.0 → 1.3.0 (for pytest 9 compat)
New transitive pins:
- starlette>=0.49.1 (CVE-2025-54121, CVE-2025-62727)
- pdfminer.six>=20251230 (CVE-2025-64512, CVE-2025-70559)
- pillow>=12.2.0 (CVE-2026-40192)
- cryptography>=46.0.7 (CVE-2026-39892)
pip-audit now reports only 1 remaining CVE (transformers CVE-2026-1839,
no non-RC fix available yet; kept in ignore list).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>1 parent ab79a84 commit 22acfe5
3 files changed
Lines changed: 9 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | | - | |
| 39 | + | |
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
5 | | - | |
| 4 | + | |
| 5 | + | |
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
| 2 | + | |
3 | 3 | | |
4 | | - | |
| 4 | + | |
| 5 | + | |
5 | 6 | | |
6 | 7 | | |
7 | 8 | | |
| |||
13 | 14 | | |
14 | 15 | | |
15 | 16 | | |
| 17 | + | |
| 18 | + | |
16 | 19 | | |
17 | 20 | | |
18 | 21 | | |
| |||
29 | 32 | | |
30 | 33 | | |
31 | 34 | | |
| 35 | + | |
0 commit comments