Skip to content

Commit 8df69f7

Browse files
author
Paul Duvall
committed
fix(deps): bump pytest to >=9.0.3 to patch tmpdir CVE [#11,#12]
Dependabot flagged two open advisories for pytest < 9.0.3 (vulnerable tmpdir handling) in: - examples/spec-driven-development/requirements.txt - examples/security-sandbox/requirements-sandbox.txt These are illustrative requirements files for the examples — not on the project's CI test path — but they're the version pins readers copy when they clone an example. Strict == pins meant Dependabot couldn't auto- upgrade them. Loosened all pins to >= ranges (matching the style of requests>=2.32.4 already present in the sandbox file). Floors set to current versions with known CVE fixes so new clones don't pick up known-vulnerable versions on day one. Bumped at the same time: - pytest-cov 4.1 -> 5.0 - pytest-mock 3.12 -> 3.14 - flake8 6.1 -> 7.0 - mypy 1.7 -> 1.11 - pre-commit 3.6 -> 3.7.1 - pydantic 2.5 -> 2.7.4 - ipython 8.17 -> 8.26 - rich 13.7 -> 13.7.1 Closes GHSA-7w4j (Dependabot alerts #11 and #12 on PaulDuvall/ai-development-patterns).
1 parent 3cb052c commit 8df69f7

2 files changed

Lines changed: 19 additions & 17 deletions

File tree

examples/security-sandbox/requirements-sandbox.txt

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
# AI Security Sandbox Dependencies
2+
# Floors set to versions with known CVE fixes; bump as advisories land.
23
black>=24.3.0
3-
flake8==6.1.0
4-
mypy==1.7.0
5-
pytest==7.4.3
6-
pytest-cov==4.1.0
4+
flake8>=7.0.0
5+
mypy>=1.11.0
6+
pytest>=9.0.3
7+
pytest-cov>=5.0.0
78
requests>=2.32.4
8-
pydantic==2.5.0
9-
ipython==8.17.2
9+
pydantic>=2.7.4
10+
ipython>=8.26.0
1011
jinja2>=3.1.6
11-
rich==13.7.0
12-
click==8.1.7
12+
rich>=13.7.1
13+
click>=8.1.7

examples/spec-driven-development/requirements.txt

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,21 @@
11
# Requirements for Specification Driven Development Example
22
# Core testing and validation dependencies
3+
# Floors set to versions with known CVE fixes; bump as advisories land.
34

4-
pytest==7.4.3
5-
pytest-cov==4.1.0
6-
pytest-mock==3.12.0
5+
pytest>=9.0.3
6+
pytest-cov>=5.0.0
7+
pytest-mock>=3.14.0
78

89
# Code quality and formatting
9-
black==26.3.1
10-
flake8==6.1.0
11-
mypy==1.7.0
10+
black>=26.3.1
11+
flake8>=7.0.0
12+
mypy>=1.11.0
1213

1314
# Pre-commit hooks
14-
pre-commit==3.6.0
15+
pre-commit>=3.7.1
1516

1617
# CLI and JSON handling
17-
click==8.1.7
18+
click>=8.1.7
1819

1920
# Development dependencies
20-
ipython==8.17.2
21+
ipython>=8.26.0

0 commit comments

Comments
 (0)