chore(deps): bump security-critical Python dependencies by evoludigit · Pull Request #346 · fraiseql/fraiseql-python

evoludigit · 2026-05-12T13:01:50Z

Summary

urllib3 >=2.6.0 → >=2.7.0 — fix headers forwarded across origins, decompression-bomb bypass (Dependabot alerts IpAddressString scalar should accept CIDR notation for PostgreSQL INET compatibility #77, chore(deps): Update protobuf requirement from <5.0,>=4.25.8 to >=4.25.8,<7.0 #78)
langchain-core >=1.2.28 → >=1.3.3 — fix unsafe deserialization via load() allowlists (alert 🚀 Release v0.10.2 - Mutation Input Transformation and Empty String Handling #76)
banks add >=2.4.2 constraint — fix critical RCE via Jinja2 SSTI (alert Add input_transformer/prepare_input hook support to mutation decorator #75)
cryptography >=46.0.6 → >=47.0.0
llama-index / llama-index-core >=0.14.15 → >=0.14.21
ruff >=0.15.0 → >=0.15.12
opentelemetry-* >=1.39.0 → >=1.41.1
aioboto3 >=15.0.0 → >=15.5.0
protobuf upper bound relaxed from <7.0 to <8.0

Supersedes: #336, #335, #334, #333, #332, #331, #330, #329, #285

Test plan

3229 unit tests pass
ruff checks pass
CI pipeline passes

🤖 Generated with Claude Code

## Changes - urllib3: >=2.6.0 → >=2.7.0 (fix headers forwarded across origins, decompression-bomb bypass) - langchain-core: >=1.2.28 → >=1.3.3 (fix unsafe deserialization via load() allowlists) - banks: add >=2.4.2 constraint (fix critical RCE via Jinja2 SSTI) - cryptography: >=46.0.6 → >=47.0.0 - llama-index/llama-index-core: >=0.14.15 → >=0.14.21 - ruff: >=0.15.0 → >=0.15.12 - opentelemetry-*: >=1.39.0 → >=1.41.1 - aioboto3: >=15.0.0 → >=15.5.0 - protobuf: upper bound relaxed from <7.0 to <8.0 Resolves Dependabot alerts #74, #75, #76, #77, #78. ## Verification ✅ 3229 unit tests pass ✅ ruff checks pass Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

for more information, see https://pre-commit.ci

## Changes - chore(deps): bump security-critical Python dependencies (#346) urllib3 >=2.7.0, langchain-core >=1.3.3, banks >=2.4.2, cryptography >=47.0.0, llama-index >=0.14.21, ruff >=0.15.12, opentelemetry-sdk >=1.41.1, aioboto3 >=15.5.0 - chore(ci): bump GitHub Actions to latest major versions (#347) - security(container): update .trivyignore for 30 open Trivy CVEs (#348) - chore(ci): improve Dependabot config to prevent PR backlog (#349) - Closed 9 stale issues and 16 superseded PRs ## Verification ✅ ruff checks pass ✅ 3229 unit tests pass Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Lionel Hamayon and others added 2 commits May 12, 2026 15:04

[pre-commit.ci] auto fixes from pre-commit.com hooks

7533fcb

for more information, see https://pre-commit.ci

evoludigit merged commit fa2983e into dev May 12, 2026
12 of 17 checks passed

evoludigit deleted the chore/dependency-security-bump branch May 12, 2026 13:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump security-critical Python dependencies#346

chore(deps): bump security-critical Python dependencies#346
evoludigit merged 2 commits into
devfrom
chore/dependency-security-bump

evoludigit commented May 12, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

evoludigit commented May 12, 2026

Summary

Test plan

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant