Skip to content

Upgrading packages and removing pip-audit ignores#141

Merged
lotif merged 4 commits into
mainfrom
marcelo/pip-audit
May 25, 2026
Merged

Upgrading packages and removing pip-audit ignores#141
lotif merged 4 commits into
mainfrom
marcelo/pip-audit

Conversation

@lotif
Copy link
Copy Markdown
Collaborator

@lotif lotif commented May 25, 2026
edited
Loading

PR Type

Fix

Short Description

Clickup Ticket(s): NA

Upgrading packages to solve pip-audit issues. Also removing ignores that are no longer relevant and adding an ignore for the torch issue.

https://github.com/VectorInstitute/midst-toolkit/actions/runs/26310000289/job/77456124923?pr=139

Pacakges upgraded:

Updated idna v3.11 -> v3.16
Updated mako v1.3.10 -> v1.3.12
Updated pip v26.0.1 -> v26.1.1
Updated pygments v2.19.2 -> v2.
Updated pymdown-extensions v10.20 -> v10.21.3
Updated urllib3 v2.6.3 -> v2.7.0

Tests Added

NA

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 25, 2026
edited
Loading

Review Change Stack

📝 Walkthrough

Walkthrough

This PR removes hardcoded CVE exemptions from the pip-audit step in the GitHub Actions code checks workflow. The change eliminates the ignore-vulns configuration that was suppressing CVE-2026-4539 and CVE-2026-3219, allowing these vulnerabilities to be detected in subsequent dependency audits.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and specifically summarizes the main changes: upgrading packages and removing pip-audit ignore directives that are no longer needed.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The PR description follows the required template with PR Type, Short Description, and Tests Added sections, though the Short Description contains a typo ('poackages') and the Clickup ticket link is marked as NA.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch marcelo/pip-audit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@lotif lotif requested a review from emersodb May 25, 2026 16:06
@lotif lotif merged commit f56d16e into main May 25, 2026
6 checks passed
@lotif lotif deleted the marcelo/pip-audit branch May 25, 2026 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emersodb emersodb emersodb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lotif @emersodb