chore: update vulnerable dependencies

[johnnygreco]

📋 Summary

Updates workspace dependency constraints and the uv lockfile to address the May 2026 scanner findings for python-multipart, Jupyter Server, JupyterLab, Mistune, and Notebook. This keeps the vulnerable MCP and Jupyter dependency paths resolving to patched versions.

🔗 Related Issue

N/A

🔄 Changes

• Adds root uv security floors for jupyter-server>=2.18.2, jupyterlab>=4.6.0a5, mistune>=3.2.1, notebook>=7.6.0a5, and python-multipart>=0.0.27.
• Regenerates uv.lock so the workspace resolves jupyter-server 2.18.2, jupyterlab 4.6.0a5, mistune 3.2.1, notebook 7.6.0a5, and python-multipart 0.0.28.
• Adds the new transitive jupyter-builder lock entry required by the updated JupyterLab/Notebook prereleases.

🔍 Attention Areas

• uv.lock now resolves prerelease versions for JupyterLab and Notebook because the scanner guidance specifically calls for 4.6.0a5 and 7.6.0a5.

🧪 Testing

• uv lock --check
• uv tree --all-groups --locked | rg "(jupyter-server|jupyterlab|mistune|notebook|python-multipart|jupyter-builder) v"
• git diff --check
• make test passes (not run; dependency lockfile-only change)
• Unit tests added/updated (N/A — no code path changed)
• E2E tests added/updated (N/A — no code path changed)

✅ Checklist

• Follows commit message conventions
• Commits are signed off (DCO)
• Architecture docs updated (N/A — dependency lockfile-only change)

[greptile-apps]

Greptile Summary

This PR addresses May 2026 scanner findings by bumping python-multipart, jupyter-server, jupyterlab, mistune, and notebook to patched versions, and by migrating the old workspace-level constraint-dependencies block to explicit security floors in the relevant dependency groups and package manifests.

• cryptography>=46.0.7,<47 and python-multipart>=0.0.27 are now direct dependencies of data-designer-engine, replacing the previous workspace-wide constraints.
• aiohttp, nbconvert, mistune, jupyter-server, jupyterlab, and notebook security floors are now declared in the notebooks and docs dependency groups where those packages are actually used.
• uv.lock is regenerated with jupyter-builder 0.0.9 added as a new transitive requirement of the alpha JupyterLab/Notebook releases.

Confidence Score: 5/5

Safe to merge — this is a focused dependency lockfile update with no code path changes.

All three changed files are dependency manifests and the lockfile. The migration from workspace-wide constraint-dependencies to explicit group and package-level floors is architecturally sound: uv's single unified lockfile resolution means the floors declared in any group still pin the workspace-wide resolved version. No logic or code changes are present.

No files require special attention. The alpha prerelease pins for JupyterLab and Notebook are intentional per the scanner guidance and are noted in the PR description.

Important Files Changed

Filename	Overview
pyproject.toml	Removes workspace-wide constraint-dependencies block and re-pins security floors as explicit entries in the docs and notebooks dependency groups; no correctness issues found.
packages/data-designer-engine/pyproject.toml	Adds cryptography>=46.0.7,<47 and python-multipart>=0.0.27,<1 as direct dependencies to enforce security floors; tight <47 upper bound on cryptography is intentional to guard against unknown breaking changes.
uv.lock	Lockfile regenerated to reflect all security bumps; adds jupyter-builder 0.0.9 as a new transitive dep of the JupyterLab/Notebook alpha prereleases; all hashes present and consistent with the declared specifiers.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Root pyproject.toml] -->|constraint-dependencies REMOVED| B[Moved to explicit group deps]
    
    B --> C[notebooks group]
    B --> D[docs group]
    B --> E[data-designer-engine package]
    
    C --> C1[aiohttp >= 3.13.5]
    C --> C2[jupyter-server >= 2.18.2]
    C --> C3[jupyterlab >= 4.6.0a5]
    C --> C4[mistune >= 3.2.1]
    C --> C5[nbconvert >= 7.17.1]
    C --> C6[notebook >= 7.6.0a5]
    
