Skip to content

fix: allow patched web3 versions after GHSA-5hr4-253g-cpx2#650

Open
Kubudak90 wants to merge 1 commit into
coinbase:mainfrom
Kubudak90:fix/web3-security-bump
Open

fix: allow patched web3 versions after GHSA-5hr4-253g-cpx2#650
Kubudak90 wants to merge 1 commit into
coinbase:mainfrom
Kubudak90:fix/web3-security-bump

Conversation

@Kubudak90
Copy link
Copy Markdown

@Kubudak90 Kubudak90 commented Apr 11, 2026

Bump the web3 upper bound from <7.10.0 to <8.0.0 so projects can pull in web3 7.15.0 which patches the Websocket API provider DoS vulnerability (GHSA-5hr4-253g-cpx2).

Changes

  • python/pyproject.toml: relax web3 constraint.
  • python/uv.lock and examples/python/uv.lock: regenerated to pull in the patched release.

Verification

$ uv add 'web3>=7.10.0,<8.0.0'
$ pytest cdp/test
...
365 passed, 73 deselected, 66 warnings

Fixes #591

fix: allow patched web3 versions after GHSA-5hr4-253g-cpx2
99e18f5 
Bump the web3 upper bound from <7.10.0 to <8.0.0 in the Python SDK so
projects can pull in web3 7.15.0 which patches the Websocket API provider
DoS vulnerability (GHSA-5hr4-253g-cpx2).

Updates both pyproject.toml and the uv.lock file; all tests pass.

Fixes coinbase#591
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kubudak90