fix(deps): clear golden-image Trivy CRITICAL/HIGH (litellm, starlette, pyjwt, python-multipart)#320
Merged
Merged
Conversation
The agentex golden image (built from this workspace's uv.lock via uv export) fails the Trivy gate on: - litellm CVE-2026-49468 (CRITICAL, auth bypass via Host header) -> 1.84.0+ - starlette CVE-2026-48818 / CVE-2026-54283 (HIGH) -> 1.3.1 - pyjwt CVE-2026-48526 (HIGH, auth bypass via forged token) -> 2.13.0 - python-multipart CVE-2026-53539 (HIGH, quadratic parsing) -> 0.0.32 Re-lock (uv lock --upgrade-package) resolves: litellm 1.83.14->1.89.1, starlette 0.52.1->1.3.1, pyjwt 2.12.1->2.13.0, python-multipart 0.0.27->0.0.32, fastapi 0.135.1->0.137.1 (fastapi >=0.133 drops the starlette<1 cap, enabling the 1.x line that carries the fixes). Bumped the security floors so a re-resolve can't regress: override-dependencies starlette>=1.3.1 + python-multipart>=0.0.32 (these override agentex-sdk's fastapi<0.116 cap), and agentex-backend litellm>=1.84.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
The workspace override-dependencies and the lock already force python-multipart>=0.0.32, but agentex-backend's own metadata still allowed >=0.0.27. Installed/resolved standalone (outside the root workspace override), the resolver could pick 0.0.27-0.0.31 and reintroduce CVE-2026-53539. Bump the package's declared floor so the fix holds regardless of resolution context. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
starlette 1.3.1 deprecates using httpx with starlette.testclient in favor of the new httpx2 package (StarletteDeprecationWarning at TestClient use; becomes a hard error if warnings are escalated). agentex/tests/unit/api/ test_health_interceptor.py uses starlette.testclient.TestClient, so add httpx2 to the test group. Verified: with httpx2 installed, TestClient runs clean (no deprecation, GET returns 200). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
declan-scale
approved these changes
Jun 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The agentex golden image (built in
scaleapi/agentexfrom this workspace'suv.lockviauv export --package agentex-backend) fails the TrivyCRITICAL,HIGHgate on four Python advisories:Changes
1. Re-locked to the fixed versions (
uv lock --upgrade-package …):2. Raised the security floors so a re-resolve can't regress below the patched versions — not just the lock:
[tool.uv].override-dependencies(these overrideagentex-sdk'sfastapi<0.116cap):starlette>=1.3.1,python-multipart>=0.0.32.agentex-backendpackage metadata:litellm>=1.84.0, andpython-multipart>=0.0.32. The package floor matters because a standalone install ofagentex-backend(outside the workspace override) would otherwise still be free to pick a vulnerable 0.0.27–0.0.31.3. Added
httpx2to thetestgroup. starlette 1.3.1 deprecates usinghttpxwithstarlette.testclientin favor of the newhttpx2package (StarletteDeprecationWarningonTestClientuse — and a hard error if warnings are ever escalated).agentex/tests/unit/api/test_health_interceptor.pyusesstarlette.testclient.TestClient, sohttpx2>=2.4.0,<3is now in the test deps.httpx[http2]is kept (used directly elsewhere in tests).Verification
Run Unit and Integration Tests+Verify OpenAPI spec is up to dateboth green (the fastapi 0.135→0.137 bump did not shift the generated OpenAPI spec; starlette 0.x→1.x + litellm 1.83→1.89 are runtime-compatible with the app andagentex-sdk).test_health_interceptor.py→ 9 passed. ConfirmedTestClient+ the health interceptor work under starlette 1.3.1 withhttpx2(verifiedGET /healthz→ 200, no deprecation warning whenhttpx2is present).uv export+ install resolved cleanly; verified the installed versions inside the image arelitellm 1.89.1 / starlette 1.3.1 / pyjwt 2.13.0 / python-multipart 0.0.32 / fastapi 0.137.1.restarts=0), uvicorn runs,GET /healthz→{"status":"ok"}200.CVE-2026-44432family (py3-pip-wheel,py3.12-pip,py3.12-pip-base, all r0→r1) — that's the base-route issue tracked by scaleapi/agentex#406, not a Python-dep issue. (Note: the scale.com PTC currently still serves the r0-cached base, so it needs a cache refresh to r1 before the gate goes fully green.)Related / sync
py3-pip-wheelHIGH on agentex + agentex-auth): scaleapi/agentex#406 (golden/chainguard/*→golden/scale.com/*PTC).agentexrepo'spublicsubmodule bumps to this commit once merged, then the golden image rebuild picks up the fixed deps.🤖 Generated with Claude Code