Skip to content

Out of Sync Example Smart Home uv.lock contains vulnerable dep #1888

Closed
#1892
Closed
Out of Sync Example Smart Home uv.lock contains vulnerable dep#1888
#1892
Assignees
zzstoatzz
Labels
bugSomething isn't working. Reports of errors, unexpected behavior, or broken functionality.dependenciesUpdates to project dependencies. Automatically applied to dependabot PRs.
@ColeMurray

Description

@ColeMurray
ColeMurray
opened on Sep 22, 2025

The lock file contains an outdated MCP version which contains multiple CVEs. This is updated in the upstream fastmcp dependency, and needs a lock resync.

Fix:
Run uv sync on the project

Happy to PR if you accept lock update PR's from contributors

https://github.com/jlowin/fastmcp/blob/8f6850819844144a028f9a1e78c4b5cc31e771eb/examples/smart_home/uv.lock#L250
https://nvd.nist.gov/vuln/detail/CVE-2025-53365

Metadata

Metadata

Assignees

Labels

bugSomething isn't working. Reports of errors, unexpected behavior, or broken functionality.dependenciesUpdates to project dependencies. Automatically applied to dependabot PRs.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions