Skip to content

Commit 8949183

Browse files
claudemvanwyk
authored andcommitted
fix(security): bump dependencies to clear OSV-Scanner advisories
Upgrade the pinned versions flagged by OSV-Scanner against uv.lock to their first non-vulnerable releases: - jupyter-server 2.19.0 -> 2.20.0 (GHSA-fcw5-x6j4-ccmp, critical) - cryptography 46.0.7 -> 49.0.0 (GHSA-537c-gmf6-5ccf, high) - bleach 6.1.0 -> 6.4.0 (GHSA-gj48-438w-jh9v, GHSA-8rfp-98v4-mmr6) - tornado 6.5.6 -> 6.5.7 (GHSA-pw6j-qg29-8w7f) - jupyterlab 4.5.8 -> 4.6.0 (GHSA-vmhf-c436-hxj4) All are dev/docs/examples tooling (direct or transitive); no runtime dependency changes. A local OSV-Scanner run against the updated lockfile reports no issues. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01L6duQyAidZHdk7qHv9KTzA
1 parent 28f4679 commit 8949183

1 file changed

Lines changed: 75 additions & 64 deletions

File tree

0 commit comments

Comments
 (0)