security: fix moderate vulnerabilities in AI sandbox dependencies

PaulDuvall · claude · PaulDuvall · commit 06d9e00438a8 · 2025-07-24T15:19:38.000-04:00
- Update requests from 2.31.0 to >=2.32.4 (CVE-2024-47081 - .netrc credentials leak) - Update jinja2 from 3.1.2 to >=3.1.6 (multiple sandbox breakout vulnerabilities) - Update black from 23.11.0 to >=24.3.0 (Regular Expression Denial of Service) - Change from exact to minimum version constraints for better security posture Fixes Dependabot alerts #2, #3, #4, #5, #6, #7, #8, #9 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/examples/ai-security-sandbox/requirements-sandbox.txt b/examples/ai-security-sandbox/requirements-sandbox.txt
@@ -1,12 +1,12 @@
 # AI Security Sandbox Dependencies
-black==23.11.0
+black>=24.3.0
 flake8==6.1.0
 mypy==1.7.0
 pytest==7.4.3
 pytest-cov==4.1.0
-requests==2.31.0
+requests>=2.32.4
 pydantic==2.5.0
 ipython==8.17.2
-jinja2==3.1.2
+jinja2>=3.1.6
 rich==13.7.0
 click==8.1.7
