fix(deps): vuln minor: torch · patch: pytest [toto2]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• toto2 (pep621)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
torch	2.4.0	2.11.0	minor	Direct	5 CRITICAL, 2 MODERATE, 1 LOW
pytest	8.0	8.0.2	patch	Direct	2 MODERATE

---

Security Details

🚨 Critical & High Severity (5 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
torch	GHSA-53q9-r3pm-6pq6	CRITICAL	PyTorch: torch.load with weights_only=True leads to remote code execution	2.4.0	2.6.0
torch	CVE-2025-32434	CRITICAL	PyTorch: torch.load with weights_only=True leads to remote code execution	2.4.0	-
torch	PYSEC-2025-41	CRITICAL	-	2.4.0	2.6.0
torch	PYSEC-2024-259	critical	-	2.4.0	2.5.0
torch	CVE-2024-48063	critical	-	2.4.0	-

ℹ️ Other Vulnerabilities (5)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
pytest	GHSA-6w46-j5rx-g56g	MODERATE	pytest has vulnerable tmpdir handling	8.0	9.0.3
pytest	CVE-2025-71176	MODERATE	-	8.0	-
torch	GHSA-887c-mr87-cxwp	MODERATE	PyTorch Improper Resource Shutdown or Release vulnerability	2.4.0	2.8.0
torch	CVE-2025-3730	MODERATE	-	2.4.0	-
torch	GHSA-3749-ghw9-m3mg	LOW	PyTorch susceptible to local Denial of Service	2.4.0	2.7.1-rc1

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical)

🤖 Generated by DataDog Automated Dependency Management System

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto db53728.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}