    D --> D1[mistune >= 3.2.1]
    D --> D2[nbconvert >= 7.17.1]
    
    E --> E1[cryptography >= 46.0.7 < 47]
    E --> E2[python-multipart >= 0.0.27]
    
    F[uv.lock regenerated] --> G[jupyter-builder 0.0.9 NEW]
    F --> H[python-multipart 0.0.28]
    F --> I[jupyter-server 2.18.2]
    F --> J[jupyterlab 4.6.0a5]
    F --> K[mistune 3.2.1]
    F --> L[notebook 7.6.0a5]

Loading

_{Reviews (3): Last reviewed commit: "Merge branch 'main' into johnny/chore/up..." | Re-trigger Greptile}

[github-actions]

Code Review: PR #631 — chore: update vulnerable dependencies

Summary

Lockfile-only security bump. The PR raises [tool.uv] constraint-dependencies floors for five transitive deps flagged by the May 2026 scan (jupyter-server, jupyterlab, mistune, notebook, python-multipart), bumps the existing python-multipart floor, and regenerates uv.lock accordingly. Scope is tight: only pyproject.toml and uv.lock change (+47/-18). Inline comments documenting the last-known-vulnerable version per dep follow the existing convention in the file.

Findings

Correctness

• Floors match locked versions — lock resolves jupyter-server 2.18.2, jupyterlab 4.6.0a5, mistune 3.2.1, notebook 7.6.0a5, python-multipart 0.0.28. All satisfy the new constraints.
• New transitive entry (jupyter-builder 0.0.9) is a real requirement introduced by the prerelease JupyterLab/Notebook and is correctly added to the lock.
• Comments are consistent with the existing pattern ({last_vulnerable_version}: security advisory), and the previous python-multipart comment was updated from 0.0.22 to 0.0.26 to reflect the new floor.

Risks

• Prereleases pinned for JupyterLab and Notebook (4.6.0a5 / 7.6.0a5). Alphas are explicitly called out in the PR body, but they carry real risk:
  • Alpha releases can introduce breaking API changes in otherwise-public surfaces (JupyterLab extension API, Notebook server contributor hooks).
  • Future uv lock refreshes will continue tracking the alpha channel unless overridden, and an a6/b1 bump could land without scrutiny.
  • Worth confirming whether stable 4.5.x / 7.5.x patch releases covering the same advisory exist or are imminent; if so, prefer them. If not, consider adding a TODO in the comment block pointing at the advisory ID so the alpha pin is revisited and removed once a stable release ships.
• No test run in CI — the PR checklist notes make test was not run. Because jupyterlab/notebook are dev/docs transitive deps, impact on the runtime packages should be nil, but the docs build (mkdocs-jupyter, jupytext) and any notebook execution in CI could regress against an alpha. Confirming the docs workflow still passes would raise confidence at low cost.

Style / Conventions

• Comment ordering is alphabetical by package, matching neighbors — good.
• No code paths changed, so STYLEGUIDE.md / AGENTS.md invariants (import direction, typing, from __future__ import annotations) don't apply here.

Security

• Addresses the stated scanner findings. No secret-like values exposed.
• Constraint mechanism is the right lever: it floors transitive deps across the whole workspace without having to add them to any package's direct deps.

Test Coverage

• N/A — lockfile-only. The testing section of the PR is appropriate.

Suggestions

1. Before merge, run the docs/notebook-adjacent CI job (or a local mkdocs build / notebook execution) to verify the JupyterLab/Notebook alpha pins don't break notebook rendering.
2. Optional: annotate the jupyterlab/notebook comment lines with the advisory ID and a note like "revert to stable once 4.6.0/7.6.0 GA" so the alpha pin doesn't become load-bearing after the advisory is addressed upstream in a stable line.

Verdict

Low-risk, well-scoped security patch. The only open question is whether accepting alpha releases of JupyterLab and Notebook is acceptable policy here — the PR body flags this explicitly and defers to scanner guidance, which is reasonable. Approve once a docs/notebook smoke check confirms no regression; no code-level blockers.