Fix Dependabot security alerts#4
Merged
Merged
Conversation
6d663c5 to
9e72d4e
Compare
Dependency bumps: - Flask 2.3.3 → >=3.1.3 (CVE: Vary: Cookie header issue) - cryptography 44.0.1 → >=46.0.6 (DNS constraint + subgroup attack) - PyJWT 2.8.0 → >=2.12.0 (accepts unknown crit header extensions) - vite override >=6.4.2 (path traversal + arbitrary file read) - rollup override >=4.59.0 (arbitrary file write via path traversal) - yaml override >=2.8.3 (stack overflow via deeply nested collections) - picomatch override >=4.0.4 (ReDoS + method injection) Lint/format fixes: - Use explicit re-export syntax (X as X) in all __init__.py files (F401) - Replace wildcard imports with explicit ones in github_actions and aws_actions (F403/F405) - Remove unused imports in aws_client.py: json, Optional, Lock, logging (F401) - Remove unused local variables: token in github_tools.py, plan/GITHUB_TOKEN in main.py (F841) - Remove duplicate StorageClass import in main.py (F811) - Remove unused Any and Plan imports in schemas.py (F401) - Apply ruff format (v0.15.11) to all backend files Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
9e72d4e to
dbf4cd3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Flask2.3.3 →>=3.1.3(Vary: Cookie header not set correctly)cryptography44.0.1 →>=46.0.6(DNS constraint enforcement + subgroup attack on SECT curves)PyJWT2.8.0 →>=2.12.0(accepts unknowncritheader extensions)pnpm.overridesinfrontend/package.jsonfor transitive deps:vite→>=6.4.2(path traversal in optimized deps + arbitrary file read via WebSocket)rollup→>=4.59.0(arbitrary file write via path traversal)yaml→>=2.8.3(stack overflow via deeply nested collections)picomatch→>=4.0.4(ReDoS via extglob quantifiers + method injection)Test plan
requirements.txtpnpm installresolves overridden versions in frontend🤖 Generated with Claude Code