Commit 8949183
fix(security): bump dependencies to clear OSV-Scanner advisories
Upgrade the pinned versions flagged by OSV-Scanner against uv.lock to
their first non-vulnerable releases:
- jupyter-server 2.19.0 -> 2.20.0 (GHSA-fcw5-x6j4-ccmp, critical)
- cryptography 46.0.7 -> 49.0.0 (GHSA-537c-gmf6-5ccf, high)
- bleach 6.1.0 -> 6.4.0 (GHSA-gj48-438w-jh9v, GHSA-8rfp-98v4-mmr6)
- tornado 6.5.6 -> 6.5.7 (GHSA-pw6j-qg29-8w7f)
- jupyterlab 4.5.8 -> 4.6.0 (GHSA-vmhf-c436-hxj4)
All are dev/docs/examples tooling (direct or transitive); no runtime
dependency changes. A local OSV-Scanner run against the updated lockfile
reports no issues.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01L6duQyAidZHdk7qHv9KTzA1 parent 28f4679 commit 8949183
1 file changed
Lines changed: 75 additions & 64 deletions
0 commit comments