Skip to content

Upgrade pip to resolve CVE-2026-1703#233

Merged
cigamit merged 1 commit intomainfrom
CVE-2026-1703
Feb 11, 2026
Merged

Upgrade pip to resolve CVE-2026-1703#233
cigamit merged 1 commit intomainfrom
CVE-2026-1703

Conversation

@cigamit
Copy link
Contributor

@cigamit cigamit commented Feb 11, 2026

Had to wait for the new pip-tools version before this could be upgraded.

@cigamit cigamit requested a review from TheWitness February 11, 2026 20:45
@cigamit cigamit self-assigned this Feb 11, 2026
Copilot AI review requested due to automatic review settings February 11, 2026 20:45
@cigamit cigamit added dependencies Pull requests that update a dependency file SECURITY A security related issue like a CVE specifically labels Feb 11, 2026
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the pinned pip version across the dependency toolchain to address CVE-2026-1703, keeping the bootstrapping and requirements generation process consistent.

Changes:

  • Bump pip pin from 25.3 to 26.0.1 in the requirements generator script.
  • Update pip pin in requirements.in and the compiled requirements.txt.
  • Update VENV_BOOTSTRAP in Makefile to use pip==26.0.1.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
requirements/updater.sh Updates the pip version used when generating compiled requirements.
requirements/requirements.txt Updates the compiled “unsafe” pip pin to match the new version.
requirements/requirements.in Updates the source pip pin and associated CVE reference.
Makefile Updates bootstrap dependency pinning to use the upgraded pip.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cigamit cigamit merged commit 34af8fc into main Feb 11, 2026
6 checks passed
@cigamit cigamit deleted the CVE-2026-1703 branch February 11, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file SECURITY A security related issue like a CVE specifically

Development

Successfully merging this pull request may close these issues.

3 participants