Commit 8659b13
committed
fix: bump vulnerable transitive dependencies to patched versions
Address open Dependabot alerts by pinning minimum safe versions:
- gitpython 3.1.47 → 3.1.50 (high: RCE via newline injection in config_writer())
- idna 3.10 → 3.18 (medium: bypass of CVE-2024-3651 fix in idna.encode())
- pymdown-extensions 10.21.2 → 10.21.3 (medium: path traversal in snippets)
Floor constraints added to pyproject.toml to prevent regression on lock regeneration.1 parent d53117a commit 8659b13
2 files changed
Lines changed: 23 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
50 | 50 | | |
51 | 51 | | |
52 | 52 | | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
53 | 60 | | |
54 | 61 | | |
55 | 62 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments