chore(deps): bump cryptography/python-multipart/starlette for CVEs
pip-audit flagged fixable advisories in the web stack: - cryptography -> >=48.0.1 (GHSA-537c-gmf6-5ccf) - python-multipart -> >=0.0.31 (CVE-2026-53538/53539/53540) - starlette (transitive via fastapi) -> add direct floor >=1.3.1 (CVE-2026-48817/48818/54282/54283) Venv synced to cryptography 49.0.0, python-multipart 0.0.32, starlette 1.3.1; full tests/api/ suite green against the bump. Also drops the stray browser-use[core] dev dep (the browser-use skill uses a global CLI; the package is imported nowhere in DECNET).
This commit is contained in:
@@ -24,6 +24,9 @@ dependencies = [
|
|||||||
"jinja2>=3.1",
|
"jinja2>=3.1",
|
||||||
"fastapi>=0.110.0",
|
"fastapi>=0.110.0",
|
||||||
"uvicorn>=0.29.0",
|
"uvicorn>=0.29.0",
|
||||||
|
# Direct floor on starlette (transitive via fastapi) to require the fixes
|
||||||
|
# for CVE-2026-48817/48818/54282/54283.
|
||||||
|
"starlette>=1.3.1",
|
||||||
"aiosqlite>=0.20.0",
|
"aiosqlite>=0.20.0",
|
||||||
"asyncmy>=0.2.11",
|
"asyncmy>=0.2.11",
|
||||||
"PyJWT>=2.8.0",
|
"PyJWT>=2.8.0",
|
||||||
@@ -33,8 +36,8 @@ dependencies = [
|
|||||||
"sqlmodel>=0.0.16",
|
"sqlmodel>=0.0.16",
|
||||||
"scapy>=2.6.1",
|
"scapy>=2.6.1",
|
||||||
"orjson>=3.10",
|
"orjson>=3.10",
|
||||||
"cryptography>=46.0.7",
|
"cryptography>=48.0.1",
|
||||||
"python-multipart>=0.0.20",
|
"python-multipart>=0.0.31",
|
||||||
"httpx>=0.28.1",
|
"httpx>=0.28.1",
|
||||||
"requests>=2.33.1",
|
"requests>=2.33.1",
|
||||||
"urllib3>=2.7.0",
|
"urllib3>=2.7.0",
|
||||||
|
|||||||
Reference in New Issue
Block a user