Skip to content

Commit d71388d

Browse files
committed
Update dependencies, including avoiding CVE-2026-26007
1 parent 6de01e2 commit d71388d

File tree

4 files changed

+94
-93
lines changed

4 files changed

+94
-93
lines changed

.pre-commit-config.yaml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ repos:
8484
# - --profile=jinja
8585
# - --reformat
8686
- repo: https://github.com/thibaudcolas/pre-commit-stylelint
87-
rev: v17.1.1
87+
rev: v17.2.0
8888
hooks:
8989
- id: stylelint
9090
additional_dependencies: ['stylelint@16.14.1', 'stylelint-config-standard@37.0.0']
@@ -105,11 +105,8 @@ repos:
105105
- 'requirements-for-pip-audit.txt'
106106
- '--disable-pip'
107107
- '--no-deps'
108-
# TODO: Remove when #644 is complete
109-
- '--ignore-vuln'
110-
- 'CVE-2026-26007'
111108
- repo: https://github.com/oxc-project/mirrors-oxlint
112-
rev: v1.46.0
109+
rev: v1.47.0
113110
hooks:
114111
- id: oxlint
115112
name: lint JS files with Oxlint

pyproject.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,12 @@ dependencies = [
1616
"aiosqlite>=0.21.0,<0.22.0",
1717
"aiozipstream (>=0.4,<0.5)",
1818
"alembic~=1.14",
19-
"asfquart @ git+https://github.com/apache/infrastructure-asfquart.git@main",
19+
"asfquart @ git+https://github.com/apache/infrastructure-asfquart.git@sbp",
2020
"asyncssh>=2.20.0,<3.0.0",
2121
"blake3>=1.0.8",
2222
"blockbuster>=1.5.23,<2.0.0",
2323
"cmarkgfm>=2024.11.20",
24-
"cryptography~=44.0",
24+
"cryptography~=46.0.5",
2525
"cvss~=3.6",
2626
"cyclonedx-python-lib[json-validation]>=11.0.0",
2727
# "dkimpy @ git+https://github.com/sbp/dkimpy.git@main",

requirements-for-pip-audit.txt

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,9 @@ anyio==4.12.1
2828
# via watchfiles
2929
arrow==1.4.0
3030
# via isoduration
31-
asfpy==0.56
31+
asfpy==0.58
3232
# via asfquart
33-
asfquart @ git+https://github.com/apache/infrastructure-asfquart.git@99e3ec6523a02111ab9a0dd90467d124906ce398
33+
asfquart @ git+https://github.com/apache/infrastructure-asfquart.git@2149346f4463247b86e21cbf71f7f80a954ce6bf
3434
# via tooling-trusted-releases
3535
asyncssh==2.22.0
3636
# via tooling-trusted-releases
@@ -51,7 +51,7 @@ boolean-py==5.0
5151
# via license-expression
5252
certifi==2026.1.4
5353
# via requests
54-
cffi==1.17.1
54+
cffi==2.0.0
5555
# via
5656
# asfpy
5757
# cmarkgfm
@@ -65,14 +65,14 @@ click==8.3.1
6565
# djlint
6666
# flask
6767
# quart
68-
cmarkgfm==2024.11.20
68+
cmarkgfm==2025.10.22
6969
# via tooling-trusted-releases
7070
colorama==0.4.6
7171
# via
7272
# click
7373
# djlint
7474
# tqdm
75-
cryptography==44.0.3
75+
cryptography==46.0.5
7676
# via
7777
# asfpy
7878
# asyncssh
@@ -112,7 +112,7 @@ ezt==1.1
112112
# via
113113
# asfpy
114114
# asfquart
115-
filelock==3.20.3
115+
filelock==3.21.0
116116
# via virtualenv
117117
flask==3.1.2
118118
# via quart
@@ -146,7 +146,7 @@ hypercorn==0.18.0
146146
# tooling-trusted-releases
147147
hyperframe==6.1.0
148148
# via h2
149-
hyperscan==0.8.0
149+
hyperscan==0.8.1
150150
# via tooling-trusted-releases
151151
identify==2.6.16
152152
# via pre-commit
@@ -218,7 +218,7 @@ pathspec==1.0.4
218218
# via djlint
219219
pgpy==0.6.0
220220
# via tooling-trusted-releases
221-
platformdirs==4.5.1
221+
platformdirs==4.6.0
222222
# via virtualenv
223223
pre-commit==4.5.1
224224
priority==2.0.0
@@ -237,7 +237,7 @@ pyasn1==0.6.2
237237
# via
238238
# ldap3
239239
# pgpy
240-
pycparser==3.0
240+
pycparser==3.0 ; implementation_name != 'PyPy'
241241
# via cffi
242242
pycryptodomex==3.23.0
243243
# via ldap3
@@ -324,7 +324,7 @@ sqlalchemy==2.0.46
324324
# via
325325
# alembic
326326
# sqlmodel
327-
sqlmodel==0.0.32
327+
sqlmodel==0.0.33
328328
# via tooling-trusted-releases
329329
standard-imghdr==3.13.0
330330
# via tooling-trusted-releases

0 commit comments

Comments
 (0